Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://jeevankiranfoundationcenter.co.in/css/rrp.htm

Overview

General Information

Sample URL:http://jeevankiranfoundationcenter.co.in/css/rrp.htm
Analysis ID:1522426
Infos:

Detection

Kutaki
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Yara detected Kutaki Keylogger
Downloads suspicious files via Chrome
Drops PE files to the startup folder
Machine Learning detection for dropped file
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected non-DNS traffic on DNS port
Drops PE files
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Startup Folder File Write
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 4432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1940,i,4945317571024713380,2874552796453635385,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • unarchiver.exe (PID: 6492 cmdline: "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\Tax Payment Challan.zip" MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2)
      • 7za.exe (PID: 6584 cmdline: "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\e3mjp5er.s51" "C:\Users\user\Downloads\Tax Payment Challan.zip" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
        • conhost.exe (PID: 6596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 6672 cmdline: "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 5868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Tax Payment Challan.exe (PID: 6728 cmdline: "C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe" MD5: D251E27F5A696A3CE1068F768EF7CF15)
          • cmd.exe (PID: 6460 cmdline: cmd.exe /c C:\Users\user\AppData\Local\Temp\NewBitmapImage.bmp MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 6444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • lfozupfk.exe (PID: 2688 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe" MD5: D251E27F5A696A3CE1068F768EF7CF15)
  • chrome.exe (PID: 6356 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://jeevankiranfoundationcenter.co.in/css/rrp.htm" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • lfozupfk.exe (PID: 6456 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe" MD5: D251E27F5A696A3CE1068F768EF7CF15)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
KutakiCofense characterizes Kutaki as a data stealer that uses old-school techniques to detect sandboxes and debugging. Kutaki however works quite well against unhardened virtual machines and other analysis devices. By backdooring a legitimate application, it can fool unsophisticated detection methodologies.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.kutaki

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeJoeSecurity_KutakiYara detected Kutaki KeyloggerJoe Security
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeJoeSecurity_KutakiYara detected Kutaki KeyloggerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000014.00000002.1930374581.0000000000401000.00000020.00000001.01000000.0000000A.sdmpJoeSecurity_KutakiYara detected Kutaki KeyloggerJoe Security
        00000009.00000000.1802887221.0000000000401000.00000020.00000001.01000000.00000008.sdmpJoeSecurity_KutakiYara detected Kutaki KeyloggerJoe Security
          0000000C.00000000.1812012344.0000000000401000.00000020.00000001.01000000.0000000A.sdmpJoeSecurity_KutakiYara detected Kutaki KeyloggerJoe Security
            0000000C.00000002.2537005341.0000000000401000.00000020.00000001.01000000.0000000A.sdmpJoeSecurity_KutakiYara detected Kutaki KeyloggerJoe Security
              00000014.00000000.1925593595.0000000000401000.00000020.00000001.01000000.0000000A.sdmpJoeSecurity_KutakiYara detected Kutaki KeyloggerJoe Security
                Click to see the 4 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Startup Folder File Write
                Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe, ProcessId: 6728, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for dropped file
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeAvira: detection malicious, Label: TR/Dropper.Gen
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeAvira: detection malicious, Label: TR/Dropper.Gen
                Multi AV Scanner detection for domain / URL
                Source: http://justwantlove.lol/wp-content/Tax%20Payment%20Challan.zipVirustotal: Detection: 5%Perma Link
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeVirustotal: Detection: 40%Perma Link
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeReversingLabs: Detection: 44%
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeReversingLabs: Detection: 44%
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeVirustotal: Detection: 40%Perma Link
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeJoe Sandbox ML: detected
                Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
                Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49744 version: TLS 1.2
                Source: global trafficTCP traffic: 192.168.2.4:64387 -> 162.159.36.2:53
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
                Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
                Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
                Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 30 Sep 2024 00:59:19 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Sun, 29 Sep 2024 23:24:14 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 170Keep-Alive: timeout=5, max=75Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 4b 0a c2 30 14 45 e7 85 ee 21 04 1c a6 a9 82 50 ad 71 e2 06 1c b8 81 67 fb 24 95 34 a9 c9 eb cf d5 db 50 05 47 f7 c3 e5 72 d2 24 4d 4e 9a 5a 73 8e 8a 50 47 6d 91 80 69 a2 4e e0 ab 6f 06 c5 3d 3e 3c 06 cd 59 e5 2c a1 25 c5 f3 92 a5 49 ef 8d 8a b3 a3 94 cf 3e d0 08 96 8c 1b 30 33 ce c8 b1 13 df b1 bc c1 b4 d9 e5 57 98 db 25 2d ee a2 c1 18 b0 d9 bb e9 fe 1e 09 27 92 91 a4 64 95 06 1f 90 54 13 9c 28 8a fd 41 6c 79 c4 92 3f 3e 79 77 f5 bc 36 2b f9 07 31 48 9c 2e c6 00 00 00 Data Ascii: MK0E!Pqg$4PGr$MNZsPGmiNo=><Y,%I>03W%-'dT(Aly?>yw6+1H.
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 30 Sep 2024 00:59:20 GMTContent-Type: application/zipContent-Length: 935409Last-Modified: Sun, 29 Sep 2024 23:02:43 GMTConnection: keep-aliveETag: "66f9dc93-e45f1"Strict-Transport-Security: max-age=31536000Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 2b be 3d 59 e4 f5 37 26 61 45 0e 00 d2 b4 1b 00 17 00 00 00 54 61 78 20 50 61 79 6d 65 6e 74 20 43 68 61 6c 6c 61 6e 2e 65 78 65 ec 9a 67 54 55 d7 b6 c7 27 8a 58 b0 60 05 3b 60 6f a0 26 18 7b 0e 04 54 54 e2 2e 5c 11 51 44 08 1a 02 22 2c 45 03 6a 62 89 85 18 8c 1a b0 60 63 ef 73 d4 10 4b d4 e8 8d 25 51 c1 68 14 2b d6 58 63 b8 6a 2c d8 45 a3 51 79 ff 7d e6 e6 a2 f7 8d 37 de 18 ef d3 fb c0 1a e3 97 b9 ff 73 cd 3d d7 5a 73 ad b5 81 24 41 43 e7 53 79 22 72 04 c5 c5 44 db 89 9b 85 fe f7 b6 17 54 6f ba b3 3a 6d ad 7c d4 63 bb c3 c0 a3 1e c1 1f c7 8c 73 4f 10 63 47 8b 91 63 dc a3 46 c6 c7 8f 1d ef 1e 19 ed 2e 92 e2 dd 63 e2 dd fd 07 a9 ee 63 c6 7e 14 ed 55 ad 5a 95 e6 66 8e 23 27 62 e3 e7 6c ae d0 ab 04 e7 0d ce bd 52 61 ff d8 58 b5 d7 1e d8 91 1b 2b d9 b5 12 13 f5 b1 d1 ff 9f 73 90 02 88 06 3a 94 a7 83 53 fe 1a 55 e2 bb 4a 35 1c 9c 1d 9c 88 12 5c 89 3a 56 e0 38 19 ff 70 01 53 e1 33 56 e7 c2 da 58 77 39 62 6b 6f 9b 1a d9 fd 8b 32 1a d9 fd 76 e1 f2 a6 fd b7 b1 b7 f4 4f 5c a9 b5 f1 30 df 8d a6 d6 f9 77 96 ff 73 eb 88 41 dd 8d 07 17 ec 45 f9 ff 39 ce 6b 7c f4 a7 e3 61 5b 63 7c fb 84 12 5c df 9e 18 d9 f3 44 78 7d 34 72 fc 48 3c 6f aa e8 c0 6b 37 62 ec 35 28 6d 16 6c a5 97 18 27 a2 8c 2e 63 0d 58 0b b9 1b f6 bf c5 59 e2 2e 84 f5 77 79 c3 17 a4 0e f6 1b 1c d4 a5 a3 97 ff c0 81 54 d6 ca 5a 59 2b 6b 65 ad ac 95 b5 b2 56 d6 ca 5a 59 2b 6b 65 ed ff 6d db bd 2c 4b dc 9e 68 13 be 4b 6c e2 d1 04 ab a8 58 41 17 b3 be b1 8a e7 95 ad 62 94 ae 89 f7 a0 ef 7d 62 13 69 c2 26 fc 73 b3 44 a7 8f 6d a2 b8 07 f4 11 4d 1c f2 d2 c4 f8 b9 36 b1 ec 13 5d b4 a9 af 0b e7 44 5d bc 18 ac 8b 39 bb b3 44 24 e2 77 96 b3 8a dc 1a ba b8 84 31 7e 8a b2 89 7d ab 34 f1 63 82 2e 42 7e d1 c4 e4 06 ba f0 c5 18 8b 7f d4 44 56 92 2e 1c 26 e8 22 6f b9 26 1e 67 69 22 64 a9 4d fc 30 c2 26 26 20 6f bb 8f ac c2 11 31 dd f7 65 89 cf e3 74 31 1e 73 5a 07 7f 3c 72 fb 5c d4 c4 50 cc db d2 cd 26 22 f0 1c ba 25 4b bc ce 41 be 2b 9a 48 fa ca 26 be c0 38 15 8e 6a e2 c8 37 36 d1 af bf 2e 5c c2 ad a2 3b 74 f9 20 5d 3c c4 5c 3a e7 6b 62 45 20 c6 3e a5 09 a7 f2 56 51 09 63 3b 39 5a 45 0f bc f7 ec 6a 96 b8 76 3c 4b 04 8e b0 8a 71 d5 74 71 2c dc 26 3c 30 47 57 f4 cd 4c c4 9a 93 6c e2 5e ba 55 bc da ab 89 82 b1 ba e8 38 ce 26 76 4c d1 45 0e e6 ee 8d 35 ea f1 36 71 3b d2 2a da f6 b4 89 29 be 9a f8 1b 7d e3 51 87 ef 3e c7 3c 90 c3 77 b8 26 ae a0 56 8b 32 74 b1 f1 80 26 9e 2e b6 89 d5 21 ba a8 8d 75 fb 4a 9a a8 84 fa 64 6b 9a 78 95 95 2e 2a 1c d6 44 39 ac e9 d7 34 9b d8 92 61 13 2f 1c 74 f1 2e c6 9f 84 fe d6 c6 bb a8 a3 f2 a1 2e 5a 60 2f 46 a2 06 c7 b1 17 55 f6 69 62 19 f6 6e 38 6a 37 1b e3 3a a2 6e 31 c7 b2 44 ed ee 36 71 09 fd df 64 58 45 2a 72 1d 5c 84 f5 64 66 09 0b fc 8f e0 8f 98 60 13 bf f7 d5 c5
                Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
                Source: global trafficHTTP traffic detected: GET /css/rrp.htm HTTP/1.1Host: jeevankiranfoundationcenter.co.inConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /wp-content/Tax%20Payment%20Challan.zip HTTP/1.1Host: justwantlove.lolConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://jeevankiranfoundationcenter.co.in/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: jeevankiranfoundationcenter.co.inConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://jeevankiranfoundationcenter.co.in/css/rrp.htmAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficDNS traffic detected: DNS query: jeevankiranfoundationcenter.co.in
                Source: global trafficDNS traffic detected: DNS query: justwantlove.lol
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: global trafficDNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Sep 2024 00:59:20 GMTServer: ApacheLast-Modified: Thu, 15 Jul 2021 15:51:26 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 355Keep-Alive: timeout=5, max=74Connection: Keep-AliveContent-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be f3 2b ac a0 49 70 58 db bd 2a d6 97 38 73 81 13 d7 29 6b d2 d6 6b 9a 44 49 f6 62 e2 bf 93 ae 53 81 03 12 89 94 d8 f9 3e 7f 96 ed 64 8d eb 44 71 97 35 9c b2 e2 0e fc ca ac 3b 0b 3e d8 fd 0a 84 a2 8c 1b b8 c0 56 19 6f 24 30 8b f5 09 ac 12 c8 e0 be 5a f4 3b bd 61 53 a7 f4 6f 7c b1 5c 3f b1 ed 88 1b ca 70 6f 13 58 45 93 14 8e c8 5c e3 e9 f3 48 9f 52 68 38 d6 8d 1b 5d 2a b1 a3 0e 95 4c c0 6a 94 30 b7 20 50 72 6a 00 65 85 12 1d 4f 41 2b 8b 03 a5 c2 13 67 29 5c d3 2f 7b 6d c1 2b 77 33 3f c7 52 9e 5b 7e ae 0c ed b8 1d 34 2f 10 4d fc e1 0c 95 b6 52 a6 4b c0 28 47 1d 7f 88 18 af 1f 7d 24 cc a2 3f 18 8b 78 e4 0c fa 59 f8 a3 6f 99 2d 0d 6a 07 82 ca 7a 4f 6b 9e 93 17 7a a0 c3 23 29 0e be 88 8d 6d 3f 36 da 77 28 07 b2 7e 7b 5d c5 cb d5 7b 4c 52 af 72 25 fd 43 06 ac 29 73 d2 38 a7 93 30 2c 99 0c 76 b6 6f 4b c0 d0 f0 d2 55 47 16 94 aa 0b 6d 3b dd 59 4d 4d bb b9 82 ba d1 a4 f8 4e 92 85 c3 dc b3 ad 62 67 7f 31 3c 40 29 a8 b5 39 19 a6 4e 00 59 4e bc c8 cd f5 b1 9e d3 07 de 22 c2 e1 ff 7c 01 0a 46 45 97 47 02 00 00 Data Ascii: RKO0+IpX*8s)kkDIbS>dDq5;>Vo$0Z;aSo|\?poXE\HRh8]*Lj0 PrjeOA+g)\/{m+w3?R[~4/MRK(G}$?xYo-jzOkz#)m?6w(~{]{LRr%C)s80,voKUGm;YMMNbg1<@)9NYN"|FEG
                Source: Amcache.hve.10.drString found in binary or memory: http://upx.sf.net
                Source: lfozupfk.exe, 0000000C.00000002.2537897049.000000000082D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                Source: unknownNetwork traffic detected: HTTP traffic on port 64393 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64393
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49744 version: TLS 1.2

                Key, Mouse, Clipboard, Microphone and Screen Capturing

                barindex
                Yara detected Kutaki Keylogger
                Source: Yara matchFile source: 00000014.00000002.1930374581.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000000.1802887221.0000000000401000.00000020.00000001.01000000.00000008.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000000.1812012344.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.2537005341.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000000.1925593595.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.1819845941.0000000000401000.00000020.00000001.01000000.00000008.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Tax Payment Challan.exe PID: 6728, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: lfozupfk.exe PID: 2688, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: lfozupfk.exe PID: 6456, type: MEMORYSTR
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe, type: DROPPED

                System Summary

                barindex
                Downloads suspicious files via Chrome
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile dump: C:\Users\user\Downloads\Tax Payment Challan.zip (copy)Jump to dropped file
                Source: Tax Payment Challan.exe, 00000009.00000000.1802887221.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Tax Payment Challan.exe, 00000009.00000002.1819845941.0000000000401000.00000020.00000001.01000000.00000008.sdmp, lfozupfk.exe, 0000000C.00000002.2537005341.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, lfozupfk.exe, 0000000C.00000000.1812012344.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, lfozupfk.exe, 00000014.00000002.1930374581.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, lfozupfk.exe, 00000014.00000000.1925593595.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Tax Payment Challan.exe.5.dr, lfozupfk.exe.9.drBinary or memory string: W*\AC:\NEW LINK\NEW LINK UPDATE\132-Software Engineering\CVS.vbptem\Project1.vbpp@d@W
                Source: Tax Payment Challan.exe, 00000009.00000002.1825785541.0000000000578000.00000004.00000001.01000000.00000008.sdmp, lfozupfk.exe, 0000000C.00000002.2537337329.0000000000578000.00000004.00000001.01000000.0000000A.sdmp, lfozupfk.exe, 00000014.00000002.1930536349.0000000000578000.00000004.00000001.01000000.0000000A.sdmpBinary or memory string: B*\AC:\NEW LINK\NEW LINK UPDATE\132-Software Engineering\CVS.vbp
                Source: classification engineClassification label: mal84.adwa.spyw.win@35/13@8/6
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\b697d749-3067-430d-9943-bcf7d6e45fa5.tmpJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6596:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5868:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6444:120:WilError_03
                Source: C:\Windows\SysWOW64\unarchiver.exeFile created: C:\Users\user\AppData\Local\Temp\unarchiver.logJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1940,i,4945317571024713380,2874552796453635385,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://jeevankiranfoundationcenter.co.in/css/rrp.htm"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\Tax Payment Challan.zip"
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\e3mjp5er.s51" "C:\Users\user\Downloads\Tax Payment Challan.zip"
                Source: C:\Windows\SysWOW64\7za.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe "C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe"
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c C:\Users\user\AppData\Local\Temp\NewBitmapImage.bmp
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe"
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1940,i,4945317571024713380,2874552796453635385,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\Tax Payment Challan.zip"Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\e3mjp5er.s51" "C:\Users\user\Downloads\Tax Payment Challan.zip"Jump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe "C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe"Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c C:\Users\user\AppData\Local\Temp\NewBitmapImage.bmpJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\7za.exeSection loaded: 7z.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: msvbvm60.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: vb6zz.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: dataexchange.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: d3d11.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: dcomp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: dxgi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: twinapi.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: twinui.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: execmodelproxy.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: mrmcorer.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.staterepositorycore.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: bcp47mrm.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.ui.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windowmanagementapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: inputhost.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: twinapi.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: twinapi.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: msvbvm60.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: vb6zz.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: dataexchange.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: d3d11.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: dcomp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: dxgi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: twinapi.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: msvbvm60.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: vb6zz.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: dataexchange.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: d3d11.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: dcomp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: dxgi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: twinapi.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeSection loaded: dxcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
                Source: lfozupfk.exe.9.drStatic PE information: real checksum: 0x1c9596 should be: 0x1ca7da
                Source: Tax Payment Challan.exe.5.drStatic PE information: real checksum: 0x1c9596 should be: 0x1ca7da
                Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeJump to dropped file

                Boot Survival

                barindex
                Drops PE files to the startup folder
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 980000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 25F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 45F0000 memory commit | memory reserve | memory write watchJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exe TID: 6548Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\unarchiver.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: Amcache.hve.10.drBinary or memory string: VMware
                Source: Amcache.hve.10.drBinary or memory string: VMware Virtual USB Mouse
                Source: Amcache.hve.10.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.10.drBinary or memory string: VMware, Inc.
                Source: Amcache.hve.10.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.10.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.10.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.10.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.10.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.10.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: Amcache.hve.10.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.10.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Tax Payment Challan.exe, 00000009.00000003.1818156353.0000000000670000.00000004.00000020.00020000.00000000.sdmp, Tax Payment Challan.exe, 00000009.00000002.1826057850.0000000000672000.00000004.00000020.00020000.00000000.sdmp, Tax Payment Challan.exe, 00000009.00000003.1817405198.0000000000655000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: Amcache.hve.10.drBinary or memory string: vmci.sys
                Source: Amcache.hve.10.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                Source: Amcache.hve.10.drBinary or memory string: vmci.syshbin`
                Source: Amcache.hve.10.drBinary or memory string: \driver\vmci,\driver\pci
                Source: Amcache.hve.10.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.10.drBinary or memory string: VMware20,1
                Source: Amcache.hve.10.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.10.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.10.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: Amcache.hve.10.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: Amcache.hve.10.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.10.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.10.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: Amcache.hve.10.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.10.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.10.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: Amcache.hve.10.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: page read and write | page guardJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\e3mjp5er.s51" "C:\Users\user\Downloads\Tax Payment Challan.zip"Jump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe "C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\unarchiver.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.10.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.10.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.10.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: Amcache.hve.10.drBinary or memory string: MsMpEng.exe

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation12
                Registry Run Keys / Startup Folder                		11
                Process Injection                		1
                Masquerading                		OS Credential Dumping111
                Security Software Discovery                		Remote ServicesData from Local System1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                DLL Side-Loading                		12
                Registry Run Keys / Startup Folder                		1
                Disable or Modify Tools                		LSASS Memory31
                Virtualization/Sandbox Evasion                		Remote Desktop ProtocolData from Removable Media4
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		31
                Virtualization/Sandbox Evasion                		Security Account Manager1
                File and Directory Discovery                		SMB/Windows Admin SharesData from Network Shared Drive4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                Process Injection                		NTDS12
                System Information Discovery                		Distributed Component Object ModelInput Capture5
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1522426 URL: http://jeevankiranfoundatio... Startdate: 30/09/2024 Architecture: WINDOWS Score: 84 48 www.google.com 2->48 50 241.42.69.40.in-addr.arpa 2->50 62 Multi AV Scanner detection for domain / URL 2->62 64 Antivirus detection for dropped file 2->64 66 Multi AV Scanner detection for dropped file 2->66 68 4 other signatures 2->68 11 chrome.exe 16 2->11         started        15 lfozupfk.exe 2->15         started        17 chrome.exe 2->17         started        signatures3 process4 dnsIp5 58 192.168.2.4, 138, 443, 49672 unknown unknown 11->58 60 239.255.255.250 unknown Reserved 11->60 44 C:\Users\...\Tax Payment Challan.zip (copy), Zip 11->44 dropped 19 unarchiver.exe 4 11->19         started        21 chrome.exe 11->21         started        file6 process7 dnsIp8 24 cmd.exe 1 19->24         started        26 7za.exe 2 19->26         started        52 jeevankiranfoundationcenter.co.in 103.21.58.228, 49735, 49736, 80 PUBLIC-DOMAIN-REGISTRYUS United Arab Emirates 21->52 54 142.250.185.132, 443, 64393 GOOGLEUS United States 21->54 56 2 other IPs or domains 21->56 process9 file10 29 Tax Payment Challan.exe 1 2 24->29         started        32 conhost.exe 24->32         started        42 C:\Users\user\...\Tax Payment Challan.exe, PE32 26->42 dropped 34 conhost.exe 26->34         started        process11 file12 46 C:\Users\user\AppData\...\lfozupfk.exe, PE32 29->46 dropped 36 cmd.exe 2 29->36         started        38 lfozupfk.exe 4 29->38         started        process13 process14 40 conhost.exe 36->40         started       

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                http://jeevankiranfoundationcenter.co.in/css/rrp.htm0%VirustotalBrowse

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe100%AviraTR/Dropper.Gen
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe100%AviraTR/Dropper.Gen
                C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe40%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe45%ReversingLabsWin32.Trojan.Kutaki
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe45%ReversingLabsWin32.Trojan.Kutaki
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe40%VirustotalBrowse

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://upx.sf.net0%URL Reputationsafe
                http://justwantlove.lol/wp-content/Tax%20Payment%20Challan.zip5%VirustotalBrowse

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                justwantlove.lol
                		23.94.221.14
                		truefalse
                  		unknown
                  jeevankiranfoundationcenter.co.in
                  		103.21.58.228
                  		truefalse
                    		unknown
                    www.google.com
                    		142.250.74.196
                    		truefalse
                      		unknown
                      fp2e7a.wpc.phicdn.net
                      		192.229.221.95
                      		truefalse
                        		unknown
                        241.42.69.40.in-addr.arpa
                        		unknown
                        		unknownfalse
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://justwantlove.lol/wp-content/Tax%20Payment%20Challan.zipfalseunknown
                          http://jeevankiranfoundationcenter.co.in/favicon.icofalse
                            		unknown
                            http://jeevankiranfoundationcenter.co.in/css/rrp.htmfalse
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://upx.sf.netAmcache.hve.10.drfalse
                              • URL Reputation: safe
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              23.94.221.14
                              		justwantlove.lolUnited States
                              		36352AS-COLOCROSSINGUSfalse
                              239.255.255.250
                              		unknownReserved
                              		unknownunknownfalse
                              103.21.58.228
                              		jeevankiranfoundationcenter.co.inUnited Arab Emirates
                              		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                              142.250.185.132
                              		unknownUnited States
                              		15169GOOGLEUSfalse
                              142.250.74.196
                              		www.google.comUnited States
                              		15169GOOGLEUSfalse

                              Private

                              IP
                              192.168.2.4

                              General Information

                              Joe Sandbox version:41.0.0 Charoite
                              Analysis ID:1522426
                              Start date and time:2024-09-30 02:58:20 +02:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 3m 49s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:browseurl.jbs
                              Sample URL:http://jeevankiranfoundationcenter.co.in/css/rrp.htm
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:22
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal84.adwa.spyw.win@35/13@8/6

                              Warnings

                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, Microsoft.Photos.exe, SIHClient.exe, conhost.exe, svchost.exe
                              • Excluded IPs from analysis (whitelisted): 172.217.18.3, 172.217.18.14, 64.233.184.84, 34.104.35.123, 4.245.163.56, 2.19.126.163, 2.19.126.137, 192.229.221.95, 52.165.164.15, 20.3.187.198, 40.69.42.241, 4.175.87.197, 52.165.165.26
                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              • Report size getting too big, too many NtSetInformationFile calls found.
                              • Report size getting too big, too many NtSetValueKey calls found.
                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              01:59:28AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe
                              20:59:24API Interceptor1x Sleep call for process: Tax Payment Challan.exe modified
                              20:59:25API Interceptor11617x Sleep call for process: lfozupfk.exe modified

                              Joe Sandbox View / Context

                              IPs

                              No context

                              Domains

                              No context

                              ASNs

                              No context

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe

                              Download File
                              Process:C:\Windows\SysWOW64\7za.exe
                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):1815762
                              Entropy (8bit):7.00198689482094
                              Encrypted:false
                              SSDEEP:24576:Ln/8D3krldJvB9D9dP0rkPrkUBJfZiAxtkFnNrpThhNZOFxUVAntznfmP/UDMS0z:rkD3gTP990rQrkYJfMN03fmP/SA8NC
                              MD5:D251E27F5A696A3CE1068F768EF7CF15
                              SHA1:2D02063073B02E63CA8E6B585B03AA354A6BA3E8
                              SHA-256:BF2509759DD5AA05817181435307F2ECBCA9A1006A53E6E884462BC81B46F820
                              SHA-512:0290C3C9971FFAEC58FC48C1D6D7F8D50996A940412D05ECC35D0E288BBAA4756D14A2701ADD54A3B328BCDFB437FB6A848A2BEA2C3BCADA6F12D2C6B2E2D2A2
                              Malicious:true
                              Yara Hits:
                              • Rule: JoeSecurity_Kutaki, Description: Yara detected Kutaki Keylogger, Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe, Author: Joe Security
                              Antivirus:
                              • Antivirus: Avira, Detection: 100%
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: Virustotal, Detection: 40%, Browse
                              • Antivirus: ReversingLabs, Detection: 45%
                              Reputation:low
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........kn...=...=...=...=...=..=...=a..=...=Rich...=................PE..L....}.f.................p...0......PQ............@..........................................................................j..(...........................................................................0... ....................................text...(j.......p.................. ..`.data...............................@....rsrc............ ..................@..@l.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\unarchiver.log

                              Download File
                              Process:C:\Windows\SysWOW64\unarchiver.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1479
                              Entropy (8bit):5.125797780831324
                              Encrypted:false
                              SSDEEP:24:bRqFu0fSniJyniJjWIyniJyniJUwsniJffniJyniJFTAFuniJb4niJTFuniJoVnN:bRquwSnGynGbynGynGpsnGHnGynGp4un
                              MD5:9AAEFCEF03AFB8A8F2F63B0416D809D6
                              SHA1:D18E957F22ABC1F869D07424637AB993ACFE5340
                              SHA-256:677651AFF062F09F11D55D2C13A496B853C2DAE71B7F5FE164FAC036564F0E0F
                              SHA-512:161B578FD5E3BDF530D0ED98AD2BD91610797CF1D5AE6754066C6F4134FC91A63D97386E6E07B768963B4C845908B724F76D0EA48D414B68227ECCAD1B5FBFCF
                              Malicious:false
                              Reputation:low
                              Preview:09/29/2024 8:59 PM: Unpack: C:\Users\user\Downloads\Tax Payment Challan.zip..09/29/2024 8:59 PM: Tmp dir: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51..09/29/2024 8:59 PM: Received from standard out: ..09/29/2024 8:59 PM: Received from standard out: 7-Zip 18.05 (x86) : Copyright (c) 1999-2018 Igor Pavlov : 2018-04-30..09/29/2024 8:59 PM: Received from standard out: ..09/29/2024 8:59 PM: Received from standard out: Scanning the drive for archives:..09/29/2024 8:59 PM: Received from standard out: 1 file, 935409 bytes (914 KiB)..09/29/2024 8:59 PM: Received from standard out: ..09/29/2024 8:59 PM: Received from standard out: Extracting archive: C:\Users\user\Downloads\Tax Payment Challan.zip..09/29/2024 8:59 PM: Received from standard out: --..09/29/2024 8:59 PM: Received from standard out: Path = C:\Users\user\Downloads\Tax Payment Challan.zip..09/29/2024 8:59 PM: Received from standard out: Type = zip..09/29/2024 8:59 PM: Received from standard out: Physical Size = 935409..09/29/20

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe

                              Download File
                              Process:C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe
                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):1815762
                              Entropy (8bit):7.00198689482094
                              Encrypted:false
                              SSDEEP:24576:Ln/8D3krldJvB9D9dP0rkPrkUBJfZiAxtkFnNrpThhNZOFxUVAntznfmP/UDMS0z:rkD3gTP990rQrkYJfMN03fmP/SA8NC
                              MD5:D251E27F5A696A3CE1068F768EF7CF15
                              SHA1:2D02063073B02E63CA8E6B585B03AA354A6BA3E8
                              SHA-256:BF2509759DD5AA05817181435307F2ECBCA9A1006A53E6E884462BC81B46F820
                              SHA-512:0290C3C9971FFAEC58FC48C1D6D7F8D50996A940412D05ECC35D0E288BBAA4756D14A2701ADD54A3B328BCDFB437FB6A848A2BEA2C3BCADA6F12D2C6B2E2D2A2
                              Malicious:true
                              Yara Hits:
                              • Rule: JoeSecurity_Kutaki, Description: Yara detected Kutaki Keylogger, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe, Author: Joe Security
                              Antivirus:
                              • Antivirus: Avira, Detection: 100%
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 45%
                              • Antivirus: Virustotal, Detection: 40%, Browse
                              Reputation:low
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........kn...=...=...=...=...=..=...=a..=...=Rich...=................PE..L....}.f.................p...0......PQ............@..........................................................................j..(...........................................................................0... ....................................text...(j.......p.................. ..`.data...............................@....rsrc............ ..................@..@l.[J............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Tax Payment Challan.zip (copy)

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):935409
                              Entropy (8bit):7.999054579462363
                              Encrypted:true
                              SSDEEP:24576:CYyL6TVzwf+rvw8CrkmHjVzYL2zChUR/R4L7RTCVJ3ojOB/GpMSQ8Can0:CnL+VKldZYLZL7RuVJ4jOB/iU890
                              MD5:51EBC72E8526010B9FE3F4CC076D9E7A
                              SHA1:5821F32DDCA1548791911CD3BD39B442D50FA0F0
                              SHA-256:019F104014826438C6C9790C43CF82E47DD1A1F942B936FB28C64F10D6122C2C
                              SHA-512:5C57B78D3DE9995DFDE8CFE2ADF678AE842B722720332DA44FDB9CE0C2C8B4959451DDC6BB77529E6EE542F08A632901F83DC3D8DE4B117E54494AC1F9AF4FF4
                              Malicious:true
                              Reputation:low
                              Preview:PK........+.=Y..7&aE.........Tax Payment Challan.exe.gTU..'.X.`.;`o.&.{..TT..\.QD...",E.jb......`c.s..K..%Q.h.+.Xc.j,.E.Qy.}....7.........s.=.Zs...$AC.Sy"r...D.......To..:m.|.c........sO.cG..c.F...........c......c.~..U.Z..f.#'b..l......Ra..X.....+........s....:...S..U.J5......\.:V.8..p.S.3V...Xw9bko.....2...v.......O\...0....w..s.A....E..9.k|...a[c|...\....Dx}4r.H<o...k7b.5(m.l...'...c.X......Y....wy.............T..ZY+ke.....V..ZY+ke..m.,K.h..Kl.....XA......b......}b.i.&.s.D..m.....M......6...].....D]....9..D$.w........1~...}.4.c..B~...........DV...&."o.&.gi"d.M.0.&& o.....1..e...t1.sZ..<r.\..P....&"...%K..A.+.H..&..8..j..76...\..;t. ]<.\:.kbE .>....VQ.c;9ZE....j..v<K....q.tq,.&<0GW..L..l.^.U.......8.&vL.E...5..6q;.*....)....}.Q..>.<..w.&..V.2t..&.....!...u.J....dk.x...*..D9...4..a./.t...........Z`/F....U.ib..n8j7..:.n1.D..6q...dXE*r.\..df.......`......)V.K.UX1..{.D".[~..T'..Z.a.gq...........c.S.i.6.6N.....P...N.......]]..TM.C.F.....4Q.....".O

                              C:\Users\user\Downloads\Tax Payment Challan.zip.crdownload

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):935409
                              Entropy (8bit):7.999054579462363
                              Encrypted:true
                              SSDEEP:24576:CYyL6TVzwf+rvw8CrkmHjVzYL2zChUR/R4L7RTCVJ3ojOB/GpMSQ8Can0:CnL+VKldZYLZL7RuVJ4jOB/iU890
                              MD5:51EBC72E8526010B9FE3F4CC076D9E7A
                              SHA1:5821F32DDCA1548791911CD3BD39B442D50FA0F0
                              SHA-256:019F104014826438C6C9790C43CF82E47DD1A1F942B936FB28C64F10D6122C2C
                              SHA-512:5C57B78D3DE9995DFDE8CFE2ADF678AE842B722720332DA44FDB9CE0C2C8B4959451DDC6BB77529E6EE542F08A632901F83DC3D8DE4B117E54494AC1F9AF4FF4
                              Malicious:false
                              Reputation:low
                              Preview:PK........+.=Y..7&aE.........Tax Payment Challan.exe.gTU..'.X.`.;`o.&.{..TT..\.QD...",E.jb......`c.s..K..%Q.h.+.Xc.j,.E.Qy.}....7.........s.=.Zs...$AC.Sy"r...D.......To..:m.|.c........sO.cG..c.F...........c......c.~..U.Z..f.#'b..l......Ra..X.....+........s....:...S..U.J5......\.:V.8..p.S.3V...Xw9bko.....2...v.......O\...0....w..s.A....E..9.k|...a[c|...\....Dx}4r.H<o...k7b.5(m.l...'...c.X......Y....wy.............T..ZY+ke.....V..ZY+ke..m.,K.h..Kl.....XA......b......}b.i.&.s.D..m.....M......6...].....D]....9..D$.w........1~...}.4.c..B~...........DV...&."o.&.gi"d.M.0.&& o.....1..e...t1.sZ..<r.\..P....&"...%K..A.+.H..&..8..j..76...\..;t. ]<.\:.kbE .>....VQ.c;9ZE....j..v<K....q.tq,.&<0GW..L..l.^.U.......8.&vL.E...5..6q;.*....)....}.Q..>.<..w.&..V.2t..&.....!...u.J....dk.x...*..D9...4..a./.t...........Z`/F....U.ib..n8j7..:.n1.D..6q...dXE*r.\..df.......`......)V.K.UX1..{.D".[~..T'..Z.a.gq...........c.S.i.6.6N.....P...N.......]]..TM.C.F.....4Q.....".O

                              C:\Users\user\Downloads\b697d749-3067-430d-9943-bcf7d6e45fa5.tmp

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                              Category:dropped
                              Size (bytes):14313
                              Entropy (8bit):7.962674878006794
                              Encrypted:false
                              SSDEEP:384:+mnBhsRGxrpf3lgydui0mnLglEVevm8oWshPZtwKV5Wz/kwJ:+Wh6Gxr1VXduFmncle8o7hPZtwSWAwJ
                              MD5:2C1F86FF17E4A550FC7CD84BB98F50B4
                              SHA1:668AC84F4C96DA15F5833C1DA603E7B6888058EC
                              SHA-256:E5EE4FB3046488DA39FB160269F95C751DECDA49D46EE3F2AE0581F1C070C751
                              SHA-512:4C2E27C713AC0A870B831514E1D422C50F1CA7976EE9CB62AAB1C3912EBE5F0684BE4C8056C62F64FC624A3BA0F0CC23D7B88D8D3B5515C4F7668910B7BF8639
                              Malicious:false
                              Reputation:low
                              Preview:PK........+.=Y..7&aE.........Tax Payment Challan.exe.gTU..'.X.`.;`o.&.{..TT..\.QD...",E.jb......`c.s..K..%Q.h.+.Xc.j,.E.Qy.}....7.........s.=.Zs...$AC.Sy"r...D.......To..:m.|.c........sO.cG..c.F...........c......c.~..U.Z..f.#'b..l......Ra..X.....+........s....:...S..U.J5......\.:V.8..p.S.3V...Xw9bko.....2...v.......O\...0....w..s.A....E..9.k|...a[c|...\....Dx}4r.H<o...k7b.5(m.l...'...c.X......Y....wy.............T..ZY+ke.....V..ZY+ke..m.,K.h..Kl.....XA......b......}b.i.&.s.D..m.....M......6...].....D]....9..D$.w........1~...}.4.c..B~...........DV...&."o.&.gi"d.M.0.&& o.....1..e...t1.sZ..<r.\..P....&"...%K..A.+.H..&..8..j..76...\..;t. ]<.\:.kbE .>....VQ.c;9ZE....j..v<K....q.tq,.&<0GW..L..l.^.U.......8.&vL.E...5..6q;.*....)....}.Q..>.<..w.&..V.2t..&.....!...u.J....dk.x...*..D9...4..a./.t...........Z`/F....U.ib..n8j7..:.n1.D..6q...dXE*r.\..df.......`......)V.K.UX1..{.D".[~..T'..Z.a.gq...........c.S.i.6.6N.....P...N.......]]..TM.C.F.....4Q.....".O

                              C:\Windows\appcompat\Programs\Amcache.hve

                              Download File
                              Process:C:\Windows\SysWOW64\cmd.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):1835008
                              Entropy (8bit):4.462942634347709
                              Encrypted:false
                              SSDEEP:6144:PIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN2dwBCswSbn:gXD94+WlLZMM6YFHg+n
                              MD5:93D5AB9AF94545E5C473736B7C1A6E34
                              SHA1:D21D2C92566A5D8D55A57805416DC0479A7A445E
                              SHA-256:4392A6CE0B603F3B94C1DAAA81999551FFFDC548DAD3E4E8346466FC60C09305
                              SHA-512:69B7A25910BDC89E342A4DE0A1624DA9AAA8CD070E306A71EF24032EDE83787027087E96593ED066D43B1398F82AEEDF52733F9D8A978E6F02763F0097E0E4D5
                              Malicious:false
                              Reputation:low
                              Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmV.k.................................................................................................................................................................................................................................................................................................................................................#R|.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              Chrome Cache Entry: 53

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:gzip compressed data, from Unix, original size modulo 2^32 583
                              Category:downloaded
                              Size (bytes):355
                              Entropy (8bit):7.3264100582849885
                              Encrypted:false
                              SSDEEP:6:Xtay2mRE+FQXqkV5qVHga2NiKbw6xI6xZcwKVuCvu9+U+1N9PTrgjwoP15zl:XjREMye2UP6rMVuC29d+tzoPXJ
                              MD5:CB50B952A1A41C3358018129E081D511
                              SHA1:9B3CE22F173597240FD0C22FF649F3FFB9C6EA99
                              SHA-256:791B5CB893932898C350D1EC9888EE9C2FEAEA002431D12E9A1BA29331813BE0
                              SHA-512:85FDCA12AD6D67DC0CD578FE0D6A8D892D40976422E50BBFAA631425B19D118780731F6E35753A762260E05326562C4D3824295160F0865DB784DAEA62156B79
                              Malicious:false
                              Reputation:low
                              URL:http://jeevankiranfoundationcenter.co.in/favicon.ico
                              Preview:...........RKO.0...+..IpX.*.8s...)k..k.DI.b..S.......>...d..Dq.5......;.>.........V.o$0.......Z.;.aS..o|.\?....po.XE....\...H.Rh8..]*....L.j.0. Prj.e...OA+.....g)\./{m.+w3?.R.[~....4/.M.....R.K.(G......}$.?..x...Y..o.-.j...zOk...z..#)....m?6.w(..~{]...{LR.r%.C..)s.8..0,..v.oK....UG....m;.YMM......N.....bg.1<@)..9..N.YN........."...|..FE.G...

                              Chrome Cache Entry: 54

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:gzip compressed data, from Unix, original size modulo 2^32 198
                              Category:downloaded
                              Size (bytes):170
                              Entropy (8bit):6.760545274232992
                              Encrypted:false
                              SSDEEP:3:FttczLvy1rdqBWFw+qxkZQ0t2q8AsyBeiU9/ILHdP3wx259JSh7p5LB:XtGQd27xYQ0YZUkALHlP59JuN
                              MD5:3773591B76FDDD5151ACE05E3CEE2B09
                              SHA1:8FE89FA9AE92722E256FBEE15F0FEBC7BD14544B
                              SHA-256:1245136E6F7CA84182DA76FF587B947854900166E6427322108D652215BAA3DB
                              SHA-512:6B4FB8751BBE9914A4F05F20F7609CB2545F168A31905A18EEBB3D1A4648520835C09D97356CAE2A8B49E6482FE139AEF89B19BDE7F9ABC9A619E4282F6D184B
                              Malicious:false
                              Reputation:low
                              URL:http://jeevankiranfoundationcenter.co.in/css/rrp.htm
                              Preview:..........M.K..0.E..!.....P.q.....g.$.4......P.G...r.$MN.Zs..PGm..i.N.o..=><..Y.,.%..I.....>.....03.........W..%-.........'...d....T..(..Aly.?>yw..6+..1H......

                              Chrome Cache Entry: 55

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                              Category:downloaded
                              Size (bytes):935409
                              Entropy (8bit):7.999054579462363
                              Encrypted:true
                              SSDEEP:24576:CYyL6TVzwf+rvw8CrkmHjVzYL2zChUR/R4L7RTCVJ3ojOB/GpMSQ8Can0:CnL+VKldZYLZL7RuVJ4jOB/iU890
                              MD5:51EBC72E8526010B9FE3F4CC076D9E7A
                              SHA1:5821F32DDCA1548791911CD3BD39B442D50FA0F0
                              SHA-256:019F104014826438C6C9790C43CF82E47DD1A1F942B936FB28C64F10D6122C2C
                              SHA-512:5C57B78D3DE9995DFDE8CFE2ADF678AE842B722720332DA44FDB9CE0C2C8B4959451DDC6BB77529E6EE542F08A632901F83DC3D8DE4B117E54494AC1F9AF4FF4
                              Malicious:false
                              Reputation:low
                              URL:http://justwantlove.lol/wp-content/Tax%20Payment%20Challan.zip
                              Preview:PK........+.=Y..7&aE.........Tax Payment Challan.exe.gTU..'.X.`.;`o.&.{..TT..\.QD...",E.jb......`c.s..K..%Q.h.+.Xc.j,.E.Qy.}....7.........s.=.Zs...$AC.Sy"r...D.......To..:m.|.c........sO.cG..c.F...........c......c.~..U.Z..f.#'b..l......Ra..X.....+........s....:...S..U.J5......\.:V.8..p.S.3V...Xw9bko.....2...v.......O\...0....w..s.A....E..9.k|...a[c|...\....Dx}4r.H<o...k7b.5(m.l...'...c.X......Y....wy.............T..ZY+ke.....V..ZY+ke..m.,K.h..Kl.....XA......b......}b.i.&.s.D..m.....M......6...].....D]....9..D$.w........1~...}.4.c..B~...........DV...&."o.&.gi"d.M.0.&& o.....1..e...t1.sZ..<r.\..P....&"...%K..A.+.H..&..8..j..76...\..;t. ]<.\:.kbE .>....VQ.c;9ZE....j..v<K....q.tq,.&<0GW..L..l.^.U.......8.&vL.E...5..6q;.*....)....}.Q..>.<..w.&..V.2t..&.....!...u.J....dk.x...*..D9...4..a./.t...........Z`/F....U.ib..n8j7..:.n1.D..6q...dXE*r.\..df.......`......)V.K.UX1..{.D".[~..T'..Z.a.gq...........c.S.i.6.6N.....P...N.......]]..TM.C.F.....4Q.....".O

                              Static File Info

                              No static file info

                              Network Behavior

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Sep 30, 2024 02:59:15.050313950 CEST49675443192.168.2.4173.222.162.32
                              Sep 30, 2024 02:59:18.742814064 CEST4973580192.168.2.4103.21.58.228
                              Sep 30, 2024 02:59:18.743201971 CEST4973680192.168.2.4103.21.58.228
                              Sep 30, 2024 02:59:18.747698069 CEST8049735103.21.58.228192.168.2.4
                              Sep 30, 2024 02:59:18.747791052 CEST4973580192.168.2.4103.21.58.228
                              Sep 30, 2024 02:59:18.747962952 CEST4973580192.168.2.4103.21.58.228
                              Sep 30, 2024 02:59:18.747973919 CEST8049736103.21.58.228192.168.2.4
                              Sep 30, 2024 02:59:18.748033047 CEST4973680192.168.2.4103.21.58.228
                              Sep 30, 2024 02:59:18.752722979 CEST8049735103.21.58.228192.168.2.4
                              Sep 30, 2024 02:59:19.818382025 CEST8049735103.21.58.228192.168.2.4
                              Sep 30, 2024 02:59:19.861411095 CEST4973580192.168.2.4103.21.58.228
                              Sep 30, 2024 02:59:19.952577114 CEST4973880192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:19.952764988 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:19.957420111 CEST804973823.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:19.957505941 CEST4973880192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:19.957532883 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:19.957577944 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.090382099 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.090533972 CEST4973580192.168.2.4103.21.58.228
                              Sep 30, 2024 02:59:20.095851898 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.095864058 CEST8049735103.21.58.228192.168.2.4
                              Sep 30, 2024 02:59:20.500917912 CEST8049735103.21.58.228192.168.2.4
                              Sep 30, 2024 02:59:20.526705027 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.526890039 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.526901960 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.526913881 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.526923895 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.526935101 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.526945114 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.526952982 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.526957035 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.526987076 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.526989937 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.526998997 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.527002096 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.527040958 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.531821012 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.531879902 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.531891108 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.531977892 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.551290035 CEST4973580192.168.2.4103.21.58.228
                              Sep 30, 2024 02:59:20.614240885 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.614253044 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.614269972 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.614279985 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.614290953 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.614310980 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.614456892 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.614618063 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.614659071 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.614686012 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.614697933 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.614746094 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.614757061 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.614773989 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.614800930 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.615432024 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.615442991 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.615453959 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.615514040 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.615530014 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.615540981 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.615551949 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.615585089 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.615606070 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.616391897 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.616447926 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.616461039 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.616508961 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.616513014 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.616518974 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.616530895 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.616571903 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.616571903 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.617373943 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.619086027 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.619102955 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.619112968 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.619124889 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.619148016 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.701972008 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.701987028 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.702004910 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.702014923 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.702027082 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.702033997 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.702079058 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.702080011 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.702090979 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.702100992 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.702136040 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.702136040 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.702164888 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.702176094 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.702187061 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.702239037 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.702271938 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.702282906 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.702294111 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.702326059 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.702398062 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.702425003 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.702435970 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.702445984 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.702464104 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.702475071 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.702486038 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.702495098 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.702495098 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.702538967 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.702564001 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.703053951 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.703078985 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.703088999 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.703130960 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.703130960 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.703200102 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.703210115 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.703216076 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.703222036 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.703253984 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.703320980 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.703330994 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.703341961 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.703372002 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.703424931 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.703434944 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.703447104 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.703464031 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.703499079 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.703986883 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.704030037 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.704041958 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.704091072 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.704118013 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.704128027 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.704138994 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.704149008 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.704174042 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.704174042 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.704175949 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.704215050 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.704477072 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.704562902 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.704580069 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.704591036 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.704602003 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.704631090 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.704639912 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.704658985 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.704669952 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.704715967 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.706825972 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.706897020 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.789628029 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.789654970 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.789665937 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.789722919 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.789747000 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.789757967 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.789767981 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.789778948 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.789789915 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.789793968 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.789807081 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.789840937 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.789941072 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.789952040 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.789963007 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.789972067 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.789982080 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.789989948 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.789992094 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790002108 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790014982 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.790040016 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.790080070 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790090084 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790098906 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790119886 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.790146112 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.790199041 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790209055 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790220022 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790271044 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.790298939 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790314913 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790326118 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790337086 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790363073 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.790363073 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.790404081 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790414095 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790424109 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790442944 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.790535927 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.790560961 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790570974 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790584087 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790595055 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790605068 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790615082 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790616989 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.790649891 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.790649891 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.790744066 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790757895 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790767908 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790777922 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790798903 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.790832043 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.790862083 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790872097 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790880919 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790889978 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790899992 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.790930986 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.790930986 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.790997982 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.791007996 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.791018963 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.791054010 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.791054010 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.791122913 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.791132927 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.791142941 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.791182995 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.791183949 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.791263103 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.791269064 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.791277885 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.791289091 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.791299105 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.791309118 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.791320086 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.791341066 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.791363001 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.791404963 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.791430950 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.791440964 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.791505098 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.791507006 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.791523933 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.791533947 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.791544914 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.791568041 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.791603088 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.794663906 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.794673920 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.794683933 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.794718981 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.794730902 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.794738054 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.794742107 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.794768095 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.794806957 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.794830084 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.794840097 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.794851065 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.794861078 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.794877052 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.794919968 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.794944048 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.794954062 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.794965029 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.794975996 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.794986963 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.795017004 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.795048952 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.795088053 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.795106888 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.795118093 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.795181036 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.795205116 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.795216084 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.795224905 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.795243025 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.835839033 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.877783060 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.877803087 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.877813101 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.877882004 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.877882957 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.877898932 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.877908945 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.877918959 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.877948046 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.877948046 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.877981901 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.877993107 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878001928 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878030062 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.878070116 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.878171921 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878181934 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878191948 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878201962 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878211021 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878220081 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878230095 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878235102 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.878235102 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.878247023 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878266096 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.878317118 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.878422976 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878433943 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878443956 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878453970 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878468037 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878470898 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.878485918 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.878629923 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878643036 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878663063 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878674030 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878675938 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.878684044 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878694057 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878704071 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878707886 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.878714085 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878724098 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878731966 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.878739119 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878750086 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878762007 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.878762007 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.878765106 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878802061 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.878977060 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878987074 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.878995895 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879005909 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879020929 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879029989 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879031897 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.879031897 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.879040003 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879050970 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879064083 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.879076004 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.879117012 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879323006 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879343987 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879354000 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879363060 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879371881 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879374981 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.879381895 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879399061 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879409075 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879410028 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.879410028 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.879420042 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879421949 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.879447937 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.879451036 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879494905 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.879641056 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879651070 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879659891 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879669905 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879702091 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879708052 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.879708052 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.879735947 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879785061 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.879899979 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879914999 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879925013 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879935026 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879944086 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879954100 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879964113 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879966974 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.879973888 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879982948 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879993916 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.879997015 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.879997015 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.880002975 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880012989 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880023003 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880032063 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880038023 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.880038023 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.880057096 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880063057 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.880074978 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.880321980 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880332947 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880342007 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880353928 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880392075 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.880392075 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.880470037 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880481005 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880522966 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.880625010 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880639076 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880649090 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880657911 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880675077 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880676031 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.880685091 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880695105 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880705118 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880713940 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.880713940 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.880714893 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880726099 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880734921 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880745888 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880755901 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880757093 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.880757093 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.880772114 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880779028 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.880784035 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880793095 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880803108 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880809069 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.880811930 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880821943 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880832911 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.880841017 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.880841970 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.880863905 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.880870104 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.881215096 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.881226063 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.881267071 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.881267071 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.965094090 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965187073 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965195894 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965204954 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965215921 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965229988 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965240955 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965249062 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.965249062 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.965284109 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.965286016 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965296984 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965348005 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.965358019 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965368032 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965378046 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965403080 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.965461969 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965471983 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965481997 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965483904 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.965491056 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965517998 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.965533972 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.965559959 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965569019 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965574980 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965585947 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965621948 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.965621948 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.965662956 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965673923 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965683937 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965692997 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965734959 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.965734959 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.965775967 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965862036 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965872049 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965883017 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965893030 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965903044 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965909958 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.965914965 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.965935946 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.965976954 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.966008902 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966018915 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966028929 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966069937 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.966069937 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.966150999 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966161966 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966171026 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966181993 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966197968 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966200113 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.966207981 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966218948 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966242075 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.966242075 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.966279030 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966289997 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966327906 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.966382980 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966393948 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966403961 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966413975 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966423988 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966447115 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.966447115 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.966483116 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.966569901 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966581106 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966662884 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.966732025 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966742992 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966752052 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966763020 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966773033 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966783047 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966793060 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966801882 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.966801882 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.966803074 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966814041 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966824055 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.966825962 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.966878891 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.966918945 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.967094898 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967106104 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967114925 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967124939 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967135906 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967145920 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967153072 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.967155933 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967166901 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967183113 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967192888 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.967194080 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967205048 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967215061 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967223883 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967228889 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.967228889 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.967256069 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.967418909 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967430115 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967441082 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967451096 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967463970 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967466116 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.967473984 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967478991 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.967513084 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967514992 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.967524052 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967534065 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967544079 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967547894 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.967555046 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967566013 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967576027 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967595100 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.967595100 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.967616081 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.967845917 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967856884 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967865944 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967906952 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.967987061 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.967998028 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968008041 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968018055 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968028069 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968036890 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968048096 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968055964 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.968055964 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.968091011 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.968116045 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968127012 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968135118 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968146086 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968157053 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968167067 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968168020 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.968173981 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.968177080 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968189001 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968198061 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968209028 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968218088 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.968230009 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.968276024 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.968585968 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968595982 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968605995 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968616009 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968626022 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968636036 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968647003 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968653917 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.968653917 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.968657970 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:20.968683958 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:20.968693018 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.052660942 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.052681923 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.052691936 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.052753925 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.052783012 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.052793980 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.052803040 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.052814007 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.052831888 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.052862883 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.052865982 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.052874088 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.052898884 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.052934885 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.052946091 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.052978992 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.052983999 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.052994967 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053033113 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.053086042 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053096056 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053105116 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053113937 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053122997 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053133965 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053142071 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.053142071 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.053196907 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053214073 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.053241014 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.053284883 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053294897 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053304911 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053313971 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053323984 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053328991 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.053352118 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.053421021 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053431034 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053440094 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053450108 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053466082 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053466082 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.053476095 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053484917 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053495884 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.053507090 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.053525925 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.053555012 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053565025 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053587914 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.053631067 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053641081 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053651094 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053661108 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053687096 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.053704977 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.053766966 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053911924 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053920984 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053930044 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053940058 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053946972 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.053950071 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053960085 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053970098 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053978920 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053986073 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.053989887 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.053997993 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.053997993 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.054040909 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.054121971 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054131985 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054141998 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054194927 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.054368019 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054383993 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054394007 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054404020 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054413080 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054414988 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.054423094 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054428101 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.054431915 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054441929 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054451942 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054461002 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054467916 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.054471016 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054481030 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054491043 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054493904 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.054501057 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054537058 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.054537058 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.054673910 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054730892 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054740906 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054752111 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054759979 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054794073 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.054794073 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.054862022 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054872990 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054882050 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054892063 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054902077 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054912090 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054922104 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054946899 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.054946899 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.054955959 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054965973 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054975033 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054991007 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.054996967 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.055001974 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055011988 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055022955 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055027962 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.055035114 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055047989 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.055085897 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.055445910 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055455923 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055465937 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055475950 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055485964 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055495024 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055505037 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055506945 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.055506945 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.055510998 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055521011 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055522919 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.055531025 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055540085 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055563927 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.055563927 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.055624962 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.055823088 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055833101 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055843115 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055852890 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055862904 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055871964 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055881977 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055891991 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055902004 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055905104 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.055911064 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055922031 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055922985 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.055922985 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.055932045 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055943012 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055953026 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.055965900 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.055991888 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.097166061 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.097192049 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.097206116 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.097218990 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.097228050 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.097245932 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.097260952 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.097273111 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.097318888 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.097330093 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.097363949 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.097368956 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.140505075 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.140516043 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.140526056 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.140546083 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.140558004 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.140588045 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.140588999 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.140654087 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.140666008 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.140676975 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.140712976 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.140739918 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.140752077 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.140762091 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.140773058 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.140841007 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.140841007 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.140861988 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.140872002 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.140882015 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.140894890 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.140948057 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.140958071 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.140969992 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.140970945 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.141066074 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.141093016 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141103029 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141113997 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141124010 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141134024 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141143084 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.141160965 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.141194105 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.141225100 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141237020 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141247034 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141256094 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141267061 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141278028 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141320944 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.141320944 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.141362906 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141372919 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141412020 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.141458988 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141470909 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141479969 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141489983 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141500950 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141510963 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141521931 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141527891 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.141527891 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.141545057 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.141690969 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141701937 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141711950 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141722918 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141733885 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141753912 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.141753912 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.141782999 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.141844034 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141855001 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141865015 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141875029 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141885996 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.141895056 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.141931057 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.142070055 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142085075 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142095089 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142106056 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142117977 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142118931 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.142127991 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142139912 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142139912 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.142148972 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142158985 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142169952 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142180920 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142182112 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.142182112 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.142216921 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.142216921 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.142349005 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142362118 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142389059 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142409086 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.142503023 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142513037 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142524004 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142534018 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142544985 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142555952 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142565012 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.142565012 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.142566919 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142599106 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.142628908 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142784119 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142795086 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142803907 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142813921 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142824888 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142834902 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142844915 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142852068 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142852068 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.142852068 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.142860889 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142872095 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142884016 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.142893076 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.142893076 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.142946959 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.143129110 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143140078 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143150091 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143160105 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143172979 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143183947 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.143234015 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.143312931 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143328905 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143338919 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143348932 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143359900 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143378019 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143392086 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.143392086 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.143399954 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143400908 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.143410921 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143423080 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143428087 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143438101 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.143439054 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143449068 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143454075 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.143460035 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143471003 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143482924 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143492937 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.143492937 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.143539906 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.143702030 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143712997 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143759966 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.143765926 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143776894 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143789053 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143798113 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143810034 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.143851995 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.143851995 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.143917084 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.147639036 CEST49741443192.168.2.4142.250.74.196
                              Sep 30, 2024 02:59:21.147682905 CEST44349741142.250.74.196192.168.2.4
                              Sep 30, 2024 02:59:21.147738934 CEST49741443192.168.2.4142.250.74.196
                              Sep 30, 2024 02:59:21.148457050 CEST49741443192.168.2.4142.250.74.196
                              Sep 30, 2024 02:59:21.148469925 CEST44349741142.250.74.196192.168.2.4
                              Sep 30, 2024 02:59:21.184972048 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.184992075 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.185003042 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.185066938 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.185100079 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.185110092 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.185137987 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.185149908 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.185156107 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.185214996 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.228245020 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228262901 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228276968 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228310108 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.228321075 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.228322029 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228333950 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228343964 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228357077 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228367090 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.228420019 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.228439093 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228450060 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228461027 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228471994 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228488922 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.228523016 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.228548050 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228559017 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228569984 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228615999 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.228693008 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228703976 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228714943 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228729963 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228743076 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228754997 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228771925 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.228771925 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.228817940 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.228844881 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228853941 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228868961 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228887081 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228897095 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228903055 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.228903055 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.228910923 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228921890 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228933096 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.228940964 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.228970051 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.229110956 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229124069 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229134083 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229145050 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229154110 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229161978 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.229188919 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.229235888 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.229274035 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229285002 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229295015 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229304075 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229315042 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229326963 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229331970 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.229346991 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.229367018 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229384899 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229410887 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.229428053 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.229482889 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229559898 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229573011 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229583979 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229594946 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229604959 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229620934 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.229681015 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.229685068 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229696035 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229707003 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229721069 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229732037 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229758024 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.229773998 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.229871988 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229882956 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229892969 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229902983 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229913950 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229923964 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229934931 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229937077 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.229937077 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.229943991 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.229945898 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.229981899 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.230145931 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230156898 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230166912 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230176926 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230187893 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230192900 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.230200052 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230210066 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230220079 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230225086 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.230225086 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.230231047 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230261087 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.230261087 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.230345011 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230355978 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230366945 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230379105 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230389118 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230403900 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.230437994 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.230489969 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230500937 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230511904 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230550051 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.230550051 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.230637074 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230648994 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230658054 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230669022 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230678082 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230688095 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230699062 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230709076 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230726004 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230736971 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230747938 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230757952 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.230757952 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.230757952 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.230757952 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.230770111 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.230957985 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230968952 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230978012 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.230994940 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.231007099 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.231015921 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.231028080 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.231028080 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.231029034 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.231038094 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.231055021 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.231080055 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.231242895 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.231254101 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.231264114 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.231275082 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.231285095 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.231292963 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.231293917 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.231296062 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.231307030 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.231348038 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.231348038 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.231466055 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.231476068 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.231486082 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.231497049 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.231507063 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.231517076 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.231518030 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.231527090 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.231545925 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.231545925 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.258692026 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.273019075 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.273087025 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.273217916 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.273228884 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.273237944 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.273247957 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.273258924 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.273271084 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.273279905 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.273328066 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.315855026 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316013098 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316028118 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316040039 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316056967 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316066980 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316071033 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.316071987 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.316076040 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316087961 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316097975 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316111088 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316117048 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.316117048 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.316119909 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316129923 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316169977 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.316169977 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.316211939 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316222906 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316234112 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316242933 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316278934 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.316293955 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.316373110 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316385031 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316395044 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316405058 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316416025 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316438913 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.316483974 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.316514015 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316524029 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316538095 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316548109 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316559076 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316570997 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.316570997 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.316617012 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.316673040 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316683054 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316694021 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316704035 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316714048 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316732883 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.316754103 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316762924 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316795111 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.316795111 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.316910028 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316920996 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316931009 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316941023 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316946983 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.316951036 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316961050 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316962004 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.316977024 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316986084 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.316997051 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317008018 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.317035913 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.317035913 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.317102909 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317114115 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317122936 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317132950 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317142963 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317153931 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317162037 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.317162037 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.317166090 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317178011 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317192078 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.317217112 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.317238092 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317342043 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317353010 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317362070 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317372084 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317380905 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317388058 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317395926 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317399979 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.317408085 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317431927 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.317431927 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.317528009 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317624092 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317634106 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317643881 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317651987 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317668915 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317679882 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317687988 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317698956 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.317703009 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317713022 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317749977 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.317749977 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.317928076 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317936897 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317945957 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317956924 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317966938 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317976952 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317979097 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.317985058 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.317991018 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.317996025 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.318007946 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.318017006 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.318022966 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.318022966 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.318030119 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.318072081 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.318072081 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.318099022 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.318188906 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.318198919 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.318208933 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.318219900 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 02:59:21.318240881 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.318275928 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.326920986 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 02:59:21.784975052 CEST44349741142.250.74.196192.168.2.4
                              Sep 30, 2024 02:59:21.832957983 CEST49741443192.168.2.4142.250.74.196
                              Sep 30, 2024 02:59:21.853055954 CEST49741443192.168.2.4142.250.74.196
                              Sep 30, 2024 02:59:21.853071928 CEST44349741142.250.74.196192.168.2.4
                              Sep 30, 2024 02:59:21.854011059 CEST44349741142.250.74.196192.168.2.4
                              Sep 30, 2024 02:59:21.854077101 CEST49741443192.168.2.4142.250.74.196
                              Sep 30, 2024 02:59:21.860604048 CEST49741443192.168.2.4142.250.74.196
                              Sep 30, 2024 02:59:21.860670090 CEST44349741142.250.74.196192.168.2.4
                              Sep 30, 2024 02:59:21.911092997 CEST49741443192.168.2.4142.250.74.196
                              Sep 30, 2024 02:59:21.911108017 CEST44349741142.250.74.196192.168.2.4
                              Sep 30, 2024 02:59:21.957952976 CEST49741443192.168.2.4142.250.74.196
                              Sep 30, 2024 02:59:22.614794016 CEST49742443192.168.2.4184.28.90.27
                              Sep 30, 2024 02:59:22.614840031 CEST44349742184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:22.615197897 CEST49742443192.168.2.4184.28.90.27
                              Sep 30, 2024 02:59:22.618264914 CEST49742443192.168.2.4184.28.90.27
                              Sep 30, 2024 02:59:22.618282080 CEST44349742184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:23.276942015 CEST44349742184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:23.277009010 CEST49742443192.168.2.4184.28.90.27
                              Sep 30, 2024 02:59:23.309406996 CEST49742443192.168.2.4184.28.90.27
                              Sep 30, 2024 02:59:23.309429884 CEST44349742184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:23.309694052 CEST44349742184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:23.349416018 CEST49742443192.168.2.4184.28.90.27
                              Sep 30, 2024 02:59:23.519017935 CEST49742443192.168.2.4184.28.90.27
                              Sep 30, 2024 02:59:23.563405991 CEST44349742184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:23.708314896 CEST44349742184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:23.708376884 CEST44349742184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:23.708432913 CEST49742443192.168.2.4184.28.90.27
                              Sep 30, 2024 02:59:23.708673000 CEST49742443192.168.2.4184.28.90.27
                              Sep 30, 2024 02:59:23.708694935 CEST44349742184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:23.708739996 CEST49742443192.168.2.4184.28.90.27
                              Sep 30, 2024 02:59:23.708748102 CEST44349742184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:23.761884928 CEST49743443192.168.2.4184.28.90.27
                              Sep 30, 2024 02:59:23.761921883 CEST44349743184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:23.762073040 CEST49743443192.168.2.4184.28.90.27
                              Sep 30, 2024 02:59:23.762722969 CEST49743443192.168.2.4184.28.90.27
                              Sep 30, 2024 02:59:23.762728930 CEST44349743184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:24.393888950 CEST44349743184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:24.394115925 CEST49743443192.168.2.4184.28.90.27
                              Sep 30, 2024 02:59:24.697607040 CEST49743443192.168.2.4184.28.90.27
                              Sep 30, 2024 02:59:24.697624922 CEST44349743184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:24.698013067 CEST44349743184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:24.701358080 CEST49743443192.168.2.4184.28.90.27
                              Sep 30, 2024 02:59:24.747397900 CEST44349743184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:24.903268099 CEST44349743184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:24.903337002 CEST44349743184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:24.903409958 CEST49743443192.168.2.4184.28.90.27
                              Sep 30, 2024 02:59:24.904685020 CEST49743443192.168.2.4184.28.90.27
                              Sep 30, 2024 02:59:24.904700994 CEST44349743184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:24.904711008 CEST49743443192.168.2.4184.28.90.27
                              Sep 30, 2024 02:59:24.904716969 CEST44349743184.28.90.27192.168.2.4
                              Sep 30, 2024 02:59:25.501948118 CEST8049735103.21.58.228192.168.2.4
                              Sep 30, 2024 02:59:25.502023935 CEST4973580192.168.2.4103.21.58.228
                              Sep 30, 2024 02:59:27.340300083 CEST4973580192.168.2.4103.21.58.228
                              Sep 30, 2024 02:59:27.346012115 CEST8049735103.21.58.228192.168.2.4
                              Sep 30, 2024 02:59:27.635572910 CEST49672443192.168.2.4173.222.162.32
                              Sep 30, 2024 02:59:27.635653019 CEST44349672173.222.162.32192.168.2.4
                              Sep 30, 2024 02:59:27.636848927 CEST49744443192.168.2.4173.222.162.32
                              Sep 30, 2024 02:59:27.636888027 CEST44349744173.222.162.32192.168.2.4
                              Sep 30, 2024 02:59:27.636966944 CEST49744443192.168.2.4173.222.162.32
                              Sep 30, 2024 02:59:27.637202024 CEST49744443192.168.2.4173.222.162.32
                              Sep 30, 2024 02:59:27.637214899 CEST44349744173.222.162.32192.168.2.4
                              Sep 30, 2024 02:59:28.230158091 CEST44349744173.222.162.32192.168.2.4
                              Sep 30, 2024 02:59:28.230256081 CEST49744443192.168.2.4173.222.162.32
                              Sep 30, 2024 02:59:31.685108900 CEST44349741142.250.74.196192.168.2.4
                              Sep 30, 2024 02:59:31.685165882 CEST44349741142.250.74.196192.168.2.4
                              Sep 30, 2024 02:59:31.685262918 CEST49741443192.168.2.4142.250.74.196
                              Sep 30, 2024 02:59:33.321118116 CEST49741443192.168.2.4142.250.74.196
                              Sep 30, 2024 02:59:33.321137905 CEST44349741142.250.74.196192.168.2.4
                              Sep 30, 2024 02:59:33.339307070 CEST4972380192.168.2.493.184.221.240
                              Sep 30, 2024 02:59:33.344470978 CEST804972393.184.221.240192.168.2.4
                              Sep 30, 2024 02:59:33.344522953 CEST4972380192.168.2.493.184.221.240
                              Sep 30, 2024 02:59:45.432986975 CEST6438753192.168.2.4162.159.36.2
                              Sep 30, 2024 02:59:45.437951088 CEST5364387162.159.36.2192.168.2.4
                              Sep 30, 2024 02:59:45.438029051 CEST6438753192.168.2.4162.159.36.2
                              Sep 30, 2024 02:59:45.438118935 CEST6438753192.168.2.4162.159.36.2
                              Sep 30, 2024 02:59:45.442864895 CEST5364387162.159.36.2192.168.2.4
                              Sep 30, 2024 02:59:45.932468891 CEST5364387162.159.36.2192.168.2.4
                              Sep 30, 2024 02:59:45.933228016 CEST6438753192.168.2.4162.159.36.2
                              Sep 30, 2024 02:59:45.938477993 CEST5364387162.159.36.2192.168.2.4
                              Sep 30, 2024 02:59:45.938649893 CEST6438753192.168.2.4162.159.36.2
                              Sep 30, 2024 02:59:47.383569956 CEST44349744173.222.162.32192.168.2.4
                              Sep 30, 2024 02:59:47.383625031 CEST49744443192.168.2.4173.222.162.32
                              Sep 30, 2024 03:00:03.759087086 CEST4973680192.168.2.4103.21.58.228
                              Sep 30, 2024 03:00:03.764008999 CEST8049736103.21.58.228192.168.2.4
                              Sep 30, 2024 03:00:04.971955061 CEST4973880192.168.2.423.94.221.14
                              Sep 30, 2024 03:00:04.976932049 CEST804973823.94.221.14192.168.2.4
                              Sep 30, 2024 03:00:06.336103916 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 03:00:06.341032028 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 03:00:19.317744017 CEST4973680192.168.2.4103.21.58.228
                              Sep 30, 2024 03:00:19.324350119 CEST8049736103.21.58.228192.168.2.4
                              Sep 30, 2024 03:00:19.324467897 CEST4973680192.168.2.4103.21.58.228
                              Sep 30, 2024 03:00:20.434144974 CEST804973823.94.221.14192.168.2.4
                              Sep 30, 2024 03:00:20.434617043 CEST4973880192.168.2.423.94.221.14
                              Sep 30, 2024 03:00:20.668565989 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 03:00:20.668631077 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 03:00:21.138015032 CEST4973880192.168.2.423.94.221.14
                              Sep 30, 2024 03:00:21.138046026 CEST4973980192.168.2.423.94.221.14
                              Sep 30, 2024 03:00:21.138288975 CEST64393443192.168.2.4142.250.185.132
                              Sep 30, 2024 03:00:21.138350964 CEST44364393142.250.185.132192.168.2.4
                              Sep 30, 2024 03:00:21.138431072 CEST64393443192.168.2.4142.250.185.132
                              Sep 30, 2024 03:00:21.138689995 CEST64393443192.168.2.4142.250.185.132
                              Sep 30, 2024 03:00:21.138722897 CEST44364393142.250.185.132192.168.2.4
                              Sep 30, 2024 03:00:21.142824888 CEST804973923.94.221.14192.168.2.4
                              Sep 30, 2024 03:00:21.142836094 CEST804973823.94.221.14192.168.2.4
                              Sep 30, 2024 03:00:21.726651907 CEST4972480192.168.2.493.184.221.240
                              Sep 30, 2024 03:00:21.731849909 CEST804972493.184.221.240192.168.2.4
                              Sep 30, 2024 03:00:21.731947899 CEST4972480192.168.2.493.184.221.240
                              Sep 30, 2024 03:00:21.780184984 CEST44364393142.250.185.132192.168.2.4
                              Sep 30, 2024 03:00:21.780493021 CEST64393443192.168.2.4142.250.185.132
                              Sep 30, 2024 03:00:21.780530930 CEST44364393142.250.185.132192.168.2.4
                              Sep 30, 2024 03:00:21.781662941 CEST44364393142.250.185.132192.168.2.4
                              Sep 30, 2024 03:00:21.782417059 CEST64393443192.168.2.4142.250.185.132
                              Sep 30, 2024 03:00:21.782598972 CEST44364393142.250.185.132192.168.2.4
                              Sep 30, 2024 03:00:21.834086895 CEST64393443192.168.2.4142.250.185.132
                              Sep 30, 2024 03:00:31.710758924 CEST44364393142.250.185.132192.168.2.4
                              Sep 30, 2024 03:00:31.710844040 CEST44364393142.250.185.132192.168.2.4
                              Sep 30, 2024 03:00:31.710995913 CEST64393443192.168.2.4142.250.185.132
                              Sep 30, 2024 03:00:33.319472075 CEST64393443192.168.2.4142.250.185.132
                              Sep 30, 2024 03:00:33.319545984 CEST44364393142.250.185.132192.168.2.4

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Sep 30, 2024 02:59:16.399744034 CEST53569531.1.1.1192.168.2.4
                              Sep 30, 2024 02:59:16.416079044 CEST53577151.1.1.1192.168.2.4
                              Sep 30, 2024 02:59:17.474288940 CEST53524041.1.1.1192.168.2.4
                              Sep 30, 2024 02:59:18.216422081 CEST5864153192.168.2.41.1.1.1
                              Sep 30, 2024 02:59:18.216686010 CEST5075753192.168.2.41.1.1.1
                              Sep 30, 2024 02:59:18.730691910 CEST53586411.1.1.1192.168.2.4
                              Sep 30, 2024 02:59:18.742103100 CEST53507571.1.1.1192.168.2.4
                              Sep 30, 2024 02:59:19.936621904 CEST5455653192.168.2.41.1.1.1
                              Sep 30, 2024 02:59:19.937225103 CEST6131653192.168.2.41.1.1.1
                              Sep 30, 2024 02:59:19.947926998 CEST53545561.1.1.1192.168.2.4
                              Sep 30, 2024 02:59:19.951091051 CEST53613161.1.1.1192.168.2.4
                              Sep 30, 2024 02:59:21.131335020 CEST5449753192.168.2.41.1.1.1
                              Sep 30, 2024 02:59:21.131695032 CEST4970453192.168.2.41.1.1.1
                              Sep 30, 2024 02:59:21.138222933 CEST53544971.1.1.1192.168.2.4
                              Sep 30, 2024 02:59:21.138235092 CEST53497041.1.1.1192.168.2.4
                              Sep 30, 2024 02:59:33.310120106 CEST138138192.168.2.4192.168.2.255
                              Sep 30, 2024 02:59:34.721438885 CEST53598811.1.1.1192.168.2.4
                              Sep 30, 2024 02:59:45.432491064 CEST5352863162.159.36.2192.168.2.4
                              Sep 30, 2024 02:59:45.960849047 CEST5483353192.168.2.41.1.1.1
                              Sep 30, 2024 02:59:45.967824936 CEST53548331.1.1.1192.168.2.4
                              Sep 30, 2024 03:00:21.129698992 CEST5826153192.168.2.41.1.1.1
                              Sep 30, 2024 03:00:21.137229919 CEST53582611.1.1.1192.168.2.4

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Sep 30, 2024 02:59:18.216422081 CEST192.168.2.41.1.1.10x7f83Standard query (0)jeevankiranfoundationcenter.co.inA (IP address)IN (0x0001)false
                              Sep 30, 2024 02:59:18.216686010 CEST192.168.2.41.1.1.10xcd9bStandard query (0)jeevankiranfoundationcenter.co.in65IN (0x0001)false
                              Sep 30, 2024 02:59:19.936621904 CEST192.168.2.41.1.1.10x1e06Standard query (0)justwantlove.lolA (IP address)IN (0x0001)false
                              Sep 30, 2024 02:59:19.937225103 CEST192.168.2.41.1.1.10x687eStandard query (0)justwantlove.lol65IN (0x0001)false
                              Sep 30, 2024 02:59:21.131335020 CEST192.168.2.41.1.1.10x4d46Standard query (0)www.google.comA (IP address)IN (0x0001)false
                              Sep 30, 2024 02:59:21.131695032 CEST192.168.2.41.1.1.10x6798Standard query (0)www.google.com65IN (0x0001)false
                              Sep 30, 2024 02:59:45.960849047 CEST192.168.2.41.1.1.10x6b28Standard query (0)241.42.69.40.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                              Sep 30, 2024 03:00:21.129698992 CEST192.168.2.41.1.1.10xcdb2Standard query (0)www.google.comA (IP address)IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Sep 30, 2024 02:59:18.730691910 CEST1.1.1.1192.168.2.40x7f83No error (0)jeevankiranfoundationcenter.co.in103.21.58.228A (IP address)IN (0x0001)false
                              Sep 30, 2024 02:59:19.947926998 CEST1.1.1.1192.168.2.40x1e06No error (0)justwantlove.lol23.94.221.14A (IP address)IN (0x0001)false
                              Sep 30, 2024 02:59:21.138222933 CEST1.1.1.1192.168.2.40x4d46No error (0)www.google.com142.250.74.196A (IP address)IN (0x0001)false
                              Sep 30, 2024 02:59:21.138235092 CEST1.1.1.1192.168.2.40x6798No error (0)www.google.com65IN (0x0001)false
                              Sep 30, 2024 02:59:32.330637932 CEST1.1.1.1192.168.2.40xbacaNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                              Sep 30, 2024 02:59:32.330637932 CEST1.1.1.1192.168.2.40xbacaNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                              Sep 30, 2024 02:59:44.433728933 CEST1.1.1.1192.168.2.40xe47dNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                              Sep 30, 2024 02:59:44.433728933 CEST1.1.1.1192.168.2.40xe47dNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                              Sep 30, 2024 02:59:45.967824936 CEST1.1.1.1192.168.2.40x6b28Name error (3)241.42.69.40.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                              Sep 30, 2024 03:00:21.137229919 CEST1.1.1.1192.168.2.40xcdb2No error (0)www.google.com142.250.185.132A (IP address)IN (0x0001)false

                              HTTP Request Dependency Graph

                              • fs.microsoft.com
                              • jeevankiranfoundationcenter.co.in
                                • justwantlove.lol

                              HTTP Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.449735103.21.58.228802872C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              Sep 30, 2024 02:59:18.747962952 CEST459OUTGET /css/rrp.htm HTTP/1.1
                              Host: jeevankiranfoundationcenter.co.in
                              Connection: keep-alive
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Sep 30, 2024 02:59:19.818382025 CEST484INHTTP/1.1 200 OK
                              Date: Mon, 30 Sep 2024 00:59:19 GMT
                              Server: Apache
                              Upgrade: h2,h2c
                              Connection: Upgrade, Keep-Alive
                              Last-Modified: Sun, 29 Sep 2024 23:24:14 GMT
                              Accept-Ranges: bytes
                              Vary: Accept-Encoding
                              Content-Encoding: gzip
                              Content-Length: 170
                              Keep-Alive: timeout=5, max=75
                              Content-Type: text/html
                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 4b 0a c2 30 14 45 e7 85 ee 21 04 1c a6 a9 82 50 ad 71 e2 06 1c b8 81 67 fb 24 95 34 a9 c9 eb cf d5 db 50 05 47 f7 c3 e5 72 d2 24 4d 4e 9a 5a 73 8e 8a 50 47 6d 91 80 69 a2 4e e0 ab 6f 06 c5 3d 3e 3c 06 cd 59 e5 2c a1 25 c5 f3 92 a5 49 ef 8d 8a b3 a3 94 cf 3e d0 08 96 8c 1b 30 33 ce c8 b1 13 df b1 bc c1 b4 d9 e5 57 98 db 25 2d ee a2 c1 18 b0 d9 bb e9 fe 1e 09 27 92 91 a4 64 95 06 1f 90 54 13 9c 28 8a fd 41 6c 79 c4 92 3f 3e 79 77 f5 bc 36 2b f9 07 31 48 9c 2e c6 00 00 00
                              Data Ascii: MK0E!Pqg$4PGr$MNZsPGmiNo=><Y,%I>03W%-'dT(Aly?>yw6+1H.
                              Sep 30, 2024 02:59:20.090533972 CEST421OUTGET /favicon.ico HTTP/1.1
                              Host: jeevankiranfoundationcenter.co.in
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Referer: http://jeevankiranfoundationcenter.co.in/css/rrp.htm
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Sep 30, 2024 02:59:20.500917912 CEST650INHTTP/1.1 404 Not Found
                              Date: Mon, 30 Sep 2024 00:59:20 GMT
                              Server: Apache
                              Last-Modified: Thu, 15 Jul 2021 15:51:26 GMT
                              Accept-Ranges: bytes
                              Vary: Accept-Encoding
                              Content-Encoding: gzip
                              Content-Length: 355
                              Keep-Alive: timeout=5, max=74
                              Connection: Keep-Alive
                              Content-Type: text/html
                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be f3 2b ac a0 49 70 58 db bd 2a d6 97 38 73 81 13 d7 29 6b d2 d6 6b 9a 44 49 f6 62 e2 bf 93 ae 53 81 03 12 89 94 d8 f9 3e 7f 96 ed 64 8d eb 44 71 97 35 9c b2 e2 0e fc ca ac 3b 0b 3e d8 fd 0a 84 a2 8c 1b b8 c0 56 19 6f 24 30 8b f5 09 ac 12 c8 e0 be 5a f4 3b bd 61 53 a7 f4 6f 7c b1 5c 3f b1 ed 88 1b ca 70 6f 13 58 45 93 14 8e c8 5c e3 e9 f3 48 9f 52 68 38 d6 8d 1b 5d 2a b1 a3 0e 95 4c c0 6a 94 30 b7 20 50 72 6a 00 65 85 12 1d 4f 41 2b 8b 03 a5 c2 13 67 29 5c d3 2f 7b 6d c1 2b 77 33 3f c7 52 9e 5b 7e ae 0c ed b8 1d 34 2f 10 4d fc e1 0c 95 b6 52 a6 4b c0 28 47 1d 7f 88 18 af 1f 7d 24 cc a2 3f 18 8b 78 e4 0c fa 59 f8 a3 6f 99 2d 0d 6a 07 82 ca 7a 4f 6b 9e 93 17 7a a0 c3 23 29 0e be 88 8d 6d 3f 36 da 77 28 07 b2 7e 7b 5d c5 cb d5 7b 4c 52 af 72 25 fd 43 06 ac 29 73 d2 38 a7 93 30 2c 99 0c 76 b6 6f 4b c0 d0 f0 d2 55 47 16 94 aa 0b 6d 3b dd 59 4d 4d bb b9 82 ba d1 a4 f8 4e 92 85 c3 dc b3 ad 62 67 7f 31 3c 40 29 a8 b5 39 19 a6 4e 00 59 4e bc c8 cd f5 b1 9e [TRUNCATED]
                              Data Ascii: RKO0+IpX*8s)kkDIbS>dDq5;>Vo$0Z;aSo|\?poXE\HRh8]*Lj0 PrjeOA+g)\/{m+w3?R[~4/MRK(G}$?xYo-jzOkz#)m?6w(~{]{LRr%C)s80,voKUGm;YMMNbg1<@)9NYN"|FEG


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.44973923.94.221.14802872C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              Sep 30, 2024 02:59:20.090382099 CEST521OUTGET /wp-content/Tax%20Payment%20Challan.zip HTTP/1.1
                              Host: justwantlove.lol
                              Connection: keep-alive
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                              Referer: http://jeevankiranfoundationcenter.co.in/
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Sep 30, 2024 02:59:20.526705027 CEST1236INHTTP/1.1 200 OK
                              Server: nginx
                              Date: Mon, 30 Sep 2024 00:59:20 GMT
                              Content-Type: application/zip
                              Content-Length: 935409
                              Last-Modified: Sun, 29 Sep 2024 23:02:43 GMT
                              Connection: keep-alive
                              ETag: "66f9dc93-e45f1"
                              Strict-Transport-Security: max-age=31536000
                              Accept-Ranges: bytes
                              Data Raw: 50 4b 03 04 14 00 00 00 08 00 2b be 3d 59 e4 f5 37 26 61 45 0e 00 d2 b4 1b 00 17 00 00 00 54 61 78 20 50 61 79 6d 65 6e 74 20 43 68 61 6c 6c 61 6e 2e 65 78 65 ec 9a 67 54 55 d7 b6 c7 27 8a 58 b0 60 05 3b 60 6f a0 26 18 7b 0e 04 54 54 e2 2e 5c 11 51 44 08 1a 02 22 2c 45 03 6a 62 89 85 18 8c 1a b0 60 63 ef 73 d4 10 4b d4 e8 8d 25 51 c1 68 14 2b d6 58 63 b8 6a 2c d8 45 a3 51 79 ff 7d e6 e6 a2 f7 8d 37 de 18 ef d3 fb c0 1a e3 97 b9 ff 73 cd 3d d7 5a 73 ad b5 81 24 41 43 e7 53 79 22 72 04 c5 c5 44 db 89 9b 85 fe f7 b6 17 54 6f ba b3 3a 6d ad 7c d4 63 bb c3 c0 a3 1e c1 1f c7 8c 73 4f 10 63 47 8b 91 63 dc a3 46 c6 c7 8f 1d ef 1e 19 ed 2e 92 e2 dd 63 e2 dd fd 07 a9 ee 63 c6 7e 14 ed 55 ad 5a 95 e6 66 8e 23 27 62 e3 e7 6c ae d0 ab 04 e7 0d ce bd 52 61 ff d8 58 b5 d7 1e d8 91 1b 2b d9 b5 12 13 f5 b1 d1 ff 9f 73 90 02 88 06 3a 94 a7 83 53 fe 1a 55 e2 bb 4a 35 1c 9c 1d 9c 88 12 5c 89 3a 56 e0 38 19 ff 70 01 53 e1 33 56 e7 c2 da 58 77 39 62 6b 6f 9b 1a d9 fd 8b 32 1a d9 fd 76 e1 f2 a6 fd b7 b1 b7 f4 4f 5c a9 b5 [TRUNCATED]
                              Data Ascii: PK+=Y7&aETax Payment Challan.exegTU'X`;`o&{TT.\QD",Ejb`csK%Qh+Xcj,EQy}7s=Zs$ACSy"rDTo:m|csOcGcF.cc~UZf#'blRaX+s:SUJ5\:V8pS3VXw9bko2vO\0wsAE9k|a[c|\Dx}4rH<ok7b5(ml'.cXY.wyTZY+keVZY+kem,KhKlXAb}bi&sDmM6]D]9D$w1~}4c.B~DV.&"o&gi"dM0&& o1et1sZ<r\P&"%KA+H&8j76.\;t ]<\:kbE >VQc;9ZEjv<Kqtq,&<0GWLl^U8&vLE56q;*)}Q><w&V2t&.!uJdkx.*D94a/t..Z`/FUibn8j7:n1D6qdXE*r\df`)VKUX1{D"[~T'ZagqcSi
                              Sep 30, 2024 02:59:20.526890039 CEST1236INData Raw: a2 36 e6 96 36 4e 17 b7 be d6 c5 50 cc af 1f f2 4e 89 d1 85 07 e6 b8 14 eb d8 5d 5d 17 cf 54 4d b4 43 fd 46 df cc 12 2e bd 34 51 88 f1 17 e9 e9 22 c9 4f 13 6e a8 cb b7 58 eb 6d 17 5d bc 87 79 77 fe 00 fb 8f 31 bb 63 6f 9a 62 8f a6 d5 d6 45 7f 9c
                              Data Ascii: 66NPN]]TMCF.4Q"OnXm]yw1cobE]D8beGX|Fh"y5u_ak&l>7IV=S187&5]<cUp9qQ1HXh\_aq@oBXLGp;{D/*?W<
                              Sep 30, 2024 02:59:20.526901960 CEST1236INData Raw: e0 5f e0 cd ef c9 e5 89 1c 5f 2d 99 e3 eb 24 b3 3e 67 ea 2b a6 5e 9c c2 7a 65 0a eb 90 49 ac c3 27 b1 76 9d cc ba 09 ac f1 fd 38 39 57 a6 82 34 99 2e cd 65 ff f6 86 16 72 86 cd 44 bf 06 36 81 f6 5f c8 b4 1c fc 0a fe 89 b8 7d 60 3f 38 69 52 d2 8c
                              Data Ascii: __-$>g+^zeI'v89W4.erD6_}`?8iR|yY2bFj19:kBoP`72Ot~{oSqL#YALe2=1+*|0}-iu2tP`a3A6G_rYcc~r
                              Sep 30, 2024 02:59:20.526913881 CEST672INData Raw: f2 a3 58 57 19 c5 fb 49 31 e6 5d 30 ed 83 e6 fc 1d cc 40 ff 72 b0 0e fc 0a 3a 8e 56 68 29 f0 f8 18 67 de a4 a4 19 f3 1d 10 8b 1a 01 25 96 c7 7f 1a cb e3 fd 1c c7 71 bf c4 f1 78 b3 92 59 a7 99 36 a2 05 d7 39 60 0c ee 17 08 03 0f e3 15 da 34 16 fb
                              Data Ascii: XWI1]0@r:Vh)g%qxY69`4yB@x$GjB&I9<)i)\;7`6uL^,~oqB8^oprae9kU|Vq^_Z@lF@3w#~Bn~^~^~9sX\
                              Sep 30, 2024 02:59:20.526923895 CEST1236INData Raw: 44 9e 6f dd 09 2a 75 05 8d 26 70 7f c5 89 dc 5f 7d 22 eb cc 64 d6 5a 32 d7 31 39 85 fd 77 26 b1 ff d1 24 f6 ef 9f cc fe 1e 9f b1 df ef 33 f6 d7 fd 9c fd 73 a7 b2 7f e1 54 f6 47 4f 53 df fa bb bb ff 17 a5 f5 a2 2f 55 da 95 ca f1 57 db 5a a8 2a ec
                              Data Ascii: Do*u&p_}"dZ219w&$3sTGOS/UWZ*_O,&S&3ft;V]c.R)^=<b&kU_yysek<:T+V6lka]75fg.F6mJ_9*Rqz_9S'1V%4[>u
                              Sep 30, 2024 02:59:20.526935101 CEST1236INData Raw: 1b 54 7c eb 39 94 fb 9c e3 73 5a f5 03 f7 d3 09 e7 d1 56 40 ca 79 7e be fe 17 f8 7e 2d 2e f0 f3 2d b8 c0 f6 c9 95 6c 4f ad 64 7d 66 15 eb 73 aa 58 f7 ba a8 c6 86 8b ec 77 da ef 16 5a 01 66 fe 6e cf ff 70 93 14 a6 e1 26 3d 1f 2d eb c5 da 4f 4d a4
                              Data Ascii: T|9sZV@y~~-.-lOd}fsXwZfnp&=-OM8xxLvkX=M,Eci],+}|T2+6KP<P:K1Ntgh,@ceSy;oMXZ(G8Zm%bI,s{)I
                              Sep 30, 2024 02:59:20.526945114 CEST1236INData Raw: cb 7b d9 9e 06 3f f1 90 e7 10 ef 27 e0 d9 0a 7d 07 8c 00 33 5b 33 4f 80 f6 41 68 fb b7 5a 29 49 b1 11 dc 7b 1b ca 06 7a b4 b1 d2 74 b0 03 a4 07 1b 5c bc dd 4a 37 df 81 e7 0f 5e 68 cb e4 86 58 a9 51 7b 3c 7b 45 22 98 a9 f8 e6 4e 2b a5 75 b0 d2 2d
                              Data Ascii: {?'}3[3OAhZ)I{zt\J7^hXQ{<{E"N+u-wYvI:]/]af=Ev}`{Xd9~L0Q-!Vj'\/@6>OxP+D0|RV\V*Z
                              Sep 30, 2024 02:59:20.526957035 CEST1236INData Raw: 78 92 8d 56 83 ad a0 85 87 8d b6 81 ae f5 6c d4 13 ec 55 94 83 db ae b3 d1 c4 fa 36 da 04 4a 1a d8 a8 f1 0d 36 aa 02 b7 fb d8 28 a4 91 8d f6 dd 68 a3 c7 7d 6d 34 4b b1 18 b4 f2 b3 d1 83 60 71 13 1b 2d f0 b7 d1 12 90 dd 8c f9 08 2c 09 80 3f b0 ec
                              Data Ascii: xVlU6J6(h}m4K`q-,?6JZC ^-mS|AVL$xLTl{Z(oY6+`{;xx-sbGv6:|~6HiQx3:,}>FJAOU
                              Sep 30, 2024 02:59:20.526989937 CEST1236INData Raw: a4 be 10 d7 a7 01 53 a7 4d ee 4c 8d 3c ec 67 b7 78 90 99 da e0 f6 97 82 ed a6 8e d4 2d 0d 71 0f 78 10 95 f8 11 7d d2 90 68 c0 75 97 3c c4 8e 82 c7 f5 64 99 30 79 dc b4 ce d4 f0 ba 44 e8 5e 59 d7 63 52 0b c1 22 e8 52 3d 4f 4a 80 25 14 c4 81 30 90
                              Data Ascii: SML<gx-qx}hu<d0yD^YcR"R=OJ%0nUExpf93YM2=u3%YN2>hGRM~oP6E<Uz$:+5mD"pD<+GP|ThAp1#QX^;u6!/6
                              Sep 30, 2024 02:59:20.527002096 CEST1236INData Raw: 5d d8 d7 bf c4 e9 aa 94 4e a3 38 5e b5 a6 fb 11 b7 f5 10 9c 27 6b e3 99 68 db a2 1d 17 be c4 ed 38 92 6a b7 e3 e4 51 8e ed 38 1b fa 8b 60 0b d8 0d 8e 80 8f c1 17 e0 07 50 0d 1a 60 2e 68 06 da 80 50 70 0f 18 0c 6c 20 71 34 e7 4f e4 2b fd 41 c7 67
                              Data Ascii: ]N8^'kh8jQ8`P`.hPpl q4O+Ag4[]wJQWHS"kb^)Jp<\SCRTcb(k< cQ8}X0*E qa'/Yp%a4/=8OSh<Mq\-
                              Sep 30, 2024 02:59:20.531821012 CEST1236INData Raw: 99 ce aa 6f 81 55 07 d6 3a 7c 43 a4 7f 70 df cb b0 98 1d 74 6f 48 11 3c ff c1 ff 5e a7 d0 3d 55 5f 0c 9a 86 fc 1c 61 7f 95 a3 96 7b 65 21 6d ae c5 b1 2f ea 7d 2c 74 1a b7 f5 02 8b bd 8f a9 be e8 d4 27 b2 10 cf 24 fa 62 4d 9f 30 d6 63 7a df 3e 35
                              Data Ascii: oU:|CptoH<^=U_a{e!m/},t'$bM0cz>5o^E<R{1v}vh*++lVc-NdQR^S]wj;""_ek_%uRMXE3C?Y_]c31aWJs|tG2


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.449736103.21.58.228802872C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              Sep 30, 2024 03:00:03.759087086 CEST6OUTData Raw: 00
                              Data Ascii:


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              3192.168.2.44973823.94.221.14802872C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              Sep 30, 2024 03:00:04.971955061 CEST6OUTData Raw: 00
                              Data Ascii:


                              HTTPS Proxied Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.449742184.28.90.27443
                              TimestampBytes transferredDirectionData
                              2024-09-30 00:59:23 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              Accept-Encoding: identity
                              User-Agent: Microsoft BITS/7.8
                              Host: fs.microsoft.com
                              2024-09-30 00:59:23 UTC466INHTTP/1.1 200 OK
                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                              Content-Type: application/octet-stream
                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                              Server: ECAcc (lpl/EF67)
                              X-CID: 11
                              X-Ms-ApiVersion: Distribute 1.2
                              X-Ms-Region: prod-neu-z1
                              Cache-Control: public, max-age=56739
                              Date: Mon, 30 Sep 2024 00:59:23 GMT
                              Connection: close
                              X-CID: 2


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.449743184.28.90.27443
                              TimestampBytes transferredDirectionData
                              2024-09-30 00:59:24 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              Accept-Encoding: identity
                              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                              Range: bytes=0-2147483646
                              User-Agent: Microsoft BITS/7.8
                              Host: fs.microsoft.com
                              2024-09-30 00:59:24 UTC514INHTTP/1.1 200 OK
                              ApiVersion: Distribute 1.1
                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                              Content-Type: application/octet-stream
                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                              Server: ECAcc (lpl/EF06)
                              X-CID: 11
                              X-Ms-ApiVersion: Distribute 1.2
                              X-Ms-Region: prod-weu-z1
                              Cache-Control: public, max-age=56768
                              Date: Mon, 30 Sep 2024 00:59:24 GMT
                              Content-Length: 55
                              Connection: close
                              X-CID: 2
                              2024-09-30 00:59:24 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:20:59:10
                              Start date:29/09/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                              Imagebase:0x7ff76e190000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false

                              General

                              Target ID:2
                              Start time:20:59:15
                              Start date:29/09/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1940,i,4945317571024713380,2874552796453635385,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                              Imagebase:0x7ff76e190000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false

                              General

                              Target ID:3
                              Start time:20:59:17
                              Start date:29/09/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://jeevankiranfoundationcenter.co.in/css/rrp.htm"
                              Imagebase:0x7ff76e190000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:4
                              Start time:20:59:23
                              Start date:29/09/2024
                              Path:C:\Windows\SysWOW64\unarchiver.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\Tax Payment Challan.zip"
                              Imagebase:0x10000
                              File size:12'800 bytes
                              MD5 hash:16FF3CC6CC330A08EED70CBC1D35F5D2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:5
                              Start time:20:59:24
                              Start date:29/09/2024
                              Path:C:\Windows\SysWOW64\7za.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\e3mjp5er.s51" "C:\Users\user\Downloads\Tax Payment Challan.zip"
                              Imagebase:0x380000
                              File size:289'792 bytes
                              MD5 hash:77E556CDFDC5C592F5C46DB4127C6F4C
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:6
                              Start time:20:59:24
                              Start date:29/09/2024
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff7699e0000
                              File size:862'208 bytes
                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:7
                              Start time:20:59:24
                              Start date:29/09/2024
                              Path:C:\Windows\SysWOW64\cmd.exe
                              Wow64 process (32bit):true
                              Commandline:"cmd.exe" /C "C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe"
                              Imagebase:0x240000
                              File size:236'544 bytes
                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:8
                              Start time:20:59:24
                              Start date:29/09/2024
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff7699e0000
                              File size:862'208 bytes
                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:9
                              Start time:20:59:24
                              Start date:29/09/2024
                              Path:C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe"
                              Imagebase:0x400000
                              File size:1'815'762 bytes
                              MD5 hash:D251E27F5A696A3CE1068F768EF7CF15
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Kutaki, Description: Yara detected Kutaki Keylogger, Source: 00000009.00000000.1802887221.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Kutaki, Description: Yara detected Kutaki Keylogger, Source: 00000009.00000002.1819845941.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Kutaki, Description: Yara detected Kutaki Keylogger, Source: C:\Users\user\AppData\Local\Temp\e3mjp5er.s51\Tax Payment Challan.exe, Author: Joe Security
                              Antivirus matches:
                              • Detection: 100%, Avira
                              • Detection: 100%, Joe Sandbox ML
                              • Detection: 40%, Virustotal, Browse
                              • Detection: 45%, ReversingLabs
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:10
                              Start time:20:59:24
                              Start date:29/09/2024
                              Path:C:\Windows\SysWOW64\cmd.exe
                              Wow64 process (32bit):true
                              Commandline:cmd.exe /c C:\Users\user\AppData\Local\Temp\NewBitmapImage.bmp
                              Imagebase:0x240000
                              File size:236'544 bytes
                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:11
                              Start time:20:59:25
                              Start date:29/09/2024
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff7699e0000
                              File size:862'208 bytes
                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:12
                              Start time:20:59:25
                              Start date:29/09/2024
                              Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe"
                              Imagebase:0x400000
                              File size:1'815'762 bytes
                              MD5 hash:D251E27F5A696A3CE1068F768EF7CF15
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Kutaki, Description: Yara detected Kutaki Keylogger, Source: 0000000C.00000000.1812012344.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Kutaki, Description: Yara detected Kutaki Keylogger, Source: 0000000C.00000002.2537005341.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Kutaki, Description: Yara detected Kutaki Keylogger, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe, Author: Joe Security
                              Antivirus matches:
                              • Detection: 100%, Avira
                              • Detection: 100%, Joe Sandbox ML
                              • Detection: 45%, ReversingLabs
                              • Detection: 40%, Virustotal, Browse
                              Reputation:low
                              Has exited:false

                              General

                              Target ID:20
                              Start time:20:59:36
                              Start date:29/09/2024
                              Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfozupfk.exe"
                              Imagebase:0x400000
                              File size:1'815'762 bytes
                              MD5 hash:D251E27F5A696A3CE1068F768EF7CF15
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Kutaki, Description: Yara detected Kutaki Keylogger, Source: 00000014.00000002.1930374581.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Kutaki, Description: Yara detected Kutaki Keylogger, Source: 00000014.00000000.1925593595.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                              Reputation:low
                              Has exited:true

                              Disassembly

                              No disassembly