Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
badger_x64_stealth_rtl.bin.dll.dll

Overview

General Information

Sample name:badger_x64_stealth_rtl.bin.dll.dll
(renamed file extension from exe to dll)
Original sample name:badger_x64_stealth_rtl.bin.dll.exe
Analysis ID:1637286
MD5:decf7b259d75e0e499f44c5a915b3175
SHA1:af87c4222d4538fd4d43eaa0cb30974af08ea21e
SHA256:ba847f3edf4f9c540641c30f45e40baee8287d30d5aef59543d24f0375140f27
Tags:bazaarloaderbruteratelexeuser-cedricgmirror2
Infos:

Detection

BruteRatel
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected BruteRatel
Contains functionality to inject threads in other processes
Found direct / indirect Syscall (likely to bypass EDR)
Joe Sandbox ML detected suspicious sample
Modifies the context of a thread in another process (thread injection)
Sets debug register (to hijack the execution of another thread)
Sigma detected: CobaltStrike Load by Rundll32
Uses known network protocols on non-standard ports
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to query network adapater information
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain checking for process token information
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • loaddll64.exe (PID: 8008 cmdline: loaddll64.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52)
    • conhost.exe (PID: 8016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 8060 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • rundll32.exe (PID: 8084 cmdline: rundll32.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll",#1 MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 8068 cmdline: rundll32.exe C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll,DllMain MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 8156 cmdline: rundll32.exe C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll,StartW MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7580 cmdline: rundll32.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll",DllMain MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7596 cmdline: rundll32.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll",StartW MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Brute Ratel C4, BruteRatelBrute Ratel C4 (BRC4) is a commercial framework for red-teaming and adversarial attack simulation, which made its first appearance in December 2020. It was specifically designed to evade detection by endpoint detection and response (EDR) and antivirus (AV) capabilities. BRC4 allows operators to deploy a backdoor agent known as Badger (aka BOLDBADGER) within a target environment.This agent enables arbitrary command execution, facilitating lateral movement, privilege escalation, and the establishment of additional persistence avenues. The Badger backdoor agent can communicate with a remote server via DNS over HTTPS, HTTP, HTTPS, SMB, and TCP, using custom encrypted channels. It supports a variety of backdoor commands including shell command execution, file transfers, file execution, and credential harvesting. Additionally, the Badger agent can perform tasks such as port scanning, screenshot capturing, and keystroke logging. Notably, in September 2022, a cracked version of Brute Ratel C4 was leaked in the cybercriminal underground, leading to its use by threat actors.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.brute_ratel_c4

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.2422008141.0000022FBF16F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BruteRatel_2Yara detected BruteRatelJoe Security
    00000005.00000003.1188708860.0000022FC0D25000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
      00000008.00000003.1219889188.0000026626356000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
        00000000.00000003.1219643944.000002321C782000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          Process Memory Space: loaddll64.exe PID: 8008JoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            Click to see the 3 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: CobaltStrike Load by Rundll32
            Source: Process startedAuthor: Wojciech Lesicki: Data: Command: rundll32.exe C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll,StartW, CommandLine: rundll32.exe C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll,StartW, CommandLine|base64offset|contains: , Image: C:\Windows\System32\rundll32.exe, NewProcessName: C:\Windows\System32\rundll32.exe, OriginalFileName: C:\Windows\System32\rundll32.exe, ParentCommandLine: loaddll64.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll", ParentImage: C:\Windows\System32\loaddll64.exe, ParentProcessId: 8008, ParentProcessName: loaddll64.exe, ProcessCommandLine: rundll32.exe C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll,StartW, ProcessId: 8156, ProcessName: rundll32.exe

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: badger_x64_stealth_rtl.bin.dll.dllAvira: detected
            Antivirus detection for URL or domain
            Source: https://tiguanin.com:8041/AAvira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/bazar.php$Avira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/admin.phpxAvira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/admin.phpgUAvira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/bazar.phplAvira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/admin.phpDAvira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/bazar.php&Avira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/bazar.php.muipAvira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/bazar.phpfAvira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/bazar.php/Avira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/:Avira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/5Avira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/admin.phpFAvira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/=Avira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/admin.phpUAvira URL Cloud: Label: malware
            Source: https://tiguanin.com/bAvira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/bazar.phpgAvira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/bazar.phpkAvira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/1Avira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/UAvira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/bazar.phptAvira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/bazar.phpAvira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/%Avira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/bazar.phpJ=Avira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/IAvira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/dmin.phpAvira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/bazar.php.muiAvira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/&Avira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/admin.phpem32Avira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/admin.phpfAvira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/qAvira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/aAvira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/bazar.phpRAvira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/bazar.phpxAvira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/YAvira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/5Avira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/in.com:8041/.Avira URL Cloud: Label: malware
            Source: https://greshunka.com/Avira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/Avira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/azar.phpAvira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/bazar.phpDAvira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/admin.php6Avira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/bazar.php~=Avira URL Cloud: Label: malware
            Source: https://greshunka.com/5:Avira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/bazar.phpm:8041/bazar.phpAvira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/admin.phpAvira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/bazar.php7Avira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/bazar.phpfAvira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/admin.php;Avira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/bazar.phpeAvira URL Cloud: Label: malware
            Source: https://tiguanin.com/V=6Avira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/IAvira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/bazar.php;Avira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/bazar.phpiAvira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/bazar.php0Avira URL Cloud: Label: malware
            Source: https://bazarunet.com/Avira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/bazar.phphAvira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/admin.phpAAvira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/bazar.phplAvira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/Avira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/azar.phpAvira URL Cloud: Label: malware
            Source: https://tiguanin.com/Avira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/admin.phpqUAvira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/AppDataAvira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/admin.phpD=Avira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/admin.phpD=Avira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/bazar.php/Avira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/bazar.phpAvira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/admin.php:=RAvira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/bazar.phpAvira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/nka.com:8041/admin.phpAvira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/admin.phplAvira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/in.com:8041/Avira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/bazar.phpJAvira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/admin.php)Avira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/bazar.phpHAvira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/5Avira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/azar.php.Avira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/admin.phpeAvira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/nkAvira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/admin.php2Avira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/admin.phpAvira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/pAvira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/bazar.php;Avira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/admin.phpV=6Avira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/bazar.phpXAvira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/nka.com:8041/Avira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/admin.phpAvira URL Cloud: Label: malware
            Source: https://greshunka.com:8041/Avira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/nka.com:8041/Avira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/in.com:8041/.Avira URL Cloud: Label: malware
            Source: https://tiguanin.com:8041/bazar.phpRAvira URL Cloud: Label: malware
            Source: https://bazarunet.com:8041/AppDataAvira URL Cloud: Label: malware
            Multi AV Scanner detection for submitted file
            Source: badger_x64_stealth_rtl.bin.dll.dllVirustotal: Detection: 79%Perma Link
            Source: badger_x64_stealth_rtl.bin.dll.dllReversingLabs: Detection: 76%
            Joe Sandbox ML detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Source: badger_x64_stealth_rtl.bin.dll.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: kernel32.pdbUGP source: loaddll64.exe, 00000000.00000002.1220566576.000002321C680000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1199622220.0000022FC0C21000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1222841274.0000026626051000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: kernelbase.pdbUGP source: loaddll64.exe, 00000000.00000003.1219643944.000002321C782000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1188708860.0000022FC0D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1219889188.0000026626356000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: ntdll.pdb source: loaddll64.exe, 00000000.00000003.1218432026.000002321C685000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.1158677259.000002632B8A9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1158383010.000001337AB98000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1188400593.0000022FC0C2E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1218675221.0000028957EB2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1218727097.0000026626055000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: ntdll.pdbUGP source: loaddll64.exe, 00000000.00000003.1218432026.000002321C685000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.1158677259.000002632B8A9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1158383010.000001337AB98000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1188400593.0000022FC0C2E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1218675221.0000028957EB2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1218727097.0000026626055000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: kernel32.pdb source: loaddll64.exe, 00000000.00000002.1220566576.000002321C680000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1199622220.0000022FC0C21000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1222841274.0000026626051000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: kernelbase.pdb source: loaddll64.exe, 00000000.00000003.1219643944.000002321C782000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1188708860.0000022FC0D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1219889188.0000026626356000.00000004.00000020.00020000.00000000.sdmp

            Networking

            barindex
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\System32\rundll32.exeNetwork Connect: 82.115.223.39 8041Jump to behavior
            Source: C:\Windows\System32\rundll32.exeNetwork Connect: 80.78.24.30 8041Jump to behavior
            Uses known network protocols on non-standard ports
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49724
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49726
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49745
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49779
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49781
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49784
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49785
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49792
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49794
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49795
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49798
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49800
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49801
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49803
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49804
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49806
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49807
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49809
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49810
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49812
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49813
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49814
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49815
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49818
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49819
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49821
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49822
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49828
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49829
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49832
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49834
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49836
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49838
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49840
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49842
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49853
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49854
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49857
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49858
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49860
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49861
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49863
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49864
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49866
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49867
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49869
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49870
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49871
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49873
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49878
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49879
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49880
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49881
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49884
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49885
            Source: global trafficTCP traffic: 192.168.2.4:49724 -> 80.78.24.30:8041
            Source: global trafficTCP traffic: 192.168.2.4:49732 -> 82.115.223.39:8041
            Source: Joe Sandbox ViewIP Address: 82.115.223.39 82.115.223.39
            Source: Joe Sandbox ViewIP Address: 80.78.24.30 80.78.24.30
            Source: Joe Sandbox ViewIP Address: 80.78.24.30 80.78.24.30
            Source: Joe Sandbox ViewASN Name: MIDNET-ASTK-TelecomRU MIDNET-ASTK-TelecomRU
            Source: Joe Sandbox ViewASN Name: CYBERDYNELR CYBERDYNELR
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficDNS traffic detected: DNS query: tiguanin.com
            Source: global trafficDNS traffic detected: DNS query: bazarunet.com
            Source: global trafficDNS traffic detected: DNS query: greshunka.com
            Source: rundll32.exe, 00000005.00000003.1470533154.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1519447709.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1358846480.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1407276530.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288649167.000002662605C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com/
            Source: rundll32.exe, 00000005.00000003.1407276530.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288649167.000002662605C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662607A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1390370915.000002662607A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662607A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/
            Source: rundll32.exe, 00000005.00000003.1470533154.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1519447709.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1407276530.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/5
            Source: rundll32.exe, 00000005.00000003.1358846480.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/AppData
            Source: rundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/I
            Source: rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/Y
            Source: rundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1407235703.0000022FC0C5E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1470533154.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1398680355.0000022FC0C5E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1470533154.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288649167.000002662605C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.php
            Source: rundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.php6
            Source: rundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288649167.000002662605C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.php:=R
            Source: rundll32.exe, 00000008.00000003.1288649167.000002662605C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.phpD=
            Source: rundll32.exe, 00000005.00000002.2422820899.0000022FC0C22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.phpF
            Source: rundll32.exe, 00000005.00000003.1407276530.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1470533154.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.phpe
            Source: rundll32.exe, 00000005.00000003.1470533154.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.phpem32
            Source: rundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.phpl
            Source: rundll32.exe, 00000005.00000003.1392321407.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1358833561.0000022FC0C5E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1360003153.0000026626089000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1353770640.0000026626089000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1844456570.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1390355797.0000026626089000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1811391840.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1599608196.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1748279732.0000026626088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.php
            Source: rundll32.exe, 00000008.00000003.1844456570.0000026626088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.php0
            Source: rundll32.exe, 00000008.00000002.2422408124.0000026626079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.php7
            Source: rundll32.exe, 00000008.00000003.1748279732.0000026626088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.php;
            Source: rundll32.exe, 00000005.00000003.1358833561.0000022FC0C5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.phpD
            Source: rundll32.exe, 00000008.00000003.1811391840.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1748279732.0000026626088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.phpR
            Source: rundll32.exe, 00000008.00000003.1599608196.0000026626088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.phpg
            Source: rundll32.exe, 00000005.00000003.1358846480.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1407276530.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2094052115.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1519447709.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2422820899.0000022FC0C22000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1470533154.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.phpk
            Source: rundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.php~=
            Source: rundll32.exe, 00000005.00000003.1407276530.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1470533154.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/dmin.php
            Source: rundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/nka.com:8041/
            Source: rundll32.exe, 00000008.00000002.2422408124.0000026626079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/q
            Source: rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com/
            Source: rundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com/5:
            Source: rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626079000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662607A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/
            Source: rundll32.exe, 00000005.00000003.1470533154.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1519447709.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1407276530.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/%
            Source: rundll32.exe, 00000005.00000003.1519447709.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/&
            Source: rundll32.exe, 00000005.00000003.1470533154.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1519447709.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1407276530.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/1
            Source: rundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/5
            Source: rundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/a
            Source: rundll32.exe, 00000008.00000003.1528807891.000002662607A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/admin.php
            Source: rundll32.exe, 00000005.00000003.2094052115.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1519447709.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2422820899.0000022FC0C22000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/admin.php;
            Source: rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/admin.phpA
            Source: rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/admin.phpD=
            Source: rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/admin.phpV=6
            Source: rundll32.exe, 00000008.00000002.2421895839.00000266246B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/admin.phpx
            Source: rundll32.exe, 00000005.00000003.1407276530.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/azar.php
            Source: rundll32.exe, 00000008.00000003.1327035826.0000026626089000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.php
            Source: rundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.php$
            Source: rundll32.exe, 00000005.00000003.2094052115.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2422820899.0000022FC0C22000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.php&
            Source: rundll32.exe, 00000005.00000003.1322585214.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1346012770.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.php.mui
            Source: rundll32.exe, 00000005.00000003.1322585214.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.php.muip
            Source: rundll32.exe, 00000005.00000003.1292025266.0000022FC0C5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1275952668.0000022FC0C5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1322539060.0000022FC0C5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.php/
            Source: rundll32.exe, 00000005.00000003.1392321407.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.php;
            Source: rundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.phpJ
            Source: rundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.phpJ=
            Source: rundll32.exe, 00000005.00000003.1392321407.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.phpe
            Source: rundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.phpf
            Source: rundll32.exe, 00000008.00000003.1672357732.0000026626088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.phph
            Source: rundll32.exe, 00000005.00000003.1392321407.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.phpi
            Source: rundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.phpl
            Source: rundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.phpm:8041/bazar.php
            Source: rundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.phpx
            Source: rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/in.com:8041/.
            Source: rundll32.exe, 00000005.00000003.2094052115.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/nk
            Source: rundll32.exe, 00000005.00000003.1519447709.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/nka.com:8041/admin.php
            Source: rundll32.exe, 00000008.00000003.1456156800.000002662607A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com/
            Source: rundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com/V=6
            Source: rundll32.exe, 00000005.00000003.1358846480.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1407276530.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2094052115.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1519447709.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2422820899.0000022FC0C22000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1322585214.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1256467181.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1470533154.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1346012770.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com/b
            Source: rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/
            Source: rundll32.exe, 00000005.00000003.1346012770.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/5
            Source: rundll32.exe, 00000005.00000003.1256467181.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/:
            Source: rundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/=
            Source: rundll32.exe, 00000005.00000003.1519447709.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/A
            Source: rundll32.exe, 00000005.00000003.1322585214.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1256467181.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1346012770.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/AppData
            Source: rundll32.exe, 00000008.00000002.2422408124.0000026626079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/I
            Source: rundll32.exe, 00000008.00000003.1528807891.000002662607A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662607A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/U
            Source: rundll32.exe, 00000008.00000003.1456156800.000002662607A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1811391840.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1704975885.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1748279732.0000026626088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.php
            Source: rundll32.exe, 00000005.00000003.1345981976.0000022FC0C5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.php)
            Source: rundll32.exe, 00000008.00000002.2422408124.0000026626079000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662607A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662607A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.php2
            Source: rundll32.exe, 00000005.00000003.1345981976.0000022FC0C5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.phpD
            Source: rundll32.exe, 00000008.00000003.1456138536.0000026626089000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1396754431.0000026626089000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1403153176.0000026626089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.phpU
            Source: rundll32.exe, 00000008.00000003.1456138536.0000026626089000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1396754431.0000026626089000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1403153176.0000026626089000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1867333603.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1811391840.0000026626088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.phpf
            Source: rundll32.exe, 00000005.00000002.2422008141.0000022FBF16F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.phpgU
            Source: rundll32.exe, 00000005.00000002.2422008141.0000022FBF16F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.phpqU
            Source: rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/azar.php
            Source: rundll32.exe, 00000005.00000002.2422820899.0000022FC0C22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/azar.php.
            Source: rundll32.exe, 00000008.00000002.2422408124.0000026626079000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1844456570.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1867333603.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1672357732.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1535482489.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542184485.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1811391840.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1704975885.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1599608196.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1748279732.0000026626088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/bazar.php
            Source: rundll32.exe, 00000005.00000003.1519447709.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1556192704.0000022FC0C5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037529076.0000022FC0C5E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1982872875.0000022FC0C5E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1957812418.0000022FC0C5E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1613791133.0000022FC0C5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/bazar.php/
            Source: rundll32.exe, 00000005.00000003.2094052115.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/bazar.phpF
            Source: rundll32.exe, 00000005.00000003.1519447709.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/bazar.phpH
            Source: rundll32.exe, 00000005.00000003.1519447709.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/bazar.phpR
            Source: rundll32.exe, 00000008.00000002.2422408124.0000026626079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/bazar.phpX
            Source: rundll32.exe, 00000008.00000002.2422408124.0000026626079000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1844456570.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1867333603.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1672357732.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1535482489.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542184485.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1811391840.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1704975885.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1599608196.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1748279732.0000026626088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/bazar.phpf
            Source: rundll32.exe, 00000008.00000002.2422408124.0000026626079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/bazar.phpl
            Source: rundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/bazar.phpt
            Source: rundll32.exe, 00000005.00000002.2422820899.0000022FC0C22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/in.com:8041/
            Source: rundll32.exe, 00000005.00000003.2094052115.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/in.com:8041/.
            Source: rundll32.exe, 00000005.00000003.1358846480.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1407276530.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1470533154.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1346012770.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/nka.com:8041/
            Source: rundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/p
            Source: loaddll64.exe, 00000000.00000003.1219643944.000002321C782000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_a5d7b8df-8
            Source: loaddll64.exe, 00000000.00000003.1219643944.000002321C782000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_3525e09e-6
            Source: Yara matchFile source: 00000005.00000003.1188708860.0000022FC0D25000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.1219889188.0000026626356000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.1219643944.000002321C782000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: loaddll64.exe PID: 8008, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 8156, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7596, type: MEMORYSTR
            Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_000002321C5DDA6E NtProtectVirtualMemory,0_2_000002321C5DDA6E
            Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_000002321C5DD9FE NtOpenFile,0_2_000002321C5DD9FE
            Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_000002321C5DDACE NtReadFile,0_2_000002321C5DDACE
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000026329F3D9FE NtOpenFile,3_2_0000026329F3D9FE
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000026329F3DACE NtReadFile,3_2_0000026329F3DACE
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001337939D9FE NtOpenFile,4_2_000001337939D9FE
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001337939DA6E NtProtectVirtualMemory,4_2_000001337939DA6E
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001337939DACE NtReadFile,4_2_000001337939DACE
            Source: C:\Windows\System32\rundll32.exeCode function: 5_3_0000022FBF31D98E NtAllocateVirtualMemory,5_3_0000022FBF31D98E
            Source: C:\Windows\System32\rundll32.exeCode function: 5_3_0000022FBF31DA6E NtProtectVirtualMemory,5_3_0000022FBF31DA6E
            Source: C:\Windows\System32\rundll32.exeCode function: 5_3_0000022FBF31DACE NtReadFile,5_3_0000022FBF31DACE
            Source: C:\Windows\System32\rundll32.exeCode function: 5_3_0000022FBF31D9FE NtOpenFile,5_3_0000022FBF31D9FE
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D38149 NtSetContextThread,5_2_0000022FC0D38149
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D545F0 NtDuplicateObject,5_2_0000022FC0D545F0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D355C0 NtClose,NtTerminateThread,5_2_0000022FC0D355C0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D551C0 NtReadVirtualMemory,5_2_0000022FC0D551C0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D271B0 NtClose,5_2_0000022FC0D271B0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D54740 NtFreeVirtualMemory,5_2_0000022FC0D54740
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D37A50 NtSetContextThread,5_2_0000022FC0D37A50
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D54BE0 NtProtectVirtualMemory,5_2_0000022FC0D54BE0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D54FF0 NtQueueApcThread,5_2_0000022FC0D54FF0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D3F3A0 CreateToolhelp32Snapshot,Thread32First,NtSuspendThread,NtResumeThread,Thread32Next,NtClose,5_2_0000022FC0D3F3A0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D54360 NtCreateThreadEx,5_2_0000022FC0D54360
            Source: C:\Windows\System32\rundll32.exeCode function: 7_2_000002895650DACE NtReadFile,7_2_000002895650DACE
            Source: C:\Windows\System32\rundll32.exeCode function: 7_2_000002895650DA6E NtProtectVirtualMemory,7_2_000002895650DA6E
            Source: C:\Windows\System32\rundll32.exeCode function: 7_2_000002895650D9FE NtOpenFile,7_2_000002895650D9FE
            Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000002662484DA6E NtProtectVirtualMemory,8_3_000002662484DA6E
            Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000002662484D98E NtAllocateVirtualMemory,8_3_000002662484D98E
            Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000002662484DACE NtReadFile,8_3_000002662484DACE
            Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000002662484D9FE NtOpenFile,8_3_000002662484D9FE
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D355C05_2_0000022FC0D355C0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D391205_2_0000022FC0D39120
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D3B4E05_2_0000022FC0D3B4E0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D3A1005_2_0000022FC0D3A100
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D295005_2_0000022FC0D29500
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D514905_2_0000022FC0D51490
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D472205_2_0000022FC0D47220
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D502105_2_0000022FC0D50210
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D4B5E05_2_0000022FC0D4B5E0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D455E05_2_0000022FC0D455E0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D299D05_2_0000022FC0D299D0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D34DB05_2_0000022FC0D34DB0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D25D605_2_0000022FC0D25D60
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D445505_2_0000022FC0D44550
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D51F405_2_0000022FC0D51F40
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D2A7305_2_0000022FC0D2A730
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D466E05_2_0000022FC0D466E0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D3BED05_2_0000022FC0D3BED0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D316A05_2_0000022FC0D316A0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D342A05_2_0000022FC0D342A0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D482A05_2_0000022FC0D482A0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D266C05_2_0000022FC0D266C0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D528125_2_0000022FC0D52812
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D3CBE05_2_0000022FC0D3CBE0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D413A35_2_0000022FC0D413A3
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D4FBC05_2_0000022FC0D4FBC0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D42BB05_2_0000022FC0D42BB0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D52F605_2_0000022FC0D52F60
            Source: badger_x64_stealth_rtl.bin.dll.dllStatic PE information: Number of sections : 12 > 10
            Source: classification engineClassification label: mal100.troj.evad.winDLL@14/0@7/2
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D3F3A0 CreateToolhelp32Snapshot,Thread32First,NtSuspendThread,NtResumeThread,Thread32Next,NtClose,5_2_0000022FC0D3F3A0
            Source: C:\Windows\System32\rundll32.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8016:120:WilError_03
            Source: badger_x64_stealth_rtl.bin.dll.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Windows\System32\loaddll64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll,DllMain
            Source: badger_x64_stealth_rtl.bin.dll.dllVirustotal: Detection: 79%
            Source: badger_x64_stealth_rtl.bin.dll.dllReversingLabs: Detection: 76%
            Source: unknownProcess created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll"
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll",#1
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll,DllMain
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll",#1
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll,StartW
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll",DllMain
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll",StartW
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll",#1Jump to behavior
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll,DllMainJump to behavior
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll,StartWJump to behavior
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll",DllMainJump to behavior
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll",StartWJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll",#1Jump to behavior
            Source: C:\Windows\System32\loaddll64.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\System32\loaddll64.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
            Source: badger_x64_stealth_rtl.bin.dll.dllStatic PE information: Image base 0x2e4d10000 > 0x60000000
            Source: badger_x64_stealth_rtl.bin.dll.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: kernel32.pdbUGP source: loaddll64.exe, 00000000.00000002.1220566576.000002321C680000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1199622220.0000022FC0C21000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1222841274.0000026626051000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: kernelbase.pdbUGP source: loaddll64.exe, 00000000.00000003.1219643944.000002321C782000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1188708860.0000022FC0D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1219889188.0000026626356000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: ntdll.pdb source: loaddll64.exe, 00000000.00000003.1218432026.000002321C685000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.1158677259.000002632B8A9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1158383010.000001337AB98000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1188400593.0000022FC0C2E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1218675221.0000028957EB2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1218727097.0000026626055000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: ntdll.pdbUGP source: loaddll64.exe, 00000000.00000003.1218432026.000002321C685000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.1158677259.000002632B8A9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1158383010.000001337AB98000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1188400593.0000022FC0C2E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1218675221.0000028957EB2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1218727097.0000026626055000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: kernel32.pdb source: loaddll64.exe, 00000000.00000002.1220566576.000002321C680000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1199622220.0000022FC0C21000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1222841274.0000026626051000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: kernelbase.pdb source: loaddll64.exe, 00000000.00000003.1219643944.000002321C782000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1188708860.0000022FC0D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1219889188.0000026626356000.00000004.00000020.00020000.00000000.sdmp
            Source: badger_x64_stealth_rtl.bin.dll.dllStatic PE information: real checksum: 0x4339e should be: 0x4a228
            Source: badger_x64_stealth_rtl.bin.dll.dllStatic PE information: section name: .xdata
            Source: badger_x64_stealth_rtl.bin.dll.dllStatic PE information: section name: .foo

            Hooking and other Techniques for Hiding and Protection

            barindex
            Uses known network protocols on non-standard ports
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49724
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49726
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49745
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49779
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49781
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49784
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49785
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49792
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49794
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49795
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49798
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49800
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49801
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49803
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49804
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49806
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49807
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49809
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49810
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49812
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49813
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49814
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49815
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49818
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49819
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49821
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49822
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49828
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49829
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49832
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49834
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49836
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49838
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49840
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49842
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49853
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49854
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49857
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49858
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49860
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49861
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49863
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49864
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49866
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49867
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49869
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49870
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49871
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49873
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49878
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49879
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49880
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49881
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49884
            Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49885
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeCode function: GetUserNameW,GetComputerNameExW,GetComputerNameExW,GetTokenInformation,GetNativeSystemInfo,GetAdaptersInfo,GetAdaptersInfo,5_2_0000022FC0D44D00
            Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 1781Jump to behavior
            Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 8091Jump to behavior
            Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 2438Jump to behavior
            Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 7450Jump to behavior
            Source: C:\Windows\System32\rundll32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_5-17933
            Source: C:\Windows\System32\loaddll64.exe TID: 8012Thread sleep time: -120000s >= -30000sJump to behavior
            Source: C:\Windows\System32\rundll32.exe TID: 8160Thread sleep count: 1781 > 30Jump to behavior
            Source: C:\Windows\System32\rundll32.exe TID: 8160Thread sleep time: -106860000s >= -30000sJump to behavior
            Source: C:\Windows\System32\rundll32.exe TID: 8160Thread sleep count: 8091 > 30Jump to behavior
            Source: C:\Windows\System32\rundll32.exe TID: 8160Thread sleep time: -485460000s >= -30000sJump to behavior
            Source: C:\Windows\System32\rundll32.exe TID: 7600Thread sleep count: 2438 > 30Jump to behavior
            Source: C:\Windows\System32\rundll32.exe TID: 7600Thread sleep time: -146280000s >= -30000sJump to behavior
            Source: C:\Windows\System32\rundll32.exe TID: 7600Thread sleep count: 7450 > 30Jump to behavior
            Source: C:\Windows\System32\rundll32.exe TID: 7600Thread sleep time: -447000000s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
            Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\loaddll64.exeThread delayed: delay time: 120000Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 60000Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 60000Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 60000Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 60000Jump to behavior
            Source: rundll32.exe, 00000008.00000002.2422408124.0000026626079000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288649167.000002662607A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662607A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1390370915.000002662607A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662607A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW3-
            Source: rundll32.exe, 00000008.00000003.1219889188.0000026626356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
            Source: rundll32.exe, 00000005.00000003.1470533154.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1519447709.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1358846480.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1407276530.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1346012770.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1322585214.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: rundll32.exe, 00000008.00000003.1219889188.0000026626356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
            Source: rundll32.exe, 00000005.00000002.2422008141.0000022FBF16F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0>
            Source: rundll32.exe, 00000005.00000003.1470533154.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1519447709.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1358846480.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1407276530.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1346012770.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1322585214.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW]
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D2CCE0 LdrGetProcedureAddress,5_2_0000022FC0D2CCE0
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00007FFCAC161470 SetLastError,OutputDebugStringA,GetLastError,Sleep,SleepEx,5_2_00007FFCAC161470

            HIPS / PFW / Operating System Protection Evasion

            barindex
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\System32\rundll32.exeNetwork Connect: 82.115.223.39 8041Jump to behavior
            Source: C:\Windows\System32\rundll32.exeNetwork Connect: 80.78.24.30 8041Jump to behavior
            Contains functionality to inject threads in other processes
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00007FFCAC161380 Sleep,SleepEx,VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,5_2_00007FFCAC161380
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Windows\System32\loaddll64.exeNtOpenFile: Indirect: 0x2321C5DDA67Jump to behavior
            Source: C:\Windows\System32\loaddll64.exeNtReadFile: Indirect: 0x2321C5DDB8EJump to behavior
            Source: C:\Windows\System32\loaddll64.exeNtProtectVirtualMemory: Indirect: 0x2321C5DDAC3Jump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 8084Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 8084Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 7580Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 7580Jump to behavior
            Sets debug register (to hijack the execution of another thread)
            Source: C:\Windows\System32\rundll32.exeThread register set: 8084 1Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll",#1Jump to behavior
            Source: C:\Windows\System32\rundll32.exeCode function: 5_2_0000022FC0D44D00 GetUserNameW,GetComputerNameExW,GetComputerNameExW,GetTokenInformation,GetNativeSystemInfo,GetAdaptersInfo,GetAdaptersInfo,5_2_0000022FC0D44D00

            Stealing of Sensitive Information

            barindex
            Yara detected BruteRatel
            Source: Yara matchFile source: 00000005.00000002.2422008141.0000022FBF16F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 8156, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected BruteRatel
            Source: Yara matchFile source: 00000005.00000002.2422008141.0000022FBF16F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 8156, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Windows Management Instrumentation            		1
            DLL Side-Loading            		411
            Process Injection            		11
            Virtualization/Sandbox Evasion            		21
            Input Capture            		11
            Security Software Discovery            		Remote Services21
            Input Capture            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Native API            		Boot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		411
            Process Injection            		LSASS Memory11
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Archive Collected Data            		11
            Non-Standard Port            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		Security Account Manager1
            Process Discovery            		SMB/Windows Admin SharesData from Network Shared Drive1
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Rundll32            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture1
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            DLL Side-Loading            		LSA Secrets1
            Account Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
            System Owner/User Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
            System Network Configuration Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem11
            System Information Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            badger_x64_stealth_rtl.bin.dll.dll79%VirustotalBrowse
            badger_x64_stealth_rtl.bin.dll.dll76%ReversingLabsWin64.Hacktool.Bruterat
            badger_x64_stealth_rtl.bin.dll.dll100%AviraTR/AVI.Agent.boxen

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://tiguanin.com:8041/A100%Avira URL Cloudmalware
            https://greshunka.com:8041/bazar.php$100%Avira URL Cloudmalware
            https://greshunka.com:8041/admin.phpx100%Avira URL Cloudmalware
            https://tiguanin.com:8041/admin.phpgU100%Avira URL Cloudmalware
            https://tiguanin.com:8041/bazar.phpl100%Avira URL Cloudmalware
            https://tiguanin.com:8041/admin.phpD100%Avira URL Cloudmalware
            https://greshunka.com:8041/bazar.php&100%Avira URL Cloudmalware
            https://greshunka.com:8041/bazar.php.muip100%Avira URL Cloudmalware
            https://tiguanin.com:8041/bazar.phpf100%Avira URL Cloudmalware
            https://greshunka.com:8041/bazar.php/100%Avira URL Cloudmalware
            https://tiguanin.com:8041/:100%Avira URL Cloudmalware
            https://greshunka.com:8041/5100%Avira URL Cloudmalware
            https://bazarunet.com:8041/admin.phpF100%Avira URL Cloudmalware
            https://tiguanin.com:8041/=100%Avira URL Cloudmalware
            https://tiguanin.com:8041/admin.phpU100%Avira URL Cloudmalware
            https://tiguanin.com/b100%Avira URL Cloudmalware
            https://bazarunet.com:8041/bazar.phpg100%Avira URL Cloudmalware
            https://bazarunet.com:8041/bazar.phpk100%Avira URL Cloudmalware
            https://greshunka.com:8041/1100%Avira URL Cloudmalware
            https://tiguanin.com:8041/U100%Avira URL Cloudmalware
            https://tiguanin.com:8041/bazar.phpt100%Avira URL Cloudmalware
            https://tiguanin.com:8041/bazar.php100%Avira URL Cloudmalware
            https://greshunka.com:8041/%100%Avira URL Cloudmalware
            https://greshunka.com:8041/bazar.phpJ=100%Avira URL Cloudmalware
            https://tiguanin.com:8041/I100%Avira URL Cloudmalware
            https://bazarunet.com:8041/dmin.php100%Avira URL Cloudmalware
            https://greshunka.com:8041/bazar.php.mui100%Avira URL Cloudmalware
            https://greshunka.com:8041/&100%Avira URL Cloudmalware
            https://bazarunet.com:8041/admin.phpem32100%Avira URL Cloudmalware
            https://tiguanin.com:8041/admin.phpf100%Avira URL Cloudmalware
            https://bazarunet.com:8041/q100%Avira URL Cloudmalware
            https://greshunka.com:8041/a100%Avira URL Cloudmalware
            https://bazarunet.com:8041/bazar.phpR100%Avira URL Cloudmalware
            https://greshunka.com:8041/bazar.phpx100%Avira URL Cloudmalware
            https://bazarunet.com:8041/Y100%Avira URL Cloudmalware
            https://tiguanin.com:8041/5100%Avira URL Cloudmalware
            https://greshunka.com:8041/in.com:8041/.100%Avira URL Cloudmalware
            https://greshunka.com/100%Avira URL Cloudmalware
            https://bazarunet.com:8041/100%Avira URL Cloudmalware
            https://greshunka.com:8041/azar.php100%Avira URL Cloudmalware
            https://bazarunet.com:8041/bazar.phpD100%Avira URL Cloudmalware
            https://bazarunet.com:8041/admin.php6100%Avira URL Cloudmalware
            https://bazarunet.com:8041/bazar.php~=100%Avira URL Cloudmalware
            https://greshunka.com/5:100%Avira URL Cloudmalware
            https://greshunka.com:8041/bazar.phpm:8041/bazar.php100%Avira URL Cloudmalware
            https://tiguanin.com:8041/admin.php100%Avira URL Cloudmalware
            https://bazarunet.com:8041/bazar.php7100%Avira URL Cloudmalware
            https://greshunka.com:8041/bazar.phpf100%Avira URL Cloudmalware
            https://greshunka.com:8041/admin.php;100%Avira URL Cloudmalware
            https://greshunka.com:8041/bazar.phpe100%Avira URL Cloudmalware
            https://tiguanin.com/V=6100%Avira URL Cloudmalware
            https://bazarunet.com:8041/I100%Avira URL Cloudmalware
            https://bazarunet.com:8041/bazar.php;100%Avira URL Cloudmalware
            https://greshunka.com:8041/bazar.phpi100%Avira URL Cloudmalware
            https://bazarunet.com:8041/bazar.php0100%Avira URL Cloudmalware
            https://bazarunet.com/100%Avira URL Cloudmalware
            https://greshunka.com:8041/bazar.phph100%Avira URL Cloudmalware
            https://greshunka.com:8041/admin.phpA100%Avira URL Cloudmalware
            https://greshunka.com:8041/bazar.phpl100%Avira URL Cloudmalware
            https://tiguanin.com:8041/100%Avira URL Cloudmalware
            https://tiguanin.com:8041/azar.php100%Avira URL Cloudmalware
            https://tiguanin.com/100%Avira URL Cloudmalware
            https://tiguanin.com:8041/admin.phpqU100%Avira URL Cloudmalware
            https://tiguanin.com:8041/AppData100%Avira URL Cloudmalware
            https://greshunka.com:8041/admin.phpD=100%Avira URL Cloudmalware
            https://bazarunet.com:8041/admin.phpD=100%Avira URL Cloudmalware
            https://tiguanin.com:8041/bazar.php/100%Avira URL Cloudmalware
            https://greshunka.com:8041/bazar.php100%Avira URL Cloudmalware
            https://bazarunet.com:8041/admin.php:=R100%Avira URL Cloudmalware
            https://bazarunet.com:8041/bazar.php100%Avira URL Cloudmalware
            https://greshunka.com:8041/nka.com:8041/admin.php100%Avira URL Cloudmalware
            https://bazarunet.com:8041/admin.phpl100%Avira URL Cloudmalware
            https://tiguanin.com:8041/in.com:8041/100%Avira URL Cloudmalware
            https://greshunka.com:8041/bazar.phpJ100%Avira URL Cloudmalware
            https://tiguanin.com:8041/admin.php)100%Avira URL Cloudmalware
            https://tiguanin.com:8041/bazar.phpH100%Avira URL Cloudmalware
            https://bazarunet.com:8041/5100%Avira URL Cloudmalware
            https://tiguanin.com:8041/azar.php.100%Avira URL Cloudmalware
            https://bazarunet.com:8041/admin.phpe100%Avira URL Cloudmalware
            https://greshunka.com:8041/nk100%Avira URL Cloudmalware
            https://tiguanin.com:8041/admin.php2100%Avira URL Cloudmalware
            https://greshunka.com:8041/admin.php100%Avira URL Cloudmalware
            https://tiguanin.com:8041/p100%Avira URL Cloudmalware
            https://greshunka.com:8041/bazar.php;100%Avira URL Cloudmalware
            https://greshunka.com:8041/admin.phpV=6100%Avira URL Cloudmalware
            https://tiguanin.com:8041/bazar.phpX100%Avira URL Cloudmalware
            https://bazarunet.com:8041/nka.com:8041/100%Avira URL Cloudmalware
            https://bazarunet.com:8041/admin.php100%Avira URL Cloudmalware
            https://greshunka.com:8041/100%Avira URL Cloudmalware
            https://tiguanin.com:8041/nka.com:8041/100%Avira URL Cloudmalware
            https://tiguanin.com:8041/in.com:8041/.100%Avira URL Cloudmalware
            https://tiguanin.com:8041/bazar.phpR100%Avira URL Cloudmalware
            https://bazarunet.com:8041/AppData100%Avira URL Cloudmalware

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            greshunka.com
            		82.115.223.39
            		truetrue
              		unknown
              tiguanin.com
              		80.78.24.30
              		truetrue
                		unknown
                bazarunet.com
                		80.78.24.30
                		truetrue
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://tiguanin.com:8041/admin.phpDrundll32.exe, 00000005.00000003.1345981976.0000022FC0C5F000.00000004.00000020.00020000.00000000.sdmptrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/bazar.php&rundll32.exe, 00000005.00000003.2094052115.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2422820899.0000022FC0C22000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmptrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/bazar.phplrundll32.exe, 00000008.00000002.2422408124.0000026626079000.00000004.00000020.00020000.00000000.sdmptrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/bazar.php$rundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmptrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/bazar.php.muiprundll32.exe, 00000005.00000003.1322585214.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmptrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/Arundll32.exe, 00000005.00000003.1519447709.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmptrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/admin.phpgUrundll32.exe, 00000005.00000002.2422008141.0000022FBF16F000.00000004.00000020.00020000.00000000.sdmptrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/admin.phpxrundll32.exe, 00000008.00000002.2421895839.00000266246B8000.00000004.00000020.00020000.00000000.sdmptrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/bazar.php/rundll32.exe, 00000005.00000003.1292025266.0000022FC0C5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1275952668.0000022FC0C5F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1322539060.0000022FC0C5F000.00000004.00000020.00020000.00000000.sdmptrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/bazar.phpfrundll32.exe, 00000008.00000002.2422408124.0000026626079000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1844456570.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1867333603.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1672357732.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1535482489.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542184485.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1811391840.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1704975885.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1599608196.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1748279732.0000026626088000.00000004.00000020.00020000.00000000.sdmptrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/:rundll32.exe, 00000005.00000003.1256467181.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/admin.phpFrundll32.exe, 00000005.00000002.2422820899.0000022FC0C22000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/5rundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/=rundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/admin.phpUrundll32.exe, 00000008.00000003.1456138536.0000026626089000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1396754431.0000026626089000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1403153176.0000026626089000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/bazar.phpgrundll32.exe, 00000008.00000003.1599608196.0000026626088000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com/brundll32.exe, 00000005.00000003.1358846480.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1407276530.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2094052115.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1519447709.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2422820899.0000022FC0C22000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1322585214.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1256467181.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1470533154.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1346012770.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/bazar.phpkrundll32.exe, 00000005.00000003.1358846480.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1407276530.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2094052115.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1519447709.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2422820899.0000022FC0C22000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1470533154.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/1rundll32.exe, 00000005.00000003.1470533154.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1519447709.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1407276530.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/Urundll32.exe, 00000008.00000003.1528807891.000002662607A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662607A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/bazar.phprundll32.exe, 00000008.00000002.2422408124.0000026626079000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1844456570.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1867333603.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1672357732.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1535482489.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542184485.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1811391840.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1704975885.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1599608196.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1748279732.0000026626088000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/bazar.phptrundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/%rundll32.exe, 00000005.00000003.1470533154.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1519447709.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1407276530.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/Irundll32.exe, 00000008.00000002.2422408124.0000026626079000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/&rundll32.exe, 00000005.00000003.1519447709.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/bazar.php.muirundll32.exe, 00000005.00000003.1322585214.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1346012770.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/bazar.phpJ=rundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/dmin.phprundll32.exe, 00000005.00000003.1407276530.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1470533154.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/admin.phpem32rundll32.exe, 00000005.00000003.1470533154.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/admin.phpfrundll32.exe, 00000008.00000003.1456138536.0000026626089000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1396754431.0000026626089000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1403153176.0000026626089000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1867333603.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1811391840.0000026626088000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/arundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/qrundll32.exe, 00000008.00000002.2422408124.0000026626079000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/bazar.phpRrundll32.exe, 00000008.00000003.1811391840.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1748279732.0000026626088000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/Yrundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/bazar.phpxrundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/in.com:8041/.rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/5rundll32.exe, 00000005.00000003.1346012770.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/rundll32.exe, 00000005.00000003.1407276530.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288649167.000002662605C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662607A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1390370915.000002662607A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662607A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com/rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/azar.phprundll32.exe, 00000005.00000003.1407276530.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/admin.php6rundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/bazar.phpDrundll32.exe, 00000005.00000003.1358833561.0000022FC0C5E000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com/5:rundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/bazar.php~=rundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/bazar.phpm:8041/bazar.phprundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/admin.phprundll32.exe, 00000008.00000003.1456156800.000002662607A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1811391840.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1704975885.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1748279732.0000026626088000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/bazar.phpfrundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/bazar.php7rundll32.exe, 00000008.00000002.2422408124.0000026626079000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/admin.php;rundll32.exe, 00000005.00000003.2094052115.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1519447709.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2422820899.0000022FC0C22000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/bazar.phperundll32.exe, 00000005.00000003.1392321407.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com/V=6rundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/Irundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/bazar.php;rundll32.exe, 00000008.00000003.1748279732.0000026626088000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/bazar.phpirundll32.exe, 00000005.00000003.1392321407.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com/rundll32.exe, 00000005.00000003.1470533154.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1519447709.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1358846480.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1407276530.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288649167.000002662605C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/bazar.phphrundll32.exe, 00000008.00000003.1672357732.0000026626088000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/bazar.php0rundll32.exe, 00000008.00000003.1844456570.0000026626088000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/bazar.phplrundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/admin.phpArundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/azar.phprundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com/rundll32.exe, 00000008.00000003.1456156800.000002662607A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/admin.phpqUrundll32.exe, 00000005.00000002.2422008141.0000022FBF16F000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/AppDatarundll32.exe, 00000005.00000003.1322585214.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1256467181.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1346012770.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmptrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/admin.phpD=rundll32.exe, 00000008.00000003.1288649167.000002662605C000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/admin.phpD=rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/admin.php:=Rrundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288649167.000002662605C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/bazar.phprundll32.exe, 00000008.00000003.1327035826.0000026626089000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/bazar.php/rundll32.exe, 00000005.00000003.1519447709.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1556192704.0000022FC0C5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2037529076.0000022FC0C5E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1982872875.0000022FC0C5E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1957812418.0000022FC0C5E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1613791133.0000022FC0C5E000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/bazar.phprundll32.exe, 00000005.00000003.1392321407.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1358833561.0000022FC0C5E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1360003153.0000026626089000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1353770640.0000026626089000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1844456570.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1390355797.0000026626089000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1811391840.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1599608196.0000026626088000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1748279732.0000026626088000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/nka.com:8041/admin.phprundll32.exe, 00000005.00000003.1519447709.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/in.com:8041/rundll32.exe, 00000005.00000002.2422820899.0000022FC0C22000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bazarunet.com:8041/admin.phplrundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://greshunka.com:8041/bazar.phpJrundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/admin.php)rundll32.exe, 00000005.00000003.1345981976.0000022FC0C5F000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/bazar.phpHrundll32.exe, 00000005.00000003.1519447709.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2422820899.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2094052115.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/azar.php.rundll32.exe, 00000005.00000002.2422820899.0000022FC0C22000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://tiguanin.com:8041/bazar.phpFrundll32.exe, 00000005.00000003.2094052115.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmptrue
                    		unknown
                    https://bazarunet.com:8041/5rundll32.exe, 00000005.00000003.1470533154.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1519447709.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1407276530.0000022FC0C4D000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://bazarunet.com:8041/admin.phperundll32.exe, 00000005.00000003.1407276530.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1470533154.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://greshunka.com:8041/nkrundll32.exe, 00000005.00000003.2094052115.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://greshunka.com:8041/admin.phprundll32.exe, 00000008.00000003.1528807891.000002662607A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://tiguanin.com:8041/prundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://tiguanin.com:8041/admin.php2rundll32.exe, 00000008.00000002.2422408124.0000026626079000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662607A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662607A000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://greshunka.com:8041/bazar.php;rundll32.exe, 00000005.00000003.1392321407.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://greshunka.com:8041/admin.phpV=6rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://tiguanin.com:8041/bazar.phpXrundll32.exe, 00000008.00000002.2422408124.0000026626079000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://greshunka.com:8041/rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626079000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662607A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://bazarunet.com:8041/nka.com:8041/rundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://bazarunet.com:8041/admin.phprundll32.exe, 00000005.00000003.2148463753.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1407235703.0000022FC0C5E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1470533154.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1398680355.0000022FC0C5E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1470533154.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2148463753.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1390370915.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288649167.000002662605C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1456156800.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1528807891.000002662605B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2422408124.0000026626052000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://tiguanin.com:8041/nka.com:8041/rundll32.exe, 00000005.00000003.1358846480.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1407276530.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1470533154.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1346012770.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://tiguanin.com:8041/bazar.phpRrundll32.exe, 00000005.00000003.1519447709.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1525689087.0000022FC0C46000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://tiguanin.com:8041/in.com:8041/.rundll32.exe, 00000005.00000003.2094052115.0000022FC0C2A000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://bazarunet.com:8041/AppDatarundll32.exe, 00000005.00000003.1358846480.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1392321407.0000022FC0C2B000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    82.115.223.39
                    		greshunka.comRussian Federation
                    		209821MIDNET-ASTK-TelecomRUtrue
                    80.78.24.30
                    		tiguanin.comCyprus
                    		37560CYBERDYNELRtrue

                    General Information

                    Joe Sandbox version:42.0.0 Malachite
                    Analysis ID:1637286
                    Start date and time:2025-03-13 13:45:19 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 5m 57s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:18
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:badger_x64_stealth_rtl.bin.dll.dll
                    (renamed file extension from exe to dll)
                    Original Sample Name:badger_x64_stealth_rtl.bin.dll.exe
                    Detection:MAL
                    Classification:mal100.troj.evad.winDLL@14/0@7/2
                    EGA Information:
                    • Successful, ratio: 66.7%
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 23
                    • Number of non-executed functions: 30

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 4.175.87.197, 20.3.187.198, 52.149.20.212, 40.69.42.241, 172.202.163.200
                    • Excluded domains from analysis (whitelisted): fe3.delivery.mp.microsoft.com, fs.microsoft.com, slscr.update.microsoft.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                    • Execution Graph export aborted for target rundll32.exe, PID 7596 because there are no executed function
                    • Execution Graph export aborted for target rundll32.exe, PID 8068 because it is empty
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    08:46:18API Interceptor5233305x Sleep call for process: rundll32.exe modified
                    08:46:21API Interceptor1x Sleep call for process: loaddll64.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    82.115.223.39PhysXCooking64.dll.dllGet hashmaliciousBazar LoaderBrowse
                      FW3x3p4eZ5.msiGet hashmaliciousBazar Loader, BruteRatelBrowse
                        PhysXCooking64.dll.dllGet hashmaliciousBazar Loader, BruteRatelBrowse
                          Document-20-18-07.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                            das.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                              vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                Document-18-33-08.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                  Document-19-51-48.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                    vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                      dsa.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        80.78.24.30e664858e8b8ff1ac08f6dd812a68d65d05a704262fa13862538c3c45.vbsGet hashmaliciousUnknownBrowse
                                        • fredlomberhfile.com:2351/lpfdokkq
                                        s5YgOFFmFK.exeGet hashmaliciousIcedIDBrowse
                                        • smockalifatori.com/
                                        CiMXn78mMb.exeGet hashmaliciousIcedIDBrowse
                                        • skayfingertawr.com/
                                        Scan_06-28_INV__70.exeGet hashmaliciousIcedIDBrowse
                                        • hloyagorepa.com/
                                        Scan_06-28_INV__70.exeGet hashmaliciousIcedIDBrowse
                                        • hloyagorepa.com/
                                        Scan_06-28_INV__10.exeGet hashmaliciousIcedIDBrowse
                                        • hloyagorepa.com/
                                        Scan_06-28_INV__10.exeGet hashmaliciousIcedIDBrowse
                                        • hloyagorepa.com/
                                        05387199.exeGet hashmaliciousIcedIDBrowse
                                        • shoterqana.com/
                                        08778399.exeGet hashmaliciousIcedIDBrowse
                                        • shoterqana.com/
                                        Contract_March_23_INV#305.exeGet hashmaliciousIcedIDBrowse
                                        • aoureskindzet.com/

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        bazarunet.comPhysXCooking64.dll.dllGet hashmaliciousBazar LoaderBrowse
                                        • 80.78.24.30
                                        FW3x3p4eZ5.msiGet hashmaliciousBazar Loader, BruteRatelBrowse
                                        • 80.78.24.30
                                        PhysXCooking64.dll.dllGet hashmaliciousBazar Loader, BruteRatelBrowse
                                        • 80.78.24.30
                                        Document-20-18-07.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 80.78.24.30
                                        das.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 80.78.24.30
                                        vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 80.78.24.30
                                        Document-18-33-08.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 80.78.24.30
                                        Document-19-51-48.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 185.106.92.54
                                        vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 185.106.92.54
                                        dsa.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 185.106.92.54
                                        tiguanin.comPhysXCooking64.dll.dllGet hashmaliciousBazar LoaderBrowse
                                        • 80.78.24.30
                                        FW3x3p4eZ5.msiGet hashmaliciousBazar Loader, BruteRatelBrowse
                                        • 80.78.24.30
                                        PhysXCooking64.dll.dllGet hashmaliciousBazar Loader, BruteRatelBrowse
                                        • 80.78.24.30
                                        Document-20-18-07.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 80.78.24.30
                                        das.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 80.78.24.30
                                        vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 80.78.24.30
                                        Document-18-33-08.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 80.78.24.30
                                        Document-19-51-48.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 82.115.223.40
                                        vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 82.115.223.40
                                        dsa.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 82.115.223.40
                                        greshunka.comPhysXCooking64.dll.dllGet hashmaliciousBazar LoaderBrowse
                                        • 82.115.223.39
                                        FW3x3p4eZ5.msiGet hashmaliciousBazar Loader, BruteRatelBrowse
                                        • 82.115.223.39
                                        PhysXCooking64.dll.dllGet hashmaliciousBazar Loader, BruteRatelBrowse
                                        • 82.115.223.39
                                        Document-20-18-07.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 82.115.223.39
                                        das.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 82.115.223.39
                                        vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 82.115.223.39
                                        Document-18-33-08.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 82.115.223.39
                                        Document-19-51-48.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 82.115.223.39
                                        vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 82.115.223.39
                                        dsa.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                        • 82.115.223.39

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        MIDNET-ASTK-TelecomRUxkRz9mX6UD.exeGet hashmaliciousPureLog Stealer, Raccoon Stealer v2, SmokeLoader, zgRATBrowse
                                        • 82.115.223.6
                                        SecuriteInfo.com.Win64.DropperX-gen.32756.21147.exeGet hashmaliciousUnknownBrowse
                                        • 82.115.223.119
                                        SecuriteInfo.com.FileRepMalware.14454.19835.exeGet hashmaliciousUnknownBrowse
                                        • 82.115.223.119
                                        SecuriteInfo.com.Win64.DropperX-gen.28891.2079.exeGet hashmaliciousUnknownBrowse
                                        • 82.115.223.119
                                        SecuriteInfo.com.FileRepMalware.14454.19835.exeGet hashmaliciousUnknownBrowse
                                        • 82.115.223.119
                                        mQRr8Rkorf.exeGet hashmaliciousAmadey, LummaC Stealer, StealcBrowse
                                        • 82.115.223.119
                                        anydesk.ps1Get hashmaliciousUnknownBrowse
                                        • 82.115.223.199
                                        runner (2).ps1Get hashmaliciousUnknownBrowse
                                        • 82.115.223.199
                                        random.exeGet hashmaliciousAmadey, LummaC Stealer, XWormBrowse
                                        • 82.115.223.222
                                        random.exeGet hashmaliciousClipboard HijackerBrowse
                                        • 82.115.223.222
                                        CYBERDYNELRStoneHunt.exeGet hashmaliciousUnknownBrowse
                                        • 80.78.25.57
                                        abc.exeGet hashmaliciousUnknownBrowse
                                        • 80.78.24.161
                                        259650.msi.bin.msiGet hashmaliciousUnknownBrowse
                                        • 80.78.25.233
                                        4DKyxpySwD.exeGet hashmaliciousUnknownBrowse
                                        • 80.78.24.144
                                        IxKxeedaAq.exeGet hashmaliciousUnknownBrowse
                                        • 80.78.24.144
                                        adscript.ps1Get hashmaliciousUnknownBrowse
                                        • 80.78.24.144
                                        4DKyxpySwD.exeGet hashmaliciousUnknownBrowse
                                        • 80.78.24.144
                                        IxKxeedaAq.exeGet hashmaliciousUnknownBrowse
                                        • 80.78.24.144
                                        debug.dbg.elfGet hashmaliciousMirai, OkiruBrowse
                                        • 80.78.28.66
                                        EdiAf.x86.elfGet hashmaliciousOkiruBrowse
                                        • 80.78.28.66

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        No created / dropped files found

                                        Static File Info

                                        General

                                        File type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                        Entropy (8bit):7.922535602758538
                                        TrID:
                                        • Win64 Dynamic Link Library (generic) (102004/3) 86.43%
                                        • Win64 Executable (generic) (12005/4) 10.17%
                                        • Generic Win/DOS Executable (2004/3) 1.70%
                                        • DOS Executable Generic (2002/1) 1.70%
                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
                                        File name:badger_x64_stealth_rtl.bin.dll.dll
                                        File size:288'768 bytes
                                        MD5:decf7b259d75e0e499f44c5a915b3175
                                        SHA1:af87c4222d4538fd4d43eaa0cb30974af08ea21e
                                        SHA256:ba847f3edf4f9c540641c30f45e40baee8287d30d5aef59543d24f0375140f27
                                        SHA512:7602933fc82ca0c974ab2803ee833af6db325cbea6dc5d4cf7b2a5c83205342d57d2e852b9e1225026cad1bc56f4574fe8bc0419fb31e1b68f00712cc4921b5b
                                        SSDEEP:6144:Gq2UhPqeabCJNzgNm/qVoe93Zi861RyyZMAyqK2kY:bBhJNzOOQJi86Sy
                                        TLSH:80541287A450C08CCDE7DD30A2EAF5F2BC3C3F5B087195A89A28E5343E513A96B5925D
                                        File Content Preview:MZ......................@.......................................................................................................PE..d....].f..........."...+............0................................................3....`... ............................

                                        File Icon

                                        Icon Hash:7ae282899bbab082

                                        Static PE Info

                                        General

                                        Entrypoint:0x2e4d11330
                                        Entrypoint Section:.text
                                        Digitally signed:true
                                        Imagebase:0x2e4d10000
                                        Subsystem:windows cui
                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED, DLL
                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                                        Time Stamp:0x66D85DFB [Wed Sep 4 13:17:47 2024 UTC]
                                        TLS Callbacks:0xe4d11c30, 0x2, 0xe4d11c00, 0x2
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:5821847e9de43275356a37b9a2b0a5b6

                                        Authenticode Signature

                                        Signature Valid:
                                        Signature Issuer:
                                        Signature Validation Error:
                                        Error Number:
                                        Not Before, Not After
                                          Subject Chain
                                            Version:
                                            Thumbprint MD5:
                                            Thumbprint SHA-1:
                                            Thumbprint SHA-256:
                                            Serial:

                                            Entrypoint Preview

                                            Instruction
                                            dec eax
                                            mov eax, dword ptr [0003FF09h]
                                            mov dword ptr [eax], 00000000h
                                            jmp 00007F9A80E18993h
                                            nop word ptr [eax+eax+00000000h]
                                            nop dword ptr [eax]
                                            dec eax
                                            mov edx, ecx
                                            dec eax
                                            lea ecx, dword ptr [00042CA6h]
                                            jmp 00007F9A80E1A0C6h
                                            nop
                                            ret
                                            nop word ptr [eax+eax+00000000h]
                                            dec eax
                                            jmp ecx
                                            nop word ptr [eax+eax+00000000h]
                                            inc ecx
                                            push edi
                                            inc ecx
                                            push esi
                                            inc ecx
                                            push esp
                                            push esi
                                            push edi
                                            push ebx
                                            dec eax
                                            sub esp, 48h
                                            inc esp
                                            mov esi, ecx
                                            dec esp
                                            mov edi, eax
                                            dec ecx
                                            mov edi, edx
                                            dec ecx
                                            mov esp, ecx
                                            mov ecx, dword ptr [esp+000000A0h]
                                            call dword ptr [00044DDAh]
                                            mov dword ptr [esp+20h], 00000040h
                                            inc ebp
                                            xor esi, esi
                                            dec eax
                                            mov ecx, FFFFFFFFh
                                            xor edx, edx
                                            dec ebp
                                            mov eax, edi
                                            inc ecx
                                            mov ecx, 00003000h
                                            call dword ptr [00044DC7h]
                                            dec eax
                                            test eax, eax
                                            je 00007F9A80E18B8Ah
                                            dec eax
                                            mov ebx, eax
                                            dec eax
                                            mov dword ptr [esp+40h], 00000000h
                                            dec eax
                                            lea eax, dword ptr [esp+40h]
                                            dec eax
                                            mov dword ptr [esp+20h], eax
                                            dec eax
                                            mov ecx, FFFFFFFFh
                                            dec eax
                                            mov edx, ebx
                                            dec ebp
                                            mov eax, esp
                                            dec ebp
                                            mov ecx, edi

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x450000x71.edata
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x460000x498.idata
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x420000x1f8.pdata
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x416000x4d50
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x490000x58.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x410400x28.rdata
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x461400x100.idata
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x10000x1b800x1c00ebb3a84c3a550fd9b0c3995e1d01ef65False0.5662667410714286data6.176884606484243IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .data0x30000x3dc400x3de00927d8b32d17b417b562d693dc821c26fFalse0.9862492108585859Matlab v4 mat-file (little endian) H1\300PTh5\001, text, rows 0, columns 07.991499402397265IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .rdata0x410000x5200x600898d3d727d412258d920c37fb0cbbd4aFalse0.21940104166666666data3.5802772653959076IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .pdata0x420000x1f80x20029e587adbaacc260d4b877cce37b7bb5False0.5859375data4.069216292695712IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .xdata0x430000x1b40x200c6873c9ae49b91e632ce393e15495785False0.384765625data3.7866992937304613IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .bss0x440000x1100x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .edata0x450000x710x20070a486219da17d2e8c1fa5668cfa46a7False0.20703125data1.3976770861143486IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .idata0x460000x4980x600aeb57a2b4f459177befc6f70055bbac1False0.3098958333333333data3.375139724546761IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .CRT0x470000x580x200726c35a2d6f1fdf8b613cc166a7f5955False0.056640625data0.23291060709026676IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .tls0x480000x100x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .reloc0x490000x580x2005004db65c252901ea6a29527aad4b1e2False0.1953125data1.1047720205888238IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                            .foo0x4a0000x160x2004dfd3543d62b8c6fde2a707722c300bbFalse0.060546875ASCII text, with no line terminators0.42392072243894613IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                            Imports

                                            DLLImport
                                            KERNEL32.dllCreateRemoteThread, DeleteCriticalSection, EnterCriticalSection, GetLastError, InitializeCriticalSection, LeaveCriticalSection, OutputDebugStringA, SetLastError, Sleep, TlsGetValue, VirtualAllocEx, VirtualProtect, VirtualQuery, WaitForSingleObject, WriteProcessMemory
                                            msvcrt.dll__iob_func, _amsg_exit, _initterm, _lock, _unlock, _wcsnicmp, abort, calloc, exit, free, fwrite, realloc, strlen, strncmp, vfprintf

                                            Exports

                                            NameOrdinalAddress
                                            DllMain10x2e4d11530
                                            StartW20x2e4d11510

                                            Network Behavior

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Mar 13, 2025 13:46:22.501266003 CET497248041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:22.506016970 CET80414972480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:22.506095886 CET497248041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:22.567703962 CET497248041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:22.572386980 CET80414972480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:23.121745110 CET80414972480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:23.121901035 CET80414972480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:23.121975899 CET497248041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:23.121975899 CET497248041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:23.124732971 CET497248041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:23.126720905 CET497268041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:23.129345894 CET80414972480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:23.131450891 CET80414972680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:23.131757021 CET497268041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:23.131757021 CET497268041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:23.136467934 CET80414972680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:23.751617908 CET80414972680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:23.751631021 CET80414972680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:23.751713037 CET497268041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:23.752099037 CET497268041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:23.755436897 CET497278041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:23.756715059 CET80414972680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:23.760158062 CET80414972780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:23.760222912 CET497278041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:23.760308981 CET497278041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:23.765017986 CET80414972780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:23.765070915 CET497278041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:25.675146103 CET497298041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:25.680541992 CET80414972980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:25.680598021 CET497298041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:25.719569921 CET497298041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:25.724262953 CET80414972980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:26.141830921 CET497328041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:26.146557093 CET80414973282.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:26.146616936 CET497328041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:26.146991968 CET497328041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:26.151649952 CET80414973282.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:26.302337885 CET80414972980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:26.302387953 CET80414972980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:26.302392006 CET497298041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:26.302428007 CET497298041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:26.302700996 CET497298041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:26.306616068 CET497338041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:26.307343960 CET80414972980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:26.311315060 CET80414973380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:26.311377048 CET497338041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:26.311691999 CET497338041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:26.316394091 CET80414973380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:26.952316046 CET80414973380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:26.952436924 CET80414973380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:26.952470064 CET497338041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:26.952827930 CET497338041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:26.953305006 CET497338041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:26.957535028 CET80414973380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:26.960823059 CET497348041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:26.967253923 CET80414973480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:26.967442036 CET497348041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:26.967544079 CET497348041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:26.972315073 CET80414973480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:26.972671986 CET497348041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:27.748815060 CET80414973282.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:27.748902082 CET497328041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:27.749001980 CET497328041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:27.752975941 CET497358041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:27.753647089 CET80414973282.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:27.757677078 CET80414973582.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:27.757740974 CET497358041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:27.758017063 CET497358041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:27.762638092 CET80414973582.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:29.356317997 CET80414973582.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:29.356491089 CET497358041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:29.356491089 CET497358041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:29.360022068 CET497368041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:29.361216068 CET80414973582.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:29.364727020 CET80414973682.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:29.364789009 CET497368041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:29.364852905 CET497368041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:29.369838953 CET80414973682.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:29.370016098 CET497368041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:29.390611887 CET497378041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:29.395351887 CET80414973782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:29.395420074 CET497378041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:29.395667076 CET497378041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:29.400296926 CET80414973782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:31.249453068 CET80414973782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:31.249510050 CET497378041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:31.249608994 CET497378041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:31.254394054 CET80414973782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:31.254669905 CET497398041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:31.259366035 CET80414973982.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:31.259437084 CET497398041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:31.259800911 CET497398041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:31.264445066 CET80414973982.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:32.437158108 CET497418041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:32.441922903 CET80414974180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:32.441991091 CET497418041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:32.442374945 CET497418041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:32.447022915 CET80414974180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:32.857604027 CET80414973982.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:32.857661963 CET497398041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:32.857736111 CET497398041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:32.860771894 CET497428041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:32.862344980 CET80414973982.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:32.865467072 CET80414974282.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:32.865535021 CET497428041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:32.865638018 CET497428041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:32.870347023 CET80414974282.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:32.870397091 CET497428041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:33.079308033 CET80414974180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:33.079426050 CET80414974180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:33.079473019 CET497418041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:33.079523087 CET497418041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:33.079798937 CET497418041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:33.080218077 CET497438041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:33.084469080 CET80414974180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:33.084867001 CET80414974380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:33.084925890 CET497438041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:33.085113049 CET497438041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:33.089752913 CET80414974380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:33.705588102 CET80414974380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:33.706036091 CET497438041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:33.706362963 CET497438041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:33.706562042 CET80414974380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:33.706715107 CET497448041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:33.706738949 CET497438041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:33.711002111 CET80414974380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:33.711441994 CET80414974480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:33.711503029 CET497448041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:33.711580038 CET497448041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:33.717345953 CET80414974480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:33.717757940 CET497448041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:34.768549919 CET497458041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:34.773297071 CET80414974580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:34.773389101 CET497458041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:34.773633003 CET497458041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:34.778266907 CET80414974580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:34.900094986 CET497468041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:34.904831886 CET80414974680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:34.904902935 CET497468041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:34.905209064 CET497468041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:34.909910917 CET80414974680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:35.385831118 CET80414974580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:35.386039019 CET497458041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:35.386123896 CET80414974580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:35.386182070 CET497458041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:35.386333942 CET497458041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:35.386667013 CET497478041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:35.391020060 CET80414974580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:35.391374111 CET80414974780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:35.391432047 CET497478041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:35.391618967 CET497478041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:35.396245956 CET80414974780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:35.530623913 CET80414974680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:35.530682087 CET497468041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:35.530775070 CET80414974680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:35.530831099 CET497468041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:35.531080008 CET497468041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:35.535725117 CET80414974680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:35.536952019 CET497488041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:35.541697025 CET80414974880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:35.541759014 CET497488041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:35.542037010 CET497488041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:35.546871901 CET80414974880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:36.003824949 CET80414974780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:36.003878117 CET497478041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:36.004033089 CET80414974780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:36.004074097 CET497478041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:36.004193068 CET497478041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:36.004724979 CET497498041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:36.008799076 CET80414974780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:36.009433985 CET80414974980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:36.009502888 CET497498041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:36.009617090 CET497498041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:36.014331102 CET80414974980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:36.014393091 CET497498041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:36.050481081 CET497508041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:36.055201054 CET80414975082.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:36.055263996 CET497508041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:36.055460930 CET497508041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:36.060185909 CET80414975082.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:36.153944969 CET80414974880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:36.154063940 CET497488041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:36.154205084 CET80414974880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:36.154264927 CET497488041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:36.154279947 CET497488041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:36.158816099 CET497518041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:36.159003973 CET80414974880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:36.163539886 CET80414975180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:36.163618088 CET497518041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:36.164036036 CET497518041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:36.168737888 CET80414975180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:36.168787956 CET497518041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:37.651527882 CET80414975082.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:37.651695967 CET497508041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:37.651787996 CET497508041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:37.652355909 CET497528041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:37.656443119 CET80414975082.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:37.657134056 CET80414975282.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:37.657207012 CET497528041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:37.657572031 CET497528041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:37.662333012 CET80414975282.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:39.203876019 CET497538041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:39.208621979 CET80414975380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:39.208690882 CET497538041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:39.208997965 CET497538041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:39.213633060 CET80414975380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:39.347563028 CET80414975282.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:39.347630024 CET497528041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:39.347703934 CET497528041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:39.348140955 CET497548041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:39.352349043 CET80414975282.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:39.352817059 CET80414975482.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:39.352873087 CET497548041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:39.353022099 CET497548041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:39.357770920 CET80414975482.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:39.357817888 CET497548041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:39.400573969 CET497558041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:39.405292988 CET80414975580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:39.405344009 CET497558041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:39.405654907 CET497558041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:39.410295010 CET80414975580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:39.829086065 CET80414975380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:39.829145908 CET497538041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:39.829185963 CET80414975380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:39.829322100 CET497538041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:39.829560995 CET497538041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:39.832945108 CET497568041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:39.834177971 CET80414975380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:39.837652922 CET80414975680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:39.837729931 CET497568041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:39.838033915 CET497568041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:39.842677116 CET80414975680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:40.017576933 CET80414975580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:40.017628908 CET497558041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.017651081 CET80414975580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:40.017693043 CET497558041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.019721031 CET497558041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.024394989 CET80414975580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:40.028006077 CET497578041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.032737017 CET80414975780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:40.032812119 CET497578041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.034046888 CET497578041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.038700104 CET80414975780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:40.459273100 CET80414975680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:40.459371090 CET80414975680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:40.459417105 CET497568041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.459687948 CET497568041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.459687948 CET497568041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.464416981 CET80414975680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:40.476490021 CET497588041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.481148958 CET80414975880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:40.481220007 CET497588041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.481451035 CET497588041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.486097097 CET80414975880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:40.486146927 CET497588041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.673372030 CET80414975780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:40.673448086 CET497578041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.673690081 CET80414975780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:40.673732996 CET497578041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.762095928 CET497578041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.766782999 CET80414975780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:40.798069954 CET497598041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.802870989 CET80414975980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:40.802936077 CET497598041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.810774088 CET497598041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.815462112 CET80414975980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:40.815502882 CET497598041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.915183067 CET497608041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.919888973 CET80414976080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:40.919954062 CET497608041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.920604944 CET497608041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:40.925285101 CET80414976080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:41.560395956 CET80414976080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:41.560465097 CET497608041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:41.560513973 CET80414976080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:41.560559034 CET497608041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:41.560806036 CET497608041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:41.561160088 CET497618041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:41.565448046 CET80414976080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:41.565815926 CET80414976180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:41.565875053 CET497618041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:41.566349983 CET497618041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:41.571002007 CET80414976180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:42.178523064 CET80414976180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:42.178606033 CET80414976180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:42.178634882 CET497618041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:42.178647995 CET497618041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:42.178926945 CET497618041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:42.179306030 CET497628041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:42.183520079 CET80414976180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:42.183979988 CET80414976280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:42.184047937 CET497628041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:42.184127092 CET497628041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:42.188983917 CET80414976280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:42.189057112 CET497628041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:45.783318043 CET497638041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:45.788108110 CET80414976382.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:45.788189888 CET497638041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:45.788502932 CET497638041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:45.793176889 CET80414976382.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:47.220102072 CET497648041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:47.224901915 CET80414976482.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:47.224992037 CET497648041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:47.225208044 CET497648041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:47.229876995 CET80414976482.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:47.387999058 CET80414976382.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:47.388086081 CET497638041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:47.388219118 CET497638041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:47.392995119 CET80414976382.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:47.393352032 CET497658041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:47.398000002 CET80414976582.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:47.398078918 CET497658041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:47.398355961 CET497658041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:47.402956963 CET80414976582.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:48.826735973 CET80414976482.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:48.826816082 CET497648041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:48.826931000 CET497648041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:48.827310085 CET497668041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:48.831615925 CET80414976482.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:48.832014084 CET80414976682.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:48.832073927 CET497668041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:48.832284927 CET497668041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:48.836980104 CET80414976682.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:49.000277996 CET80414976582.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:49.000380039 CET497658041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:49.009876966 CET497658041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:49.013267994 CET497678041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:49.014631987 CET80414976582.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:49.017981052 CET80414976782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:49.018054008 CET497678041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:49.018188000 CET497678041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:49.022937059 CET80414976782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:49.022991896 CET497678041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:50.438069105 CET80414976682.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:50.438132048 CET497668041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:50.438220978 CET497668041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:50.438793898 CET497688041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:50.442872047 CET80414976682.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:50.443449974 CET80414976882.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:50.443514109 CET497688041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:50.443656921 CET497688041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:50.448637009 CET80414976882.115.223.39192.168.2.4
                                            Mar 13, 2025 13:46:50.448687077 CET497688041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:46:51.479738951 CET497698041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:51.484522104 CET80414976980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:51.484599113 CET497698041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:51.485816956 CET497698041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:51.490485907 CET80414976980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:52.097517967 CET80414976980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:52.097527981 CET80414976980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:52.097574949 CET497698041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:52.097811937 CET497698041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:52.102475882 CET80414976980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:52.104239941 CET497708041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:52.108957052 CET80414977080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:52.109024048 CET497708041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:52.109270096 CET497708041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:52.114475965 CET80414977080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:52.721174002 CET80414977080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:52.721241951 CET497708041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:52.721363068 CET80414977080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:52.721405983 CET497708041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:52.721515894 CET497708041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:52.726171970 CET80414977080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:52.729031086 CET497718041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:52.733710051 CET80414977180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:52.733772039 CET497718041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:52.733851910 CET497718041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:52.738607883 CET80414977180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:52.738660097 CET497718041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:52.778944969 CET497728041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:52.783631086 CET80414977280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:52.783693075 CET497728041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:52.783931971 CET497728041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:52.788562059 CET80414977280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:53.048329115 CET497738041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:53.053112984 CET80414977380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:53.053183079 CET497738041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:53.053442001 CET497738041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:53.058068037 CET80414977380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:53.427469969 CET80414977280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:53.427548885 CET497728041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:53.427721024 CET80414977280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:53.427772999 CET497728041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:53.428045034 CET497728041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:53.428457022 CET497748041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:53.432710886 CET80414977280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:53.433209896 CET80414977480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:53.433279037 CET497748041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:53.433542013 CET497748041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:53.438201904 CET80414977480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:53.700427055 CET80414977380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:53.700500011 CET497738041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:53.700512886 CET80414977380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:53.700557947 CET497738041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:53.700767040 CET497738041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:53.705503941 CET80414977380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:53.706908941 CET497758041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:53.711570978 CET80414977580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:53.711642981 CET497758041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:53.711883068 CET497758041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:53.716568947 CET80414977580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:54.062762022 CET80414977480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:54.062901974 CET497748041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:54.063189983 CET497748041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:54.063273907 CET80414977480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:54.063342094 CET497748041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:54.063602924 CET497768041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:54.067848921 CET80414977480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:54.068262100 CET80414977680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:54.068324089 CET497768041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:54.068381071 CET497768041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:54.073585987 CET80414977680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:54.073638916 CET497768041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:54.370870113 CET80414977580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:54.370908976 CET80414977580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:54.370934010 CET497758041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:54.370965958 CET497758041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:54.371186018 CET497758041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:54.375730038 CET497778041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:54.375817060 CET80414977580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:54.380410910 CET80414977780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:54.380479097 CET497778041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:54.380630970 CET497778041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:54.385344982 CET80414977780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:54.385395050 CET497778041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:55.088825941 CET497788041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:55.093672037 CET80414977880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:55.093800068 CET497788041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:55.094122887 CET497788041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:55.100220919 CET80414977880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:55.771673918 CET80414977880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:55.771692991 CET80414977880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:55.771783113 CET497788041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:55.772006989 CET497788041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:55.776456118 CET497798041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:55.776659012 CET80414977880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:55.781168938 CET80414977980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:55.781229019 CET497798041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:55.781472921 CET497798041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:55.786124945 CET80414977980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:56.395648956 CET80414977980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:56.395668983 CET80414977980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:56.395838976 CET497798041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:56.489902973 CET497798041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:56.494589090 CET80414977980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:56.547934055 CET497808041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:56.552628994 CET80414978080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:56.552687883 CET497808041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:56.552922010 CET497808041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:56.557668924 CET80414978080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:56.557706118 CET497808041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:59.497777939 CET497818041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:59.502553940 CET80414978180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:46:59.502625942 CET497818041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:59.505891085 CET497818041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:46:59.510584116 CET80414978180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:00.112761021 CET80414978180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:00.112844944 CET497818041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:00.112878084 CET80414978180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:00.112920046 CET497818041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:00.113152981 CET497818041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:00.117825031 CET80414978180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:00.118197918 CET497828041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:00.122906923 CET80414978280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:00.122978926 CET497828041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:00.123383999 CET497828041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:00.128036976 CET80414978280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:00.758647919 CET80414978280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:00.758780003 CET497828041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:00.758869886 CET80414978280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:00.758929968 CET497828041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:00.759114027 CET497828041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:00.763036013 CET497838041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:00.763726950 CET80414978280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:00.767700911 CET80414978380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:00.767775059 CET497838041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:00.767894983 CET497838041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:00.772896051 CET80414978380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:00.773430109 CET497838041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:00.868520021 CET497848041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:00.873358965 CET80414978480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:00.873610973 CET497848041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:00.873842001 CET497848041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:00.878472090 CET80414978480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:01.530878067 CET80414978480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:01.530951977 CET80414978480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:01.530967951 CET497848041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:01.531004906 CET497848041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:01.531244040 CET497848041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:01.535962105 CET80414978480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:01.536533117 CET497858041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:01.541311026 CET80414978580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:01.541388035 CET497858041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:01.541636944 CET497858041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:01.546365976 CET80414978580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:02.182517052 CET80414978580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:02.182578087 CET80414978580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:02.182626963 CET497858041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:02.182679892 CET497858041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:02.250504017 CET497858041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:02.253922939 CET497868041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:02.255284071 CET80414978580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:02.258682966 CET80414978680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:02.258748055 CET497868041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:02.258831024 CET497868041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:02.263703108 CET80414978680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:02.263772964 CET497868041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:05.800314903 CET497878041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:05.805095911 CET80414978782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:05.805160999 CET497878041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:05.805568933 CET497878041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:05.810209036 CET80414978782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:07.386648893 CET80414978782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:07.386862993 CET497878041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:07.386862993 CET497878041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:07.391556025 CET80414978782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:07.395565033 CET497888041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:07.400223970 CET80414978882.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:07.400298119 CET497888041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:07.400562048 CET497888041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:07.405214071 CET80414978882.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:07.426099062 CET497898041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:07.430875063 CET80414978982.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:07.434144974 CET497898041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:07.434415102 CET497898041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:07.439136028 CET80414978982.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:08.997551918 CET80414978882.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:08.997685909 CET497888041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:08.997778893 CET497888041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:08.999643087 CET497908041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:09.002460957 CET80414978882.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:09.004373074 CET80414979082.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:09.004451036 CET497908041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:09.004584074 CET497908041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:09.009752989 CET80414979082.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:09.009819031 CET497908041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:09.028068066 CET80414978982.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:09.028114080 CET497898041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:09.028177977 CET497898041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:09.028614044 CET497918041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:09.032803059 CET80414978982.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:09.033277035 CET80414979182.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:09.033345938 CET497918041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:09.033580065 CET497918041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:09.038197041 CET80414979182.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:10.026412010 CET497928041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:10.031490088 CET80414979280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:10.031605005 CET497928041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:10.031961918 CET497928041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:10.036580086 CET80414979280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:10.622777939 CET80414979182.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:10.623043060 CET497918041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:10.623121023 CET497918041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:10.623719931 CET497938041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:10.627851963 CET80414979182.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:10.628520966 CET80414979382.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:10.628633022 CET497938041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:10.628933907 CET497938041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:10.633702993 CET80414979382.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:10.633749962 CET497938041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:10.647814035 CET80414979280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:10.647871017 CET497928041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:10.647969007 CET80414979280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:10.648010015 CET497928041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:10.648149967 CET497928041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:10.652770996 CET80414979280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:10.657061100 CET497948041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:10.661823034 CET80414979480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:10.661894083 CET497948041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:10.662116051 CET497948041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:10.666737080 CET80414979480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:10.683043003 CET497958041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:10.687844992 CET80414979580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:10.687928915 CET497958041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:10.688196898 CET497958041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:10.692879915 CET80414979580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:11.302711010 CET80414979480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:11.302860975 CET80414979480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:11.302897930 CET497948041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:11.302974939 CET497948041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:11.303106070 CET497948041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:11.306917906 CET497978041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:11.307703972 CET80414979480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:11.312048912 CET80414979780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:11.312129021 CET497978041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:11.312252998 CET497978041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:11.316977024 CET80414979780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:11.317028999 CET497978041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:11.320375919 CET80414979580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:11.320389986 CET80414979580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:11.320449114 CET497958041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:11.320493937 CET497958041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:11.320708036 CET497958041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:11.321089983 CET497988041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:11.326237917 CET80414979580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:11.326821089 CET80414979880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:11.326886892 CET497988041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:11.328675032 CET497988041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:11.334316969 CET80414979880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:11.935664892 CET80414979880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:11.935739994 CET497988041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:11.935795069 CET80414979880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:11.935847998 CET497988041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:11.936914921 CET497988041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:11.937294960 CET497998041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:11.941567898 CET80414979880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:11.942102909 CET80414979980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:11.942184925 CET497998041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:11.942302942 CET497998041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:11.947171926 CET80414979980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:11.947228909 CET497998041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:14.354079962 CET498008041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:14.358788013 CET80414980080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:14.358865976 CET498008041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:14.359154940 CET498008041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:14.363770962 CET80414980080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:14.980206966 CET80414980080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:14.980319977 CET80414980080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:14.980329990 CET498008041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:14.980365992 CET498008041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:14.980628014 CET498008041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:14.985246897 CET80414980080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:14.985682964 CET498018041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:14.990387917 CET80414980180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:14.994148970 CET498018041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:14.994446993 CET498018041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:14.999095917 CET80414980180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:15.615822077 CET80414980180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:15.615926981 CET80414980180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:15.615989923 CET498018041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:15.615989923 CET498018041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:15.616173029 CET498018041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:15.619436026 CET498028041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:15.620786905 CET80414980180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:15.624207020 CET80414980280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:15.624270916 CET498028041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:15.624350071 CET498028041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:15.629086018 CET80414980280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:15.629144907 CET498028041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:15.978204012 CET498038041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:15.982964039 CET80414980380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:15.983035088 CET498038041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:15.983258963 CET498038041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:15.987863064 CET80414980380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:16.620476961 CET80414980380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:16.620548964 CET498038041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:16.620583057 CET80414980380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:16.620628119 CET498038041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:16.620822906 CET498038041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:16.621144056 CET498048041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:16.626087904 CET80414980380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:16.626632929 CET80414980480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:16.626692057 CET498048041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:16.626919031 CET498048041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:16.631820917 CET80414980480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:17.268069983 CET80414980480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:17.268086910 CET80414980480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:17.268134117 CET498048041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:17.268156052 CET498048041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:17.268414974 CET498048041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:17.268785954 CET498058041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:17.272995949 CET80414980480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:17.273451090 CET80414980580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:17.273511887 CET498058041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:17.273631096 CET498058041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:17.284195900 CET80414980580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:17.285728931 CET80414980580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:17.285770893 CET498058041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:19.307946920 CET498068041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:19.312855959 CET80414980680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:19.312932014 CET498068041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:19.313175917 CET498068041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:19.317816973 CET80414980680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:19.953242064 CET80414980680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:19.953315020 CET498068041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:19.953408003 CET80414980680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:19.953474045 CET498068041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:19.953690052 CET498068041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:19.954066992 CET498078041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:19.958648920 CET80414980680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:19.959455013 CET80414980780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:19.959530115 CET498078041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:19.959755898 CET498078041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:19.964900970 CET80414980780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:20.592772961 CET80414980780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:20.592849016 CET498078041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:20.592962980 CET80414980780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:20.593003988 CET498078041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:20.593097925 CET498078041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:20.593462944 CET498088041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:20.597765923 CET80414980780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:20.598165035 CET80414980880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:20.598237991 CET498088041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:20.598354101 CET498088041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:20.603041887 CET80414980880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:20.603095055 CET498088041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:20.650825024 CET498098041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:20.655563116 CET80414980980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:20.655639887 CET498098041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:20.655858994 CET498098041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:20.660540104 CET80414980980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:21.288511038 CET80414980980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:21.288583040 CET498098041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:21.288856983 CET498098041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:21.290175915 CET80414980980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:21.290221930 CET498098041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:21.295097113 CET80414980980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:21.299061060 CET498108041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:21.305598021 CET80414981080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:21.305669069 CET498108041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:21.305896044 CET498108041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:21.312268019 CET80414981080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:21.917766094 CET80414981080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:21.917841911 CET498108041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:21.917853117 CET80414981080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:21.917896986 CET498108041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:21.918112993 CET498108041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:21.922183990 CET498118041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:21.923070908 CET80414981080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:21.926884890 CET80414981180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:21.926954985 CET498118041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:21.927089930 CET498118041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:21.932080984 CET80414981180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:21.932131052 CET498118041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:23.624048948 CET498128041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:23.628839970 CET80414981280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:23.628922939 CET498128041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:23.629169941 CET498128041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:23.633802891 CET80414981280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:23.948576927 CET498138041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:23.953351021 CET80414981380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:23.953433990 CET498138041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:23.953877926 CET498138041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:23.958497047 CET80414981380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:24.271435976 CET80414981280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:24.271456003 CET80414981280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:24.271514893 CET498128041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:24.277115107 CET498128041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:24.277523041 CET498148041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:24.284099102 CET80414981280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:24.284122944 CET80414981480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:24.284204006 CET498148041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:24.284511089 CET498148041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:24.289175987 CET80414981480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:24.597165108 CET80414981380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:24.597246885 CET498138041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:24.597489119 CET498138041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:24.597517014 CET80414981380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:24.597563982 CET498138041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:24.602292061 CET80414981380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:24.603529930 CET498158041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:24.608211994 CET80414981580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:24.608287096 CET498158041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:24.608571053 CET498158041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:24.613233089 CET80414981580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:24.946175098 CET80414981480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:24.946258068 CET498148041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:24.946484089 CET80414981480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:24.946521997 CET498148041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:24.946540117 CET498148041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:24.946913004 CET498168041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:24.951229095 CET80414981480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:24.951678038 CET80414981680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:24.951757908 CET498168041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:24.951874018 CET498168041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:24.956588984 CET80414981680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:24.956650972 CET498168041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:25.221678019 CET80414981580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:25.221812010 CET80414981580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:25.221829891 CET498158041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:25.221858025 CET498158041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:25.222111940 CET498158041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:25.225883007 CET498178041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:25.226825953 CET80414981580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:25.230611086 CET80414981780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:25.230676889 CET498178041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:25.230775118 CET498178041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:25.235548973 CET80414981780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:25.235604048 CET498178041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:26.260045052 CET498188041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:26.264734983 CET80414981880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:26.264801979 CET498188041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:26.265023947 CET498188041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:26.269649982 CET80414981880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:26.885732889 CET80414981880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:26.885817051 CET498188041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:26.885848045 CET80414981880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:26.885890007 CET498188041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:26.886096954 CET498188041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:26.890729904 CET80414981880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:26.890933037 CET498198041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:26.895636082 CET80414981980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:26.895739079 CET498198041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:26.895987988 CET498198041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:26.900603056 CET80414981980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:27.506068945 CET80414981980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:27.506172895 CET80414981980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:27.506206989 CET498198041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:27.506248951 CET498198041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:27.506453037 CET498198041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:27.510339975 CET498208041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:27.511043072 CET80414981980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:27.515074015 CET80414982080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:27.515146017 CET498208041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:27.515283108 CET498208041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:27.520098925 CET80414982080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:27.520149946 CET498208041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:28.978718042 CET498218041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:28.983484030 CET80414982180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:28.984225035 CET498218041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:28.984478951 CET498218041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:28.989132881 CET80414982180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:29.602041960 CET80414982180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:29.602119923 CET498218041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:29.602380037 CET498218041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:29.602464914 CET80414982180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:29.602509022 CET498218041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:29.602781057 CET498228041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:29.607558966 CET80414982180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:29.608408928 CET80414982280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:29.608470917 CET498228041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:29.608635902 CET498228041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:29.614998102 CET80414982280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:30.230704069 CET80414982280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:30.230772972 CET80414982280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:30.230782032 CET498228041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:30.230817080 CET498228041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:30.231060982 CET498228041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:30.231408119 CET498238041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:30.236100912 CET80414982280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:30.236618996 CET80414982380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:30.236684084 CET498238041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:30.236777067 CET498238041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:30.242850065 CET80414982380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:30.242892027 CET498238041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:31.541069031 CET498248041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:31.545862913 CET80414982482.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:31.545952082 CET498248041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:31.546200037 CET498248041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:31.550848007 CET80414982482.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:33.140090942 CET80414982482.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:33.140151978 CET498248041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:33.235734940 CET498248041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:33.240406036 CET80414982482.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:33.259047985 CET498258041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:33.263751030 CET80414982582.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:33.263814926 CET498258041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:33.264147997 CET498258041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:33.268762112 CET80414982582.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:34.856868982 CET80414982582.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:34.856951952 CET498258041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:34.857023954 CET498258041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:34.858635902 CET498268041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:34.861704111 CET80414982582.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:34.863306046 CET80414982682.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:34.863390923 CET498268041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:34.863475084 CET498268041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:34.868220091 CET80414982682.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:34.868269920 CET80414982682.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:34.868320942 CET498268041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:34.895572901 CET498278041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:34.901031971 CET80414982782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:34.901113987 CET498278041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:34.901331902 CET498278041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:34.906534910 CET80414982782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:35.259473085 CET498288041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:35.264226913 CET80414982880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:35.264301062 CET498288041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:35.264523983 CET498288041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:35.269151926 CET80414982880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:35.912311077 CET80414982880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:35.912373066 CET498288041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:35.912463903 CET80414982880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:35.912506104 CET498288041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:35.917836905 CET498288041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:35.923599958 CET80414982880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:36.121362925 CET498298041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:36.126380920 CET80414982980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:36.126437902 CET498298041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:36.127407074 CET498298041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:36.132025957 CET80414982980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:36.497750998 CET80414982782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:36.500468016 CET498278041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:36.500704050 CET498278041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:36.502511024 CET498308041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:36.505340099 CET80414982782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:36.507438898 CET80414983082.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:36.507519960 CET498308041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:36.507788897 CET498308041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:36.512428045 CET80414983082.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:36.747766018 CET80414982980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:36.747781038 CET80414982980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:36.747818947 CET498298041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:36.747844934 CET498298041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:36.748282909 CET498298041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:36.752217054 CET498318041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:36.753950119 CET80414982980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:36.758423090 CET80414983180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:36.758543968 CET498318041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:36.758737087 CET498318041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:36.763647079 CET80414983180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:36.763684988 CET498318041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:37.794004917 CET498328041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:37.798858881 CET80414983280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:37.798933029 CET498328041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:37.799398899 CET498328041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:37.804013968 CET80414983280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:38.109589100 CET80414983082.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:38.109666109 CET498308041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:38.109991074 CET498308041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:38.111831903 CET498338041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:38.114665031 CET80414983082.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:38.116566896 CET80414983382.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:38.116631031 CET498338041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:38.116794109 CET498338041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:38.122661114 CET80414983382.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:38.122703075 CET498338041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:38.439637899 CET80414983280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:38.439697981 CET498328041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:38.439913988 CET498328041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:38.440349102 CET80414983280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:38.440591097 CET498328041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:38.444546938 CET80414983280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:38.455383062 CET498348041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:38.460149050 CET80414983480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:38.460210085 CET498348041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:38.460485935 CET498348041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:38.465091944 CET80414983480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:39.078025103 CET80414983480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:39.078038931 CET80414983480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:39.078075886 CET498348041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:39.078125954 CET498348041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:39.095319986 CET498348041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:39.100035906 CET80414983480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:39.118388891 CET498358041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:39.124119997 CET80414983580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:39.124181032 CET498358041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:39.222718000 CET498358041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:39.228144884 CET80414983580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:39.228199005 CET498358041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:42.217439890 CET498368041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:42.222284079 CET80414983680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:42.222351074 CET498368041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:42.222743034 CET498368041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:42.227379084 CET80414983680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:42.299072027 CET498378041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:42.303829908 CET80414983782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:42.303888083 CET498378041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:42.304241896 CET498378041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:42.308839083 CET80414983782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:42.834949970 CET80414983680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:42.835134983 CET498368041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:42.835474968 CET80414983680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:42.835520029 CET498368041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:42.835575104 CET498368041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:42.840194941 CET80414983680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:42.841626883 CET498388041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:42.846375942 CET80414983880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:42.846483946 CET498388041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:42.846755981 CET498388041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:42.851392984 CET80414983880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:43.485629082 CET80414983880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:43.485703945 CET498388041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:43.485752106 CET80414983880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:43.485806942 CET498388041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:43.486133099 CET498388041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:43.490797997 CET80414983880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:43.492829084 CET498398041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:43.498620987 CET80414983980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:43.498812914 CET498398041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:43.498944044 CET498398041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:43.504178047 CET80414983980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:43.504245043 CET498398041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:43.541837931 CET498408041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:43.546798944 CET80414984080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:43.546886921 CET498408041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:43.547213078 CET498408041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:43.551816940 CET80414984080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:43.906753063 CET80414983782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:43.906806946 CET498378041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:43.906908035 CET498378041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:43.911571026 CET80414983782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:43.914810896 CET498418041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:43.919540882 CET80414984182.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:43.919610023 CET498418041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:43.919949055 CET498418041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:43.924622059 CET80414984182.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:44.208542109 CET80414984080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:44.208556890 CET80414984080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:44.208595037 CET498408041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:44.208626986 CET498408041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:44.208949089 CET498408041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:44.212539911 CET498428041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:44.214057922 CET80414984080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:44.218595028 CET80414984280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:44.218653917 CET498428041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:44.218966007 CET498428041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:44.225215912 CET80414984280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:44.854985952 CET80414984280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:44.855004072 CET80414984280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:44.858366013 CET498428041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:44.882782936 CET498428041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:44.887469053 CET80414984280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:44.934159040 CET498438041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:44.938832998 CET80414984380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:44.942214012 CET498438041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:44.943171024 CET498438041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:44.947812080 CET80414984380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:44.950242043 CET498438041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:45.536793947 CET80414984182.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:45.536854029 CET498418041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:45.536906004 CET498418041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:45.538939953 CET498448041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:45.541604042 CET80414984182.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:45.543634892 CET80414984482.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:45.543690920 CET498448041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:45.543885946 CET498448041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:45.548593998 CET80414984482.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:45.548639059 CET498448041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:47.963291883 CET498458041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:47.967977047 CET80414984582.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:47.968046904 CET498458041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:47.985838890 CET498458041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:47.991548061 CET80414984582.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:49.384332895 CET498468041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:49.389050007 CET80414984682.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:49.389261007 CET498468041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:49.389625072 CET498468041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:49.394264936 CET80414984682.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:49.559149027 CET80414984582.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:49.559201956 CET498458041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:49.559293985 CET498458041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:49.564090967 CET80414984582.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:49.569294930 CET498478041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:49.574054956 CET80414984782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:49.574109077 CET498478041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:49.574567080 CET498478041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:49.579602003 CET80414984782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:51.063541889 CET80414984682.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:51.064466953 CET498468041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:51.066287994 CET498468041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:51.066287994 CET498488041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:51.070965052 CET80414984682.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:51.070977926 CET80414984882.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:51.071137905 CET498488041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:51.074173927 CET498488041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:51.078825951 CET80414984882.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:51.324382067 CET80414984782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:51.324455023 CET498478041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:51.324584961 CET498478041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:51.329195976 CET80414984782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:51.329226971 CET498498041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:51.333884954 CET80414984982.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:51.334002018 CET498498041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:51.334146976 CET498498041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:51.338845015 CET80414984982.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:51.338984966 CET498498041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:52.691545963 CET80414984882.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:52.692429066 CET498488041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:52.692491055 CET498488041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:52.697283030 CET80414984882.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:52.697308064 CET498508041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:52.702090025 CET80414985082.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:52.702296972 CET498508041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:52.702387094 CET498508041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:52.707106113 CET80414985082.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:52.710293055 CET498508041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:53.400542974 CET498518041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:53.405314922 CET80414985182.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:53.410264969 CET498518041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:53.414177895 CET498518041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:53.418802023 CET80414985182.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:55.000117064 CET80414985182.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:55.000329018 CET498518041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:55.000525951 CET498518041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:55.005213022 CET80414985182.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:55.040190935 CET498528041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:55.044886112 CET80414985282.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:55.048425913 CET498528041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:55.052237988 CET498528041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:55.056895018 CET80414985282.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:55.769399881 CET498538041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:55.774126053 CET80414985380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:55.774188042 CET498538041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:55.774588108 CET498538041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:55.779259920 CET80414985380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:56.411629915 CET80414985380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:56.411686897 CET498538041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:56.411840916 CET80414985380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:56.411878109 CET498538041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:56.412271023 CET498538041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:56.416903019 CET80414985380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:56.417063951 CET498548041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:56.421782970 CET80414985480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:56.421849966 CET498548041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:56.422301054 CET498548041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:56.426970005 CET80414985480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:56.640784979 CET80414985282.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:56.644438982 CET498528041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:56.644438982 CET498528041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:56.648344040 CET498558041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:56.649156094 CET80414985282.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:56.653057098 CET80414985582.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:56.656482935 CET498558041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:56.656482935 CET498558041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:56.661444902 CET80414985582.115.223.39192.168.2.4
                                            Mar 13, 2025 13:47:56.664351940 CET498558041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:47:57.086425066 CET80414985480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:57.086437941 CET80414985480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:57.086539030 CET498548041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:57.086858988 CET498548041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:57.091473103 CET80414985480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:57.102068901 CET498568041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:57.106817007 CET80414985680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:57.106981993 CET498568041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:57.107219934 CET498568041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:47:57.111979008 CET80414985680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:47:57.112320900 CET498568041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:00.170874119 CET498578041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:00.175654888 CET80414985780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:00.175719976 CET498578041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:00.176076889 CET498578041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:00.180757999 CET80414985780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:00.799778938 CET80414985780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:00.799854994 CET80414985780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:00.802270889 CET498578041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:00.802614927 CET498578041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:00.807269096 CET80414985780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:00.810194969 CET498588041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:00.814851999 CET80414985880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:00.818269968 CET498588041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:00.818542957 CET498588041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:00.823198080 CET80414985880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:01.460134029 CET80414985880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:01.460237026 CET80414985880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:01.460356951 CET498588041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:01.460762978 CET498588041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:01.465401888 CET80414985880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:01.475745916 CET498598041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:01.480468035 CET80414985980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:01.480580091 CET498598041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:01.480684996 CET498598041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:01.485455990 CET80414985980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:01.485631943 CET498598041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:01.765883923 CET498608041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:01.773281097 CET80414986080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:01.773355961 CET498608041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:01.773792028 CET498608041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:01.781676054 CET80414986080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:02.388648987 CET80414986080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:02.388700008 CET498608041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:02.388715029 CET80414986080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:02.388782978 CET498608041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:02.388988972 CET498608041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:02.392163992 CET498618041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:02.393593073 CET80414986080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:02.396850109 CET80414986180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:02.396903992 CET498618041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:02.397264004 CET498618041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:02.401913881 CET80414986180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:03.012052059 CET80414986180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:03.012279987 CET80414986180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:03.014236927 CET498618041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:03.086172104 CET498618041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:03.086653948 CET498628041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:03.090938091 CET80414986180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:03.091365099 CET80414986280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:03.098210096 CET498628041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:03.100049019 CET498628041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:03.104784966 CET80414986280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:03.104962111 CET498628041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:06.544152975 CET498638041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:06.548882008 CET80414986380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:06.548945904 CET498638041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:06.549269915 CET498638041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:06.553898096 CET80414986380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:07.159759045 CET80414986380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:07.159813881 CET80414986380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:07.159841061 CET498638041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:07.160121918 CET498638041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:07.160161018 CET498638041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:07.164798975 CET80414986380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:07.168415070 CET498648041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:07.173110962 CET80414986480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:07.173245907 CET498648041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:07.173584938 CET498648041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:07.179063082 CET80414986480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:07.794425964 CET80414986480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:07.794445038 CET80414986480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:07.794480085 CET498648041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:07.794524908 CET498648041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:07.794843912 CET498648041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:07.799359083 CET498658041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:07.799454927 CET80414986480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:07.804058075 CET80414986580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:07.804122925 CET498658041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:07.804234982 CET498658041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:07.808936119 CET80414986580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:07.808981895 CET498658041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:08.184324026 CET498668041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:08.189075947 CET80414986680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:08.189133883 CET498668041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:08.189517021 CET498668041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:08.194144964 CET80414986680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:08.807909966 CET80414986680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:08.808114052 CET80414986680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:08.808223963 CET498668041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:08.808505058 CET498668041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:08.813127041 CET80414986680.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:08.829808950 CET498678041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:08.834537029 CET80414986780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:08.836605072 CET498678041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:08.836605072 CET498678041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:08.841310978 CET80414986780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:09.463888884 CET80414986780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:09.464016914 CET80414986780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:09.464229107 CET498678041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:09.468271017 CET498678041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:09.468274117 CET498688041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:09.472949028 CET80414986780.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:09.472971916 CET80414986880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:09.476496935 CET498688041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:09.476496935 CET498688041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:09.481368065 CET80414986880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:09.481499910 CET498688041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:12.862217903 CET498698041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:12.867002964 CET80414986980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:12.867249012 CET498698041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:12.870230913 CET498698041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:12.874905109 CET80414986980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:13.543503046 CET80414986980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:13.543608904 CET80414986980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:13.546580076 CET498698041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:13.546581030 CET498698041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:13.551295996 CET80414986980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:13.570230007 CET498708041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:13.575072050 CET80414987080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:13.578422070 CET498708041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:13.578780890 CET498708041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:13.583496094 CET80414987080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:13.588378906 CET498718041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:13.593034029 CET80414987180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:13.593085051 CET498718041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:13.593365908 CET498718041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:13.598026037 CET80414987180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:14.219115019 CET80414987080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:14.219136953 CET80414987080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:14.219166040 CET498708041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:14.219196081 CET498708041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:14.219583988 CET498708041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:14.223709106 CET498728041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:14.224303007 CET80414987080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:14.224467993 CET80414987180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:14.224519014 CET498718041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:14.224684000 CET80414987180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:14.224728107 CET498718041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:14.224746943 CET498718041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:14.225042105 CET498738041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:14.228399992 CET80414987280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:14.228462934 CET498728041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:14.228624105 CET498728041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:14.229360104 CET80414987180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:14.229671001 CET80414987380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:14.229727983 CET498738041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:14.229979038 CET498738041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:14.233279943 CET80414987280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:14.233333111 CET498728041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:14.234577894 CET80414987380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:14.640357971 CET498748041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:48:14.645107985 CET80414987482.115.223.39192.168.2.4
                                            Mar 13, 2025 13:48:14.648385048 CET498748041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:48:14.652360916 CET498748041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:48:14.657094002 CET80414987482.115.223.39192.168.2.4
                                            Mar 13, 2025 13:48:14.857439041 CET80414987380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:14.857577085 CET498738041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:14.857579947 CET80414987380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:14.857635021 CET498738041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:14.858030081 CET498738041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:14.858582973 CET498758041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:14.862699986 CET80414987380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:14.863265991 CET80414987580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:14.866354942 CET498758041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:14.866584063 CET498758041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:14.871293068 CET80414987580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:14.872195005 CET498758041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:16.231699944 CET80414987482.115.223.39192.168.2.4
                                            Mar 13, 2025 13:48:16.231751919 CET498748041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:48:16.231839895 CET498748041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:48:16.234029055 CET498768041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:48:16.240047932 CET80414987482.115.223.39192.168.2.4
                                            Mar 13, 2025 13:48:16.240061045 CET80414987682.115.223.39192.168.2.4
                                            Mar 13, 2025 13:48:16.240128040 CET498768041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:48:16.240494967 CET498768041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:48:16.245138884 CET80414987682.115.223.39192.168.2.4
                                            Mar 13, 2025 13:48:17.828711033 CET80414987682.115.223.39192.168.2.4
                                            Mar 13, 2025 13:48:17.828783989 CET498768041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:48:17.828958988 CET498768041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:48:17.831008911 CET498778041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:48:17.833602905 CET80414987682.115.223.39192.168.2.4
                                            Mar 13, 2025 13:48:17.835728884 CET80414987782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:48:17.835807085 CET498778041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:48:17.835953951 CET498778041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:48:17.840653896 CET80414987782.115.223.39192.168.2.4
                                            Mar 13, 2025 13:48:17.840692997 CET498778041192.168.2.482.115.223.39
                                            Mar 13, 2025 13:48:19.889918089 CET498788041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:19.894656897 CET80414987880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:19.894720078 CET498788041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:19.895092010 CET498788041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:19.899736881 CET80414987880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:19.918767929 CET498798041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:19.923515081 CET80414987980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:19.923574924 CET498798041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:19.923894882 CET498798041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:19.928579092 CET80414987980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:20.516231060 CET80414987880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:20.516292095 CET498788041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:20.516670942 CET80414987880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:20.516711950 CET498788041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:20.516730070 CET498788041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:20.521075010 CET498808041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:20.522267103 CET80414987880.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:20.525767088 CET80414988080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:20.525820971 CET498808041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:20.526236057 CET498808041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:20.530905008 CET80414988080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:20.553906918 CET80414987980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:20.554054976 CET498798041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:20.554115057 CET80414987980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:20.554156065 CET498798041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:20.554275036 CET498798041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:20.558414936 CET498818041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:20.558887005 CET80414987980.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:20.563080072 CET80414988180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:20.563133001 CET498818041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:20.563467026 CET498818041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:20.568129063 CET80414988180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:21.149693966 CET80414988080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:21.149874926 CET80414988080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:21.154808044 CET498808041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.154808044 CET498808041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.159571886 CET80414988080.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:21.162229061 CET498828041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.166975021 CET80414988280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:21.167346001 CET498828041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.167567968 CET498828041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.172389030 CET80414988280.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:21.172946930 CET498828041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.210896015 CET80414988180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:21.211030960 CET498818041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.211075068 CET80414988180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:21.211272955 CET498818041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.213263035 CET498818041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.217905998 CET80414988180.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:21.218183994 CET498838041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.222903967 CET80414988380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:21.223053932 CET498838041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.223310947 CET498838041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.227992058 CET80414988380.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:21.228091002 CET498838041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.282728910 CET498848041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.287386894 CET80414988480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:21.287487030 CET498848041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.287770987 CET498848041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.292377949 CET80414988480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:21.899288893 CET80414988480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:21.899349928 CET498848041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.899444103 CET80414988480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:21.899486065 CET498848041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.903207064 CET498848041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.907924891 CET80414988480.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:21.907944918 CET498858041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.912638903 CET80414988580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:21.912698984 CET498858041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.913060904 CET498858041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:21.917687893 CET80414988580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:22.559988976 CET80414988580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:22.560045004 CET498858041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:22.560081959 CET80414988580.78.24.30192.168.2.4
                                            Mar 13, 2025 13:48:22.560128927 CET498858041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:22.560652018 CET498858041192.168.2.480.78.24.30
                                            Mar 13, 2025 13:48:22.565279007 CET80414988580.78.24.30192.168.2.4

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Mar 13, 2025 13:46:22.472079992 CET4940953192.168.2.41.1.1.1
                                            Mar 13, 2025 13:46:22.496952057 CET53494091.1.1.1192.168.2.4
                                            Mar 13, 2025 13:46:25.642887115 CET5019453192.168.2.41.1.1.1
                                            Mar 13, 2025 13:46:25.666907072 CET53501941.1.1.1192.168.2.4
                                            Mar 13, 2025 13:46:25.820317984 CET6254753192.168.2.41.1.1.1
                                            Mar 13, 2025 13:46:26.141036034 CET53625471.1.1.1192.168.2.4
                                            Mar 13, 2025 13:46:29.040390968 CET6238553192.168.2.41.1.1.1
                                            Mar 13, 2025 13:46:29.388737917 CET53623851.1.1.1192.168.2.4
                                            Mar 13, 2025 13:47:47.609471083 CET5383653192.168.2.41.1.1.1
                                            Mar 13, 2025 13:47:47.941808939 CET53538361.1.1.1192.168.2.4
                                            Mar 13, 2025 13:47:49.018167973 CET6285253192.168.2.41.1.1.1
                                            Mar 13, 2025 13:47:49.383487940 CET53628521.1.1.1192.168.2.4
                                            Mar 13, 2025 13:48:14.268102884 CET5327553192.168.2.41.1.1.1
                                            Mar 13, 2025 13:48:14.635371923 CET53532751.1.1.1192.168.2.4

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Mar 13, 2025 13:46:22.472079992 CET192.168.2.41.1.1.10x572dStandard query (0)tiguanin.comA (IP address)IN (0x0001)false
                                            Mar 13, 2025 13:46:25.642887115 CET192.168.2.41.1.1.10xaeeeStandard query (0)bazarunet.comA (IP address)IN (0x0001)false
                                            Mar 13, 2025 13:46:25.820317984 CET192.168.2.41.1.1.10x51bfStandard query (0)greshunka.comA (IP address)IN (0x0001)false
                                            Mar 13, 2025 13:46:29.040390968 CET192.168.2.41.1.1.10x297aStandard query (0)greshunka.comA (IP address)IN (0x0001)false
                                            Mar 13, 2025 13:47:47.609471083 CET192.168.2.41.1.1.10x3e86Standard query (0)greshunka.comA (IP address)IN (0x0001)false
                                            Mar 13, 2025 13:47:49.018167973 CET192.168.2.41.1.1.10xfbd8Standard query (0)greshunka.comA (IP address)IN (0x0001)false
                                            Mar 13, 2025 13:48:14.268102884 CET192.168.2.41.1.1.10xed67Standard query (0)greshunka.comA (IP address)IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Mar 13, 2025 13:46:22.496952057 CET1.1.1.1192.168.2.40x572dNo error (0)tiguanin.com80.78.24.30A (IP address)IN (0x0001)false
                                            Mar 13, 2025 13:46:25.666907072 CET1.1.1.1192.168.2.40xaeeeNo error (0)bazarunet.com80.78.24.30A (IP address)IN (0x0001)false
                                            Mar 13, 2025 13:46:26.141036034 CET1.1.1.1192.168.2.40x51bfNo error (0)greshunka.com82.115.223.39A (IP address)IN (0x0001)false
                                            Mar 13, 2025 13:46:29.388737917 CET1.1.1.1192.168.2.40x297aNo error (0)greshunka.com82.115.223.39A (IP address)IN (0x0001)false
                                            Mar 13, 2025 13:47:47.941808939 CET1.1.1.1192.168.2.40x3e86No error (0)greshunka.com82.115.223.39A (IP address)IN (0x0001)false
                                            Mar 13, 2025 13:47:49.383487940 CET1.1.1.1192.168.2.40xfbd8No error (0)greshunka.com82.115.223.39A (IP address)IN (0x0001)false
                                            Mar 13, 2025 13:48:14.635371923 CET1.1.1.1192.168.2.40xed67No error (0)greshunka.com82.115.223.39A (IP address)IN (0x0001)false

                                            HTTP Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.44972480.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:23.121745110 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            1192.168.2.44972680.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:23.751617908 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            2192.168.2.44972980.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:26.302337885 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            3192.168.2.44973380.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:26.952316046 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            4192.168.2.44974180.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:33.079308033 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            5192.168.2.44974380.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:33.705588102 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            6192.168.2.44974580.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:35.385831118 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            7192.168.2.44974680.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:35.530623913 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            8192.168.2.44974780.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:36.003824949 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            9192.168.2.44974880.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:36.153944969 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            10192.168.2.44975380.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:39.829086065 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            11192.168.2.44975580.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:40.017576933 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            12192.168.2.44975680.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:40.459273100 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            13192.168.2.44975780.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:40.673372030 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            14192.168.2.44976080.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:41.560395956 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            15192.168.2.44976180.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:42.178523064 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            16192.168.2.44976980.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:52.097517967 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            17192.168.2.44977080.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:52.721174002 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            18192.168.2.44977280.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:53.427469969 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            19192.168.2.44977380.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:53.700427055 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            20192.168.2.44977480.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:54.062762022 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            21192.168.2.44977580.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:54.370870113 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            22192.168.2.44977880.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:55.771673918 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            23192.168.2.44977980.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:46:56.395648956 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            24192.168.2.44978180.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:00.112761021 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            25192.168.2.44978280.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:00.758647919 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            26192.168.2.44978480.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:01.530878067 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            27192.168.2.44978580.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:02.182517052 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            28192.168.2.44979280.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:10.647814035 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            29192.168.2.44979480.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:11.302711010 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            30192.168.2.44979580.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:11.320375919 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            31192.168.2.44979880.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:11.935664892 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            32192.168.2.44980080.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:14.980206966 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            33192.168.2.44980180.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:15.615822077 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            34192.168.2.44980380.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:16.620476961 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            35192.168.2.44980480.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:17.268069983 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            36192.168.2.44980680.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:19.953242064 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            37192.168.2.44980780.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:20.592772961 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            38192.168.2.44980980.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:21.288511038 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            39192.168.2.44981080.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:21.917766094 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            40192.168.2.44981280.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:24.271435976 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            41192.168.2.44981380.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:24.597165108 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            42192.168.2.44981480.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:24.946175098 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            43192.168.2.44981580.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:25.221678019 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            44192.168.2.44981880.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:26.885732889 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            45192.168.2.44981980.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:27.506068945 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            46192.168.2.44982180.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:29.602041960 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            47192.168.2.44982280.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:30.230704069 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            48192.168.2.44982880.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:35.912311077 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            49192.168.2.44982980.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:36.747766018 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            50192.168.2.44983280.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:38.439637899 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            51192.168.2.44983480.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:39.078025103 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            52192.168.2.44983680.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:42.834949970 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            53192.168.2.44983880.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:43.485629082 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            54192.168.2.44984080.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:44.208542109 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            55192.168.2.44984280.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:44.854985952 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            56192.168.2.44985380.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:56.411629915 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            57192.168.2.44985480.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:47:57.086425066 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            58192.168.2.44985780.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:48:00.799778938 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            59192.168.2.44985880.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:48:01.460134029 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            60192.168.2.44986080.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:48:02.388648987 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            61192.168.2.44986180.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:48:03.012052059 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            62192.168.2.44986380.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:48:07.159759045 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            63192.168.2.44986480.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:48:07.794425964 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            64192.168.2.44986680.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:48:08.807909966 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            65192.168.2.44986780.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:48:09.463888884 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            66192.168.2.44986980.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:48:13.543503046 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            67192.168.2.44987080.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:48:14.219115019 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            68192.168.2.44987180.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:48:14.224467993 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            69192.168.2.44987380.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:48:14.857439041 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            70192.168.2.44987880.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:48:20.516231060 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            71192.168.2.44987980.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:48:20.553906918 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            72192.168.2.44988080.78.24.3080417596C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:48:21.149693966 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            73192.168.2.44988180.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:48:21.210896015 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            74192.168.2.44988480.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:48:21.899288893 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            75192.168.2.44988580.78.24.3080418156C:\Windows\System32\rundll32.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 13, 2025 13:48:22.559988976 CET103INHTTP/1.1 400 Bad Request
                                            Content-Type: text/plain; charset=utf-8
                                            Connection: close
                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                            Data Ascii: 400 Bad Request


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:08:46:15
                                            Start date:13/03/2025
                                            Path:C:\Windows\System32\loaddll64.exe
                                            Wow64 process (32bit):false
                                            Commandline:loaddll64.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll"
                                            Imagebase:0x7ff60d7f0000
                                            File size:165'888 bytes
                                            MD5 hash:763455F9DCB24DFEECC2B9D9F8D46D52
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000000.00000003.1219643944.000002321C782000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:1
                                            Start time:08:46:15
                                            Start date:13/03/2025
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff62fc20000
                                            File size:862'208 bytes
                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:2
                                            Start time:08:46:15
                                            Start date:13/03/2025
                                            Path:C:\Windows\System32\cmd.exe
                                            Wow64 process (32bit):false
                                            Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll",#1
                                            Imagebase:0x7ff6aae60000
                                            File size:289'792 bytes
                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:3
                                            Start time:08:46:15
                                            Start date:13/03/2025
                                            Path:C:\Windows\System32\rundll32.exe
                                            Wow64 process (32bit):false
                                            Commandline:rundll32.exe C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll,DllMain
                                            Imagebase:0x7ff721970000
                                            File size:71'680 bytes
                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:4
                                            Start time:08:46:15
                                            Start date:13/03/2025
                                            Path:C:\Windows\System32\rundll32.exe
                                            Wow64 process (32bit):false
                                            Commandline:rundll32.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll",#1
                                            Imagebase:0x7ff721970000
                                            File size:71'680 bytes
                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:5
                                            Start time:08:46:18
                                            Start date:13/03/2025
                                            Path:C:\Windows\System32\rundll32.exe
                                            Wow64 process (32bit):false
                                            Commandline:rundll32.exe C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll,StartW
                                            Imagebase:0x7ff721970000
                                            File size:71'680 bytes
                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_BruteRatel_2, Description: Yara detected BruteRatel, Source: 00000005.00000002.2422008141.0000022FBF16F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000005.00000003.1188708860.0000022FC0D25000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:high
                                            Has exited:false

                                            General

                                            Target ID:7
                                            Start time:08:46:21
                                            Start date:13/03/2025
                                            Path:C:\Windows\System32\rundll32.exe
                                            Wow64 process (32bit):false
                                            Commandline:rundll32.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll",DllMain
                                            Imagebase:0x7ff721970000
                                            File size:71'680 bytes
                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:8
                                            Start time:08:46:21
                                            Start date:13/03/2025
                                            Path:C:\Windows\System32\rundll32.exe
                                            Wow64 process (32bit):false
                                            Commandline:rundll32.exe "C:\Users\user\Desktop\badger_x64_stealth_rtl.bin.dll.dll",StartW
                                            Imagebase:0x7ff721970000
                                            File size:71'680 bytes
                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000008.00000003.1219889188.0000026626356000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:high
                                            Has exited:false

                                            Disassembly

                                            Reset < >