Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.PackedNET.331.28355.4334

Overview

General Information

Sample Name:	SecuriteInfo.com.Trojan.PackedNET.331.28355.4334 (renamed file extension from 4334 to exe)
Analysis ID:	624197
MD5:	1f04c12ab3a22f6806d30bacb7552f19
SHA1:	9913975b167b01b96364cad477ca6dfab71da454
SHA256:	de42477eb270c42a2eaf57e6efb465263fc02e72e6c8442fdbd27aa3bd8e76a5
Tags:	exe
Infos:

Detection

Nanocore

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Sigma detected: NanoCore

Yara detected AntiVM3

Detected Nanocore Rat

Yara detected Nanocore RAT

Snort IDS alert for network traffic

Writes to foreign memory regions

.NET source code references suspicious native API functions

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

.NET source code contains potential unpacker

Injects a PE file into a foreign processes

C2 URLs / IPs found in malware configuration

Hides that the sample has been downloaded from the Internet (zone.identifier)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Antivirus or Machine Learning detection for unpacked file

May sleep (evasive loops) to hinder dynamic analysis

Internet Provider seen in connection with other malware

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Installs a raw input device (often for capturing keystrokes)

Sample file is different than original file name gathered from version info

PE file contains strange resources

Drops PE files

Detected TCP or UDP traffic on non-standard ports

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Trojan.PackedNET.331.28355.exe (PID: 5012 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe" MD5: 1F04C12AB3A22F6806D30BACB7552F19)

RegSvcs.exe (PID: 4736 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 2867A3817C9245F7CF518524DFD18F28)

dhcpmon.exe (PID: 6792 cmdline: "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" MD5: 2867A3817C9245F7CF518524DFD18F28)

conhost.exe (PID: 5536 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "484915e0-ae38-4675-9bf6-0f4a5bd5", "Domain1": "youngnonte.hopto.org", "Domain2": "91.193.75.133", "Port": 2323, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000004.00000000.408831258.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000004.00000000.408831258.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000004.00000000.408831258.0000000000402000.00000040.00000400.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000004.00000000.409213843.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000004.00000000.409213843.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000004.00000000.409213843.0000000000402000.00000040.00000400.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000004.00000002.631819376.0000000005E30000.00000004.08000000.00040000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
00000004.00000002.631819376.0000000005E30000.00000004.08000000.00040000.00000000.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
00000004.00000002.631819376.0000000005E30000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000004.00000002.631819376.0000000005E30000.00000004.08000000.00040000.00000000.sdmp	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xf778:$x2: NanoCore.ClientPlugin 0xf7ad:$x3: NanoCore.ClientPluginHost 0xf76c:$i2: IClientData 0xf78e:$i3: IClientNetwork 0xf79d:$i5: IClientDataHost 0xf7c7:$i6: IClientLoggingHost 0xf7da:$i7: IClientNetworkHost 0xf7ed:$i8: IClientUIHost 0xf7fb:$i9: IClientNameObjectCollection 0xf817:$i10: IClientReadOnlyNameObjectCollection 0xf56a:$s1: ClientPlugin 0xf781:$s1: ClientPlugin 0x147a2:$s6: get_ClientSettings
00000000.00000002.415299432.0000000002EE8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000004.00000000.408232276.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000004.00000000.408232276.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000004.00000000.408232276.0000000000402000.00000040.00000400.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000004.00000002.629684099.0000000003C51000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000000.00000002.414167821.0000000002D81000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000000.00000002.416862550.0000000003F52000.00000004.00000800.00020000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x4f26d:$x1: NanoCore.ClientPluginHost 0x81c8d:$x1: NanoCore.ClientPluginHost 0xb44ad:$x1: NanoCore.ClientPluginHost 0x4f2aa:$x2: IClientNetworkHost 0x81cca:$x2: IClientNetworkHost 0xb44ea:$x2: IClientNetworkHost 0x52ddd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x857fd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0xb801d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000000.00000002.416862550.0000000003F52000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000000.00000002.416862550.0000000003F52000.00000004.00000800.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x4efd5:$a: NanoCore 0x4efe5:$a: NanoCore 0x4f219:$a: NanoCore 0x4f22d:$a: NanoCore 0x4f26d:$a: NanoCore 0x819f5:$a: NanoCore 0x81a05:$a: NanoCore 0x81c39:$a: NanoCore 0x81c4d:$a: NanoCore 0x81c8d:$a: NanoCore 0xb4215:$a: NanoCore 0xb4225:$a: NanoCore 0xb4459:$a: NanoCore 0xb446d:$a: NanoCore 0xb44ad:$a: NanoCore 0x4f034:$b: ClientPlugin 0x4f236:$b: ClientPlugin 0x4f276:$b: ClientPlugin 0x81a54:$b: ClientPlugin 0x81c56:$b: ClientPlugin 0x81c96:$b: ClientPlugin
00000004.00000002.626920584.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000004.00000002.626920584.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000004.00000002.626920584.0000000000402000.00000040.00000400.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000004.00000002.628123506.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000004.00000002.631747506.0000000005D90000.00000004.08000000.00040000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
00000004.00000002.631747506.0000000005D90000.00000004.08000000.00040000.00000000.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
00000004.00000002.631747506.0000000005D90000.00000004.08000000.00040000.00000000.sdmp	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe38:$x2: NanoCore.ClientPlugin 0xe75:$x3: NanoCore.ClientPluginHost 0xe5a:$i1: IClientApp 0xe4e:$i2: IClientData 0xe29:$i3: IClientNetwork 0xec3:$i4: IClientAppHost 0xe65:$i5: IClientDataHost 0xeb0:$i6: IClientLoggingHost 0xe8f:$i7: IClientNetworkHost 0xea2:$i8: IClientUIHost 0xed2:$i9: IClientNameObjectCollection 0xef7:$i10: IClientReadOnlyNameObjectCollection 0xe41:$s1: ClientPlugin 0x177c:$s1: ClientPlugin 0x1789:$s1: ClientPlugin 0x11f9:$s6: get_ClientSettings 0x1249:$s7: get_Connected
00000004.00000000.409721909.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000004.00000000.409721909.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000004.00000000.409721909.0000000000402000.00000040.00000400.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
Process Memory Space: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe PID: 5012	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x77335:$x1: NanoCore.ClientPluginHost 0x77372:$x2: IClientNetworkHost 0x7ae5a:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x85ed8:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x91e90:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x9d278:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
Process Memory Space: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe PID: 5012	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe PID: 5012	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe PID: 5012	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x77002:$a: NanoCore 0x77012:$a: NanoCore 0x770d1:$a: NanoCore 0x770e0:$a: NanoCore 0x772e1:$a: NanoCore 0x772f5:$a: NanoCore 0x77335:$a: NanoCore 0x82542:$a: NanoCore 0x82554:$a: NanoCore 0x82590:$a: NanoCore 0x8e4fa:$a: NanoCore 0x8e50c:$a: NanoCore 0x8e548:$a: NanoCore 0x998e2:$a: NanoCore 0x998f4:$a: NanoCore 0x99930:$a: NanoCore 0x77061:$b: ClientPlugin 0x7712a:$b: ClientPlugin 0x772fe:$b: ClientPlugin 0x7733e:$b: ClientPlugin 0x8255d:$b: ClientPlugin
Process Memory Space: RegSvcs.exe PID: 4736	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x79b3:$x1: NanoCore.ClientPluginHost 0x314e5:$x1: NanoCore.ClientPluginHost 0x66375:$x1: NanoCore.ClientPluginHost 0x78138:$x1: NanoCore.ClientPluginHost 0xa5810:$x1: NanoCore.ClientPluginHost 0x79f0:$x2: IClientNetworkHost 0x31512:$x2: IClientNetworkHost 0x663a2:$x2: IClientNetworkHost 0x78152:$x2: IClientNetworkHost 0xa582a:$x2: IClientNetworkHost 0xb4e1:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x16567:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
Process Memory Space: RegSvcs.exe PID: 4736	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: RegSvcs.exe PID: 4736	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x7680:$a: NanoCore 0x7690:$a: NanoCore 0x774f:$a: NanoCore 0x775e:$a: NanoCore 0x795f:$a: NanoCore 0x7973:$a: NanoCore 0x79b3:$a: NanoCore 0x12bd1:$a: NanoCore 0x12be3:$a: NanoCore 0x12c1f:$a: NanoCore 0x3149b:$a: NanoCore 0x314b0:$a: NanoCore 0x314e5:$a: NanoCore 0x36667:$a: NanoCore 0x3667a:$a: NanoCore 0x366ac:$a: NanoCore 0x6632b:$a: NanoCore 0x66340:$a: NanoCore 0x66375:$a: NanoCore 0x67e4f:$a: NanoCore 0x67e62:$a: NanoCore
Click to see the 31 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
4.2.RegSvcs.exe.5e30000.6.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
4.2.RegSvcs.exe.5e30000.6.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
4.2.RegSvcs.exe.5e30000.6.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
4.2.RegSvcs.exe.5e30000.6.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xf778:$x2: NanoCore.ClientPlugin 0xf7ad:$x3: NanoCore.ClientPluginHost 0xf76c:$i2: IClientData 0xf78e:$i3: IClientNetwork 0xf79d:$i5: IClientDataHost 0xf7c7:$i6: IClientLoggingHost 0xf7da:$i7: IClientNetworkHost 0xf7ed:$i8: IClientUIHost 0xf7fb:$i9: IClientNameObjectCollection 0xf817:$i10: IClientReadOnlyNameObjectCollection 0xf56a:$s1: ClientPlugin 0xf781:$s1: ClientPlugin 0x147a2:$s6: get_ClientSettings
4.2.RegSvcs.exe.3c58a48.3.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
4.2.RegSvcs.exe.3c58a48.3.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
4.2.RegSvcs.exe.3c58a48.3.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
4.2.RegSvcs.exe.3c58a48.3.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xd978:$x2: NanoCore.ClientPlugin 0xd9ad:$x3: NanoCore.ClientPluginHost 0xd96c:$i2: IClientData 0xd98e:$i3: IClientNetwork 0xd99d:$i5: IClientDataHost 0xd9c7:$i6: IClientLoggingHost 0xd9da:$i7: IClientNetworkHost 0xd9ed:$i8: IClientUIHost 0xd9fb:$i9: IClientNameObjectCollection 0xda17:$i10: IClientReadOnlyNameObjectCollection 0xd76a:$s1: ClientPlugin 0xd981:$s1: ClientPlugin 0x129a2:$s6: get_ClientSettings
4.0.RegSvcs.exe.400000.2.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
4.0.RegSvcs.exe.400000.2.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
4.0.RegSvcs.exe.400000.2.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
4.0.RegSvcs.exe.400000.2.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
4.0.RegSvcs.exe.400000.2.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
4.2.RegSvcs.exe.5d90000.4.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
4.2.RegSvcs.exe.5d90000.4.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
4.2.RegSvcs.exe.5d90000.4.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe38:$x2: NanoCore.ClientPlugin 0xe75:$x3: NanoCore.ClientPluginHost 0xe5a:$i1: IClientApp 0xe4e:$i2: IClientData 0xe29:$i3: IClientNetwork 0xec3:$i4: IClientAppHost 0xe65:$i5: IClientDataHost 0xeb0:$i6: IClientLoggingHost 0xe8f:$i7: IClientNetworkHost 0xea2:$i8: IClientUIHost 0xed2:$i9: IClientNameObjectCollection 0xef7:$i10: IClientReadOnlyNameObjectCollection 0xe41:$s1: ClientPlugin 0x177c:$s1: ClientPlugin 0x1789:$s1: ClientPlugin 0x11f9:$s6: get_ClientSettings 0x1249:$s7: get_Connected
4.2.RegSvcs.exe.5e30000.6.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
4.2.RegSvcs.exe.5e30000.6.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
4.2.RegSvcs.exe.5e30000.6.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
4.2.RegSvcs.exe.5e30000.6.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xd978:$x2: NanoCore.ClientPlugin 0xd9ad:$x3: NanoCore.ClientPluginHost 0xd96c:$i2: IClientData 0xd98e:$i3: IClientNetwork 0xd99d:$i5: IClientDataHost 0xd9c7:$i6: IClientLoggingHost 0xd9da:$i7: IClientNetworkHost 0xd9ed:$i8: IClientUIHost 0xd9fb:$i9: IClientNameObjectCollection 0xda17:$i10: IClientReadOnlyNameObjectCollection 0xd76a:$s1: ClientPlugin 0xd981:$s1: ClientPlugin 0x129a2:$s6: get_ClientSettings
4.2.RegSvcs.exe.400000.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
4.2.RegSvcs.exe.400000.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
4.2.RegSvcs.exe.400000.0.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
4.2.RegSvcs.exe.400000.0.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
4.2.RegSvcs.exe.400000.0.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
4.0.RegSvcs.exe.400000.1.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
4.0.RegSvcs.exe.400000.1.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
4.0.RegSvcs.exe.400000.1.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
4.0.RegSvcs.exe.400000.1.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
4.0.RegSvcs.exe.400000.1.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe38d:$x1: NanoCore.ClientPluginHost 0xe3ca:$x2: IClientNetworkHost 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe105:$x1: NanoCore Client.exe 0xe38d:$x2: NanoCore.ClientPluginHost 0xf9c6:$s1: PluginCommand 0xf9ba:$s2: FileCommand 0x1086b:$s3: PipeExists 0x16622:$s4: PipeCreated 0xe3b7:$s5: IClientLoggingHost
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe0f5:$x1: NanoCore Client 0xe105:$x1: NanoCore Client 0xe34d:$x2: NanoCore.ClientPlugin 0xe38d:$x3: NanoCore.ClientPluginHost 0xe342:$i1: IClientApp 0xe363:$i2: IClientData 0xe36f:$i3: IClientNetwork 0xe37e:$i4: IClientAppHost 0xe3a7:$i5: IClientDataHost 0xe3b7:$i6: IClientLoggingHost 0xe3ca:$i7: IClientNetworkHost 0xe3dd:$i8: IClientUIHost 0xe3eb:$i9: IClientNameObjectCollection 0xe407:$i10: IClientReadOnlyNameObjectCollection 0xe154:$s1: ClientPlugin 0xe356:$s1: ClientPlugin 0xe84a:$s2: EndPoint 0xe853:$s3: IPAddress 0xe85d:$s4: IPEndPoint 0x10293:$s6: get_ClientSettings 0x10837:$s7: get_Connected
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xe0f5:$a: NanoCore 0xe105:$a: NanoCore 0xe339:$a: NanoCore 0xe34d:$a: NanoCore 0xe38d:$a: NanoCore 0xe154:$b: ClientPlugin 0xe356:$b: ClientPlugin 0xe396:$b: ClientPlugin 0xe27b:$c: ProjectData 0xec82:$d: DESCrypto 0x1664e:$e: KeepAlive 0x1463c:$g: LogClientMessage 0x10837:$i: get_Connected 0xefb8:$j: #=q 0xefe8:$j: #=q 0xf004:$j: #=q 0xf034:$j: #=q 0xf050:$j: #=q 0xf06c:$j: #=q 0xf09c:$j: #=q 0xf0b8:$j: #=q
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe38d:$x1: NanoCore.ClientPluginHost 0xe3ca:$x2: IClientNetworkHost 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe105:$x1: NanoCore Client.exe 0xe38d:$x2: NanoCore.ClientPluginHost 0xf9c6:$s1: PluginCommand 0xf9ba:$s2: FileCommand 0x1086b:$s3: PipeExists 0x16622:$s4: PipeCreated 0xe3b7:$s5: IClientLoggingHost
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe0f5:$x1: NanoCore Client 0xe105:$x1: NanoCore Client 0xe34d:$x2: NanoCore.ClientPlugin 0xe38d:$x3: NanoCore.ClientPluginHost 0xe342:$i1: IClientApp 0xe363:$i2: IClientData 0xe36f:$i3: IClientNetwork 0xe37e:$i4: IClientAppHost 0xe3a7:$i5: IClientDataHost 0xe3b7:$i6: IClientLoggingHost 0xe3ca:$i7: IClientNetworkHost 0xe3dd:$i8: IClientUIHost 0xe3eb:$i9: IClientNameObjectCollection 0xe407:$i10: IClientReadOnlyNameObjectCollection 0xe154:$s1: ClientPlugin 0xe356:$s1: ClientPlugin 0xe84a:$s2: EndPoint 0xe853:$s3: IPAddress 0xe85d:$s4: IPEndPoint 0x10293:$s6: get_ClientSettings 0x10837:$s7: get_Connected
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xe0f5:$a: NanoCore 0xe105:$a: NanoCore 0xe339:$a: NanoCore 0xe34d:$a: NanoCore 0xe38d:$a: NanoCore 0xe154:$b: ClientPlugin 0xe356:$b: ClientPlugin 0xe396:$b: ClientPlugin 0xe27b:$c: ProjectData 0xec82:$d: DESCrypto 0x1664e:$e: KeepAlive 0x1463c:$g: LogClientMessage 0x10837:$i: get_Connected 0xefb8:$j: #=q 0xefe8:$j: #=q 0xf004:$j: #=q 0xf034:$j: #=q 0xf050:$j: #=q 0xf06c:$j: #=q 0xf09c:$j: #=q 0xf0b8:$j: #=q
4.0.RegSvcs.exe.400000.4.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
4.0.RegSvcs.exe.400000.4.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
4.0.RegSvcs.exe.400000.4.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
4.0.RegSvcs.exe.400000.4.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
4.0.RegSvcs.exe.400000.4.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
4.0.RegSvcs.exe.400000.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
4.0.RegSvcs.exe.400000.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
4.0.RegSvcs.exe.400000.0.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
4.0.RegSvcs.exe.400000.0.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
4.0.RegSvcs.exe.400000.0.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x429ad:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x429ea:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x4651d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x42725:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x429ad:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x43fe6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x43fda:$s2: FileCommand 0x1266b:$s3: PipeExists 0x44e8b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x4ac42:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost 0x429d7:$s5: IClientLoggingHost
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x42715:$x1: NanoCore Client 0x42725:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x4296d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x429ad:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x42962:$i1: IClientApp 0x10163:$i2: IClientData 0x42983:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x4298f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x4299e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x429c7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x429d7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0x42715:$a: NanoCore 0x42725:$a: NanoCore 0x42959:$a: NanoCore 0x4296d:$a: NanoCore 0x429ad:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x42774:$b: ClientPlugin 0x42976:$b: ClientPlugin 0x429b6:$b: ClientPlugin 0x1007b:$c: ProjectData 0x4289b:$c: ProjectData 0x10a82:$d: DESCrypto 0x432a2:$d: DESCrypto 0x1844e:$e: KeepAlive
4.2.RegSvcs.exe.3c5d071.2.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost
4.2.RegSvcs.exe.3c5d071.2.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost
4.2.RegSvcs.exe.3c5d071.2.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
4.2.RegSvcs.exe.3c5d071.2.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xb14f:$x2: NanoCore.ClientPlugin 0xb184:$x3: NanoCore.ClientPluginHost 0xb143:$i2: IClientData 0xb165:$i3: IClientNetwork 0xb174:$i5: IClientDataHost 0xb19e:$i6: IClientLoggingHost 0xb1b1:$i7: IClientNetworkHost 0xb1c4:$i8: IClientUIHost 0xb1d2:$i9: IClientNameObjectCollection 0xb1ee:$i10: IClientReadOnlyNameObjectCollection 0xaf41:$s1: ClientPlugin 0xb158:$s1: ClientPlugin 0x10179:$s6: get_ClientSettings
4.2.RegSvcs.exe.5e34629.5.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost
4.2.RegSvcs.exe.5e34629.5.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost
4.2.RegSvcs.exe.5e34629.5.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
4.2.RegSvcs.exe.5e34629.5.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xb14f:$x2: NanoCore.ClientPlugin 0xb184:$x3: NanoCore.ClientPluginHost 0xb143:$i2: IClientData 0xb165:$i3: IClientNetwork 0xb174:$i5: IClientDataHost 0xb19e:$i6: IClientLoggingHost 0xb1b1:$i7: IClientNetworkHost 0xb1c4:$i8: IClientUIHost 0xb1d2:$i9: IClientNameObjectCollection 0xb1ee:$i10: IClientReadOnlyNameObjectCollection 0xaf41:$s1: ClientPlugin 0xb158:$s1: ClientPlugin 0x10179:$s6: get_ClientSettings
4.2.RegSvcs.exe.3c58a48.3.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
4.2.RegSvcs.exe.3c58a48.3.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
4.2.RegSvcs.exe.3c58a48.3.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
4.2.RegSvcs.exe.3c58a48.3.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xf778:$x2: NanoCore.ClientPlugin 0xf7ad:$x3: NanoCore.ClientPluginHost 0xf76c:$i2: IClientData 0xf78e:$i3: IClientNetwork 0xf79d:$i5: IClientDataHost 0xf7c7:$i6: IClientLoggingHost 0xf7da:$i7: IClientNetworkHost 0xf7ed:$i8: IClientUIHost 0xf7fb:$i9: IClientNameObjectCollection 0xf817:$i10: IClientReadOnlyNameObjectCollection 0xf56a:$s1: ClientPlugin 0xf781:$s1: ClientPlugin 0x147a2:$s6: get_ClientSettings
4.0.RegSvcs.exe.400000.3.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
4.0.RegSvcs.exe.400000.3.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
4.0.RegSvcs.exe.400000.3.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
4.0.RegSvcs.exe.400000.3.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
4.0.RegSvcs.exe.400000.3.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x42bad:$x1: NanoCore.ClientPluginHost 0x753cd:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x42bea:$x2: IClientNetworkHost 0x7540a:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x4671d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x78f3d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x42915:$x1: NanoCore Client 0x42925:$x1: NanoCore Client 0x75135:$x1: NanoCore Client 0x75145:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x42b6d:$x2: NanoCore.ClientPlugin 0x7538d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x42bad:$x3: NanoCore.ClientPluginHost 0x753cd:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x42b62:$i1: IClientApp 0x75382:$i1: IClientApp 0x10163:$i2: IClientData 0x42b83:$i2: IClientData 0x753a3:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x42b8f:$i3: IClientNetwork 0x753af:$i3: IClientNetwork
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0x42915:$a: NanoCore 0x42925:$a: NanoCore 0x42b59:$a: NanoCore 0x42b6d:$a: NanoCore 0x42bad:$a: NanoCore 0x75135:$a: NanoCore 0x75145:$a: NanoCore 0x75379:$a: NanoCore 0x7538d:$a: NanoCore 0x753cd:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x42974:$b: ClientPlugin 0x42b76:$b: ClientPlugin 0x42bb6:$b: ClientPlugin
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f52ac0.7.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x4e7ad:$x1: NanoCore.ClientPluginHost 0x811cd:$x1: NanoCore.ClientPluginHost 0xb39ed:$x1: NanoCore.ClientPluginHost 0x4e7ea:$x2: IClientNetworkHost 0x8120a:$x2: IClientNetworkHost 0xb3a2a:$x2: IClientNetworkHost 0x5231d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x84d3d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0xb755d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f52ac0.7.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f52ac0.7.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0x4e515:$x1: NanoCore Client 0x4e525:$x1: NanoCore Client 0x80f35:$x1: NanoCore Client 0x80f45:$x1: NanoCore Client 0xb3755:$x1: NanoCore Client 0xb3765:$x1: NanoCore Client 0x4e76d:$x2: NanoCore.ClientPlugin 0x8118d:$x2: NanoCore.ClientPlugin 0xb39ad:$x2: NanoCore.ClientPlugin 0x4e7ad:$x3: NanoCore.ClientPluginHost 0x811cd:$x3: NanoCore.ClientPluginHost 0xb39ed:$x3: NanoCore.ClientPluginHost 0x4e762:$i1: IClientApp 0x81182:$i1: IClientApp 0xb39a2:$i1: IClientApp 0x4e783:$i2: IClientData 0x811a3:$i2: IClientData 0xb39c3:$i2: IClientData 0x4e78f:$i3: IClientNetwork 0x811af:$i3: IClientNetwork 0xb39cf:$i3: IClientNetwork
0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f52ac0.7.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x4e515:$a: NanoCore 0x4e525:$a: NanoCore 0x4e759:$a: NanoCore 0x4e76d:$a: NanoCore 0x4e7ad:$a: NanoCore 0x80f35:$a: NanoCore 0x80f45:$a: NanoCore 0x81179:$a: NanoCore 0x8118d:$a: NanoCore 0x811cd:$a: NanoCore 0xb3755:$a: NanoCore 0xb3765:$a: NanoCore 0xb3999:$a: NanoCore 0xb39ad:$a: NanoCore 0xb39ed:$a: NanoCore 0x4e574:$b: ClientPlugin 0x4e776:$b: ClientPlugin 0x4e7b6:$b: ClientPlugin 0x80f94:$b: ClientPlugin 0x81196:$b: ClientPlugin 0x811d6:$b: ClientPlugin
4.2.RegSvcs.exe.2c29e44.1.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
4.2.RegSvcs.exe.2c29e44.1.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
4.2.RegSvcs.exe.2c29e44.1.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe38:$x2: NanoCore.ClientPlugin 0xe75:$x3: NanoCore.ClientPluginHost 0xe5a:$i1: IClientApp 0xe4e:$i2: IClientData 0xe29:$i3: IClientNetwork 0xec3:$i4: IClientAppHost 0xe65:$i5: IClientDataHost 0xeb0:$i6: IClientLoggingHost 0xe8f:$i7: IClientNetworkHost 0xea2:$i8: IClientUIHost 0xed2:$i9: IClientNameObjectCollection 0xef7:$i10: IClientReadOnlyNameObjectCollection 0xe41:$s1: ClientPlugin 0x177c:$s1: ClientPlugin 0x1789:$s1: ClientPlugin 0x11f9:$s6: get_ClientSettings 0x1249:$s7: get_Connected
Click to see the 78 entries

Sigma Signatures

AV Detection

Sigma detected: NanoCore

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ProcessId: 4736, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

E-Banking Fraud

Sigma detected: NanoCore

Source: File created

Stealing of Sensitive Information

Sigma detected: NanoCore

Source: File created

Remote Access Functionality

Sigma detected: NanoCore

Source: File created

Snort Signatures

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon - Source IP: 192.168.2.7 - Destination IP: 91.193.75.133

Timestamp:	192.168.2.791.193.75.1334979723232816718 05/11/22-10:42:39.036019
SID:	2816718
Source Port:	49797
Destination Port:	2323
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.7 - Destination IP: 91.193.75.133

Timestamp:	192.168.2.791.193.75.1334985723232816766 05/11/22-10:43:23.924010
SID:	2816766
Source Port:	49857
Destination Port:	2323
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.7 - Destination IP: 91.193.75.133

Timestamp:	192.168.2.791.193.75.1334987523232816766 05/11/22-10:43:44.394960
SID:	2816766
Source Port:	49875
Destination Port:	2323
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.7 - Destination IP: 91.193.75.133

Timestamp:	192.168.2.791.193.75.1334986923232816766 05/11/22-10:43:31.252983
SID:	2816766
Source Port:	49869
Destination Port:	2323
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.7 - Destination IP: 91.193.75.133

Timestamp:	192.168.2.791.193.75.1334979723232816766 05/11/22-10:42:39.036019
SID:	2816766
Source Port:	49797
Destination Port:	2323
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.7 - Destination IP: 91.193.75.133

Timestamp:	192.168.2.791.193.75.1334982123232816766 05/11/22-10:43:17.029709
SID:	2816766
Source Port:	49821
Destination Port:	2323
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.7 - Destination IP: 91.193.75.133

Timestamp:	192.168.2.791.193.75.1334980323232816766 05/11/22-10:42:46.018391
SID:	2816766
Source Port:	49803
Destination Port:	2323
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.7 - Destination IP: 91.193.75.133

Timestamp:	192.168.2.791.193.75.1334980923232816766 05/11/22-10:43:06.473922
SID:	2816766
Source Port:	49809
Destination Port:	2323
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.7 - Destination IP: 91.193.75.133

Timestamp:	192.168.2.791.193.75.1334987323232816766 05/11/22-10:43:38.940134
SID:	2816766
Source Port:	49873
Destination Port:	2323
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.7 - Destination IP: 91.193.75.133

Timestamp:	192.168.2.791.193.75.1334978723232816766 05/11/22-10:42:24.860231
SID:	2816766
Source Port:	49787
Destination Port:	2323
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.7 - Destination IP: 91.193.75.133

Timestamp:	192.168.2.791.193.75.1334980723232816766 05/11/22-10:42:53.078454
SID:	2816766
Source Port:	49807
Destination Port:	2323
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.7 - Destination IP: 91.193.75.133

Timestamp:	192.168.2.791.193.75.1334977723232816766 05/11/22-10:42:09.828204
SID:	2816766
Source Port:	49777
Destination Port:	2323
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon - Source IP: 192.168.2.7 - Destination IP: 91.193.75.133

Timestamp:	192.168.2.791.193.75.1334987323232816718 05/11/22-10:43:38.940134
SID:	2816718
Source Port:	49873
Destination Port:	2323
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.7 - Destination IP: 91.193.75.133

Timestamp:	192.168.2.791.193.75.1334979423232816766 05/11/22-10:42:31.876458
SID:	2816766
Source Port:	49794
Destination Port:	2323
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keepalive Response 1 - Source IP: 91.193.75.133 - Destination IP: 192.168.2.7

Timestamp:	91.193.75.133192.168.2.72323498212810290 05/11/22-10:43:15.841800
SID:	2810290
Source Port:	2323
Destination Port:	49821
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.7 - Destination IP: 91.193.75.133

Timestamp:	192.168.2.791.193.75.1334978223232816766 05/11/22-10:42:17.828455
SID:	2816766
Source Port:	49782
Destination Port:	2323
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.7 - Destination IP: 91.193.75.133

Timestamp:	192.168.2.791.193.75.1334980823232816766 05/11/22-10:43:00.269339
SID:	2816766
Source Port:	49808
Destination Port:	2323
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 00000004.00000002.629684099.0000000003C51000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "484915e0-ae38-4675-9bf6-0f4a5bd5", "Domain1": "youngnonte.hopto.org", "Domain2": "91.193.75.133", "Port": 2323, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

ReversingLabs: Detection: 31%

Yara detected Nanocore RAT

Source: Yara match	File source: 4.2.RegSvcs.exe.5e30000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.3c58a48.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.5e30000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.3c5d071.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.5e34629.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.3c58a48.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f52ac0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000000.408831258.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.409213843.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.631819376.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.408232276.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.629684099.0000000003C51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.416862550.0000000003F52000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.626920584.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.628123506.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.409721909.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe PID: 5012, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 4736, type: MEMORYSTR

Source: 4.0.RegSvcs.exe.400000.2.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 4.2.RegSvcs.exe.400000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 4.0.RegSvcs.exe.400000.1.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 4.2.RegSvcs.exe.5e30000.6.unpack	Avira: Label: TR/NanoCore.fadte
Source: 4.0.RegSvcs.exe.400000.4.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 4.0.RegSvcs.exe.400000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 4.0.RegSvcs.exe.400000.3.unpack	Avira: Label: TR/Dropper.MSIL.Gen7

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: (PVo,C:\Windows\System.pdb source: RegSvcs.exe, 00000004.00000002.632443926.0000000006BEC000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: symbols\dll\System.pdb*Z source: RegSvcs.exe, 00000004.00000002.632443926.0000000006BEC000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: RegSvcs.pdb, source: dhcpmon.exe, 00000008.00000002.443557316.0000000000F72000.00000002.00000001.01000000.00000009.sdmp, dhcpmon.exe.4.dr
Source:	Binary string: ?.pdb source: RegSvcs.exe, 00000004.00000002.632443926.0000000006BEC000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: RegSvcs.pdb source: dhcpmon.exe, dhcpmon.exe, 00000008.00000002.443557316.0000000000F72000.00000002.00000001.01000000.00000009.sdmp, dhcpmon.exe.4.dr
Source:	Binary string: System.pdb source: RegSvcs.exe, 00000004.00000002.632443926.0000000006BEC000.00000004.00000010.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000003.425820771.00000000060BB000.00000004.00000800.00020000.00000000.sdmp

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.7:49777 -> 91.193.75.133:2323
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.7:49782 -> 91.193.75.133:2323
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.7:49787 -> 91.193.75.133:2323
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.7:49794 -> 91.193.75.133:2323
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.7:49797 -> 91.193.75.133:2323
Source: Traffic	Snort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.2.7:49797 -> 91.193.75.133:2323
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.7:49803 -> 91.193.75.133:2323
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.7:49807 -> 91.193.75.133:2323
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.7:49808 -> 91.193.75.133:2323
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.7:49809 -> 91.193.75.133:2323
Source: Traffic	Snort IDS: 2810290 ETPRO TROJAN NanoCore RAT Keepalive Response 1 91.193.75.133:2323 -> 192.168.2.7:49821
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.7:49821 -> 91.193.75.133:2323
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.7:49857 -> 91.193.75.133:2323
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.7:49869 -> 91.193.75.133:2323
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.7:49873 -> 91.193.75.133:2323
Source: Traffic	Snort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.2.7:49873 -> 91.193.75.133:2323
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.7:49875 -> 91.193.75.133:2323

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: youngnonte.hopto.org
Source: Malware configuration extractor	URLs: 91.193.75.133

Source: Joe Sandbox View

ASN Name: DAVID_CRAIGGG DAVID_CRAIGGG

Source: Joe Sandbox View

IP Address: 91.193.75.133 91.193.75.133

Source: global traffic

TCP traffic: 192.168.2.7:49777 -> 91.193.75.133:2323

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: dhcpmon.exe, 00000008.00000002.444043931.0000000001642000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.c#
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn

Source: unknown

DNS traffic detected: queries for: youngnonte.hopto.org

Source: RegSvcs.exe, 00000004.00000002.631819376.0000000005E30000.00000004.08000000.00040000.00000000.sdmp

Binary or memory string: RegisterRawInputDevices

E-Banking Fraud

Yara detected Nanocore RAT

Source: Yara match	File source: 4.2.RegSvcs.exe.5e30000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.3c58a48.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.5e30000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.3c5d071.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.5e34629.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.3c58a48.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f52ac0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000000.408831258.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.409213843.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.631819376.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.408232276.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.629684099.0000000003C51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.416862550.0000000003F52000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.626920584.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.628123506.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.409721909.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe PID: 5012, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 4736, type: MEMORYSTR

System Summary

Malicious sample detected (through community Yara rule)

Source: 4.2.RegSvcs.exe.5e30000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 4.2.RegSvcs.exe.5e30000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 4.2.RegSvcs.exe.3c58a48.3.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 4.2.RegSvcs.exe.3c58a48.3.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 4.0.RegSvcs.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 4.0.RegSvcs.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 4.0.RegSvcs.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 4.2.RegSvcs.exe.5d90000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 4.2.RegSvcs.exe.5d90000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 4.2.RegSvcs.exe.5e30000.6.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 4.2.RegSvcs.exe.5e30000.6.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 4.0.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 4.0.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 4.0.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 4.0.RegSvcs.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 4.0.RegSvcs.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 4.0.RegSvcs.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 4.0.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 4.0.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 4.0.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 4.2.RegSvcs.exe.3c5d071.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 4.2.RegSvcs.exe.3c5d071.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 4.2.RegSvcs.exe.5e34629.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 4.2.RegSvcs.exe.5e34629.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 4.2.RegSvcs.exe.3c58a48.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 4.2.RegSvcs.exe.3c58a48.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 4.0.RegSvcs.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 4.0.RegSvcs.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 4.0.RegSvcs.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f52ac0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f52ac0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f52ac0.7.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 4.2.RegSvcs.exe.2c29e44.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 4.2.RegSvcs.exe.2c29e44.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000004.00000000.408831258.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000004.00000000.408831258.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000004.00000000.409213843.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000004.00000000.409213843.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000004.00000002.631819376.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000004.00000002.631819376.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000004.00000000.408232276.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000004.00000000.408232276.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000000.00000002.416862550.0000000003F52000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000002.416862550.0000000003F52000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000004.00000002.626920584.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000004.00000002.626920584.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000004.00000002.631747506.0000000005D90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000004.00000002.631747506.0000000005D90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000004.00000000.409721909.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000004.00000000.409721909.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe PID: 5012, type: MEMORYSTR	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe PID: 5012, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: RegSvcs.exe PID: 4736, type: MEMORYSTR	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: RegSvcs.exe PID: 4736, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: 4.2.RegSvcs.exe.5e30000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 4.2.RegSvcs.exe.5e30000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.2.RegSvcs.exe.5e30000.6.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 4.2.RegSvcs.exe.3c58a48.3.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 4.2.RegSvcs.exe.3c58a48.3.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.2.RegSvcs.exe.3c58a48.3.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 4.0.RegSvcs.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 4.0.RegSvcs.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.0.RegSvcs.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 4.0.RegSvcs.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 4.2.RegSvcs.exe.5d90000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 4.2.RegSvcs.exe.5d90000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.2.RegSvcs.exe.5d90000.4.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 4.2.RegSvcs.exe.5e30000.6.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 4.2.RegSvcs.exe.5e30000.6.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.2.RegSvcs.exe.5e30000.6.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 4.0.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 4.0.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.0.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 4.0.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 4.0.RegSvcs.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 4.0.RegSvcs.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.0.RegSvcs.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 4.0.RegSvcs.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 4.0.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 4.0.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.0.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 4.0.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 4.2.RegSvcs.exe.3c5d071.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 4.2.RegSvcs.exe.3c5d071.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.2.RegSvcs.exe.3c5d071.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 4.2.RegSvcs.exe.5e34629.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 4.2.RegSvcs.exe.5e34629.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.2.RegSvcs.exe.5e34629.5.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 4.2.RegSvcs.exe.3c58a48.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 4.2.RegSvcs.exe.3c58a48.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.2.RegSvcs.exe.3c58a48.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 4.0.RegSvcs.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 4.0.RegSvcs.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.0.RegSvcs.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 4.0.RegSvcs.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f52ac0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f52ac0.7.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f52ac0.7.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 4.2.RegSvcs.exe.2c29e44.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 4.2.RegSvcs.exe.2c29e44.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.2.RegSvcs.exe.2c29e44.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000004.00000000.408831258.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000004.00000000.408831258.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000004.00000000.409213843.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000004.00000000.409213843.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000004.00000002.631819376.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000004.00000002.631819376.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000004.00000002.631819376.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000004.00000000.408232276.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000004.00000000.408232276.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000000.00000002.416862550.0000000003F52000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000000.00000002.416862550.0000000003F52000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000004.00000002.626920584.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000004.00000002.626920584.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000004.00000002.631747506.0000000005D90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000004.00000002.631747506.0000000005D90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000004.00000002.631747506.0000000005D90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000004.00000000.409721909.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000004.00000000.409721909.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe PID: 5012, type: MEMORYSTR	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe PID: 5012, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: RegSvcs.exe PID: 4736, type: MEMORYSTR	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: RegSvcs.exe PID: 4736, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_02BDE480	4_2_02BDE480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_02BDE47B	4_2_02BDE47B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_02BDBBD4	4_2_02BDBBD4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_06320040	4_2_06320040

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.420481115.00000000077F0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameDotNetZipAdditionalPlatforms.dllZ vs SecuriteInfo.com.Trojan.PackedNET.331.28355.exe
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.411953086.0000000000A7D000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameTypeLoadExceptionHol.exeD vs SecuriteInfo.com.Trojan.PackedNET.331.28355.exe
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000003.401361767.0000000003E36000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDotNetZipAdditionalPlatforms.dllZ vs SecuriteInfo.com.Trojan.PackedNET.331.28355.exe
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Binary or memory string: OriginalFilenameTypeLoadExceptionHol.exeD vs SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

ReversingLabs: Detection: 31%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe:Zone.Identifier

Jump to behavior

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source: unknown	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe"
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.log

Jump to behavior

Source: classification engine

Classification label: mal100.troj.evad.winEXE@5/6@14/2

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000000.360395771.0000000000962000.00000002.00000001.01000000.00000003.sdmp

Binary or memory string: SELECT TOP 1 FirstDate FROM OrderData WHERE `Order`="{0}" ORDER BY FirstDate ASCmUPDATE OrderData SET PINCode="{1}" WHERE PINCode="{0}"ACREATE DATABASE `{0}`; USE `{0}`

Source: 4.0.RegSvcs.exe.400000.2.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 4.0.RegSvcs.exe.400000.2.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 4.0.RegSvcs.exe.400000.3.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 4.0.RegSvcs.exe.400000.3.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 4.0.RegSvcs.exe.400000.1.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 4.0.RegSvcs.exe.400000.1.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 4.0.RegSvcs.exe.400000.4.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 4.0.RegSvcs.exe.400000.4.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 4.0.RegSvcs.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 4.0.RegSvcs.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 4.2.RegSvcs.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 4.2.RegSvcs.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Mutant created: \Sessions\1\BaseNamedObjects\JolrnQINyAZG
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{484915e0-ae38-4675-9bf6-0f4a5bd5837c}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5536:120:WilError_01

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

File created: C:\Program Files (x86)\DHCP Monitor

Jump to behavior

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	String found in binary or memory: user-add
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	String found in binary or memory: note-add
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	String found in binary or memory: <!--StartFragment -->
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	String found in binary or memory: user-add
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	String found in binary or memory: note-add
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	String found in binary or memory: <<<<<<<3+<!--StartFragment -->

Source: 4.0.RegSvcs.exe.400000.2.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 4.0.RegSvcs.exe.400000.2.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 4.0.RegSvcs.exe.400000.2.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 4.2.RegSvcs.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 4.2.RegSvcs.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 4.2.RegSvcs.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 4.0.RegSvcs.exe.400000.1.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 4.0.RegSvcs.exe.400000.1.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 4.0.RegSvcs.exe.400000.1.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

Static file information: File size 1173504 > 1048576

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x108c00

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: (PVo,C:\Windows\System.pdb source: RegSvcs.exe, 00000004.00000002.632443926.0000000006BEC000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: symbols\dll\System.pdb*Z source: RegSvcs.exe, 00000004.00000002.632443926.0000000006BEC000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: RegSvcs.pdb, source: dhcpmon.exe, 00000008.00000002.443557316.0000000000F72000.00000002.00000001.01000000.00000009.sdmp, dhcpmon.exe.4.dr
Source:	Binary string: ?.pdb source: RegSvcs.exe, 00000004.00000002.632443926.0000000006BEC000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: RegSvcs.pdb source: dhcpmon.exe, dhcpmon.exe, 00000008.00000002.443557316.0000000000F72000.00000002.00000001.01000000.00000009.sdmp, dhcpmon.exe.4.dr
Source:	Binary string: System.pdb source: RegSvcs.exe, 00000004.00000002.632443926.0000000006BEC000.00000004.00000010.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000003.425820771.00000000060BB000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, JobClock/frmJobClock.cs	.Net Code: ????????????????????????????????????????? System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 0.0.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.960000.0.unpack, JobClock/frmJobClock.cs	.Net Code: ????????????????????????????????????????? System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.960000.0.unpack, JobClock/frmJobClock.cs	.Net Code: ????????????????????????????????????????? System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 4.0.RegSvcs.exe.400000.2.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 4.0.RegSvcs.exe.400000.2.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 4.2.RegSvcs.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 4.2.RegSvcs.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 4.0.RegSvcs.exe.400000.1.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 4.0.RegSvcs.exe.400000.1.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 4.0.RegSvcs.exe.400000.4.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 4.0.RegSvcs.exe.400000.4.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 4.0.RegSvcs.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 4.0.RegSvcs.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 4.0.RegSvcs.exe.400000.3.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 4.0.RegSvcs.exe.400000.3.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Source: initial sample

Static PE information: section name: .text entropy: 7.16329250729

Source: 4.0.RegSvcs.exe.400000.2.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 4.0.RegSvcs.exe.400000.2.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 4.2.RegSvcs.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 4.2.RegSvcs.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 4.0.RegSvcs.exe.400000.1.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 4.0.RegSvcs.exe.400000.1.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 4.0.RegSvcs.exe.400000.4.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 4.0.RegSvcs.exe.400000.4.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 4.0.RegSvcs.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 4.0.RegSvcs.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 4.0.RegSvcs.exe.400000.3.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 4.0.RegSvcs.exe.400000.3.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

File created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: 00000000.00000002.415299432.0000000002EE8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.414167821.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe PID: 5012, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.415299432.0000000002EE8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.414167821.0000000002D81000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.415299432.0000000002EE8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.414167821.0000000002D81000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe TID: 1188	Thread sleep time: -45733s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe TID: 6392	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 6992	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Window / User API: threadDelayed 5903	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Window / User API: threadDelayed 3351	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Window / User API: foregroundWindowGot 843	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Thread delayed: delay time: 45733	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.414167821.0000000002D81000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.414167821.0000000002D81000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: RegSvcs.exe, 00000004.00000002.631933252.0000000006090000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllG[
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.414167821.0000000002D81000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.414167821.0000000002D81000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Writes to foreign memory regions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 402000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 420000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 422000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: A18008	Jump to behavior

.NET source code references suspicious native API functions

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, JobClock/KeyboardInfo.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32.dll')
Source: 0.0.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.960000.0.unpack, JobClock/KeyboardInfo.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32.dll')
Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.960000.0.unpack, JobClock/KeyboardInfo.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32.dll')
Source: 4.0.RegSvcs.exe.400000.2.unpack, u0023u003dqjryTBW16mUfo_ItH9KWoGQu003du003d.cs	Reference to suspicious API methods: ('#=qxG$Aklpbf6gyBfAqTMmORA==', 'OpenProcess@kernel32.dll'), ('#=qh7diH14jww3Fm9rMJ_jIfQ==', 'FindResourceEx@kernel32.dll')
Source: 4.2.RegSvcs.exe.400000.0.unpack, u0023u003dqjryTBW16mUfo_ItH9KWoGQu003du003d.cs	Reference to suspicious API methods: ('#=qxG$Aklpbf6gyBfAqTMmORA==', 'OpenProcess@kernel32.dll'), ('#=qh7diH14jww3Fm9rMJ_jIfQ==', 'FindResourceEx@kernel32.dll')
Source: 4.0.RegSvcs.exe.400000.1.unpack, u0023u003dqjryTBW16mUfo_ItH9KWoGQu003du003d.cs	Reference to suspicious API methods: ('#=qxG$Aklpbf6gyBfAqTMmORA==', 'OpenProcess@kernel32.dll'), ('#=qh7diH14jww3Fm9rMJ_jIfQ==', 'FindResourceEx@kernel32.dll')
Source: 4.0.RegSvcs.exe.400000.4.unpack, u0023u003dqjryTBW16mUfo_ItH9KWoGQu003du003d.cs	Reference to suspicious API methods: ('#=qxG$Aklpbf6gyBfAqTMmORA==', 'OpenProcess@kernel32.dll'), ('#=qh7diH14jww3Fm9rMJ_jIfQ==', 'FindResourceEx@kernel32.dll')
Source: 4.0.RegSvcs.exe.400000.0.unpack, u0023u003dqjryTBW16mUfo_ItH9KWoGQu003du003d.cs	Reference to suspicious API methods: ('#=qxG$Aklpbf6gyBfAqTMmORA==', 'OpenProcess@kernel32.dll'), ('#=qh7diH14jww3Fm9rMJ_jIfQ==', 'FindResourceEx@kernel32.dll')
Source: 4.0.RegSvcs.exe.400000.3.unpack, u0023u003dqjryTBW16mUfo_ItH9KWoGQu003du003d.cs	Reference to suspicious API methods: ('#=qxG$Aklpbf6gyBfAqTMmORA==', 'OpenProcess@kernel32.dll'), ('#=qh7diH14jww3Fm9rMJ_jIfQ==', 'FindResourceEx@kernel32.dll')

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Jump to behavior

Source: RegSvcs.exe, 00000004.00000002.628233352.0000000002C6F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Managerh+
Source: RegSvcs.exe, 00000004.00000002.629572921.000000000303B000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.628399868.0000000002D0F000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.629422526.0000000002FFB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: RegSvcs.exe, 00000004.00000002.628399868.0000000002D0F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerHaXkh
Source: RegSvcs.exe, 00000004.00000002.628399868.0000000002D0F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Managerx
Source: RegSvcs.exe, 00000004.00000002.632409728.000000000696E000.00000004.00000010.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.632329047.00000000065AD000.00000004.00000010.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.631721041.0000000005D1B000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: Program ManagerT
Source: RegSvcs.exe, 00000004.00000002.628399868.0000000002D0F000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.629422526.0000000002FFB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager`r

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Nanocore RAT

Source: Yara match	File source: 4.2.RegSvcs.exe.5e30000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.3c58a48.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.5e30000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.3c5d071.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.5e34629.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.3c58a48.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f52ac0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000000.408831258.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.409213843.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.631819376.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.408232276.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.629684099.0000000003C51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.416862550.0000000003F52000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.626920584.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.628123506.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.409721909.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe PID: 5012, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 4736, type: MEMORYSTR

Remote Access Functionality

Detected Nanocore Rat

Source: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.416862550.0000000003F52000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: RegSvcs.exe, 00000004.00000000.408831258.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: RegSvcs.exe, 00000004.00000002.631819376.0000000005E30000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: RegSvcs.exe, 00000004.00000002.629684099.0000000003C51000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: RegSvcs.exe, 00000004.00000002.628123506.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: RegSvcs.exe, 00000004.00000002.628123506.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: RegSvcs.exe, 00000004.00000002.631747506.0000000005D90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: RegSvcs.exe, 00000004.00000002.631747506.0000000005D90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll

Yara detected Nanocore RAT

Source: Yara match	File source: 4.2.RegSvcs.exe.5e30000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.3c58a48.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.5e30000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3fc3b00.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.3c5d071.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.5e34629.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.3c58a48.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.RegSvcs.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f910e0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.3f52ac0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000000.408831258.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.409213843.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.631819376.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.408232276.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.629684099.0000000003C51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.416862550.0000000003F52000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.626920584.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.628123506.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.409721909.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe PID: 5012, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 4736, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	2 Command and Scripting Interpreter	Path Interception	212 Process Injection	2 Masquerading	11 Input Capture	11 Security Software Discovery	Remote Services	11 Input Capture	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	1 Native API	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	11 Archive Collected Data	Exfiltration Over Bluetooth	1 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	21 Virtualization/Sandbox Evasion	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Remote Access Software	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	212 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	12 System Information Discovery	SSH	Keylogging	Data Transfer Size Limits	11 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Hidden Files and Directories	Cached Domain Credentials	System Owner/User Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 Obfuscated Files or Information	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	12 Software Packing	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Trojan.PackedNET.331.28355.exe	32%	ReversingLabs	Win32.Trojan.Pwsx

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	0%	Metadefender		Browse
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	0%	ReversingLabs

Unpacked PE Files

Source	Detection	Scanner	Label	Download
4.0.RegSvcs.exe.400000.2.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
4.2.RegSvcs.exe.400000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
4.0.RegSvcs.exe.400000.1.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
4.2.RegSvcs.exe.5e30000.6.unpack	100%	Avira	TR/NanoCore.fadte	Download File
4.0.RegSvcs.exe.400000.4.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
4.0.RegSvcs.exe.400000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
4.0.RegSvcs.exe.400000.3.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
youngnonte.hopto.org	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://go.microsoft.c#	0%	Avira URL Cloud	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
91.193.75.133	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
youngnonte.hopto.org	91.193.75.133	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
youngnonte.hopto.org	true	Avira URL Cloud: safe	unknown
91.193.75.133	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.apache.org/licenses/LICENSE-2.0	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designersG	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/?	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/bThe	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers?	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.tiro.com	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.goodfont.co.kr	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.coml	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/cThe	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://fontfabrik.com	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-jones.html	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp/	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/DPlease	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fonts.com	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://go.microsoft.c#	dhcpmon.exe, 00000008.00000002.444043931.0000000001642000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.urwpp.deDPlease	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sakkal.com	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe, 00000000.00000002.419340426.0000000006F62000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
91.193.75.133	youngnonte.hopto.org	Serbia		209623	DAVID_CRAIGGG	true

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	624197
Start date and time: 11/05/202210:40:22	2022-05-11 10:40:22 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 11m 33s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	SecuriteInfo.com.Trojan.PackedNET.331.28355.4334 (renamed file extension from 4334 to exe)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	23
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@5/6@14/2
EGA Information:	Successful, ratio: 66.7%
HDC Information:	Successful, ratio: 0.9% (good quality ratio 0.9%) Quality average: 100% Quality standard deviation: 0%
HCA Information:	Successful, ratio: 100% Number of executed functions: 47 Number of non-executed functions: 3
Cookbook Comments:	Adjust boot time Enable AMSI

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
Excluded domains from analysis (whitelisted): fp-afd.azureedge.us, client.wns.windows.com, fs.microsoft.com, settings-win.data.microsoft.com, ctldl.windowsupdate.com, b-ring.msedge.net, arc.msn.com, ris.api.iris.microsoft.com, store-images.s-microsoft.com, login.live.com, fp-vp.azureedge.net, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net
Execution Graph export aborted for target dhcpmon.exe, PID 6792 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
10:41:52	API Interceptor	1x Sleep call for process: SecuriteInfo.com.Trojan.PackedNET.331.28355.exe modified
10:42:06	API Interceptor	805x Sleep call for process: RegSvcs.exe modified
10:42:07	Autostart	Run: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DHCP Monitor C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
91.193.75.133	SWIFT_poruka ERSTE BANK ad NOVI SAD.vbs	Get hash	malicious	Browse
	WorkScope Details.vbs	Get hash	malicious	Browse
	swift 202204070045.vbs	Get hash	malicious	Browse
	Septocylin9.vbs	Get hash	malicious	Browse
	EDICTALL.vbs	Get hash	malicious	Browse
	Order confirmation.jar	Get hash	malicious	Browse
	New Price List For DStv&GOtv.pdf.jar	Get hash	malicious	Browse
	Viaggitremila order.jar	Get hash	malicious	Browse
	noZPwMIh7e.exe	Get hash	malicious	Browse
	Order Confirmation _ Urgent,pdf.exe	Get hash	malicious	Browse
	Acerimallas_ORDER 5676-SEPT1721,pdf.exe	Get hash	malicious	Browse
	AD_Order Onay#U0131 _ Acil,pdf.exe	Get hash	malicious	Browse
	ORDEN 5676-SEPT1521,pdf.exe	Get hash	malicious	Browse
	SPT _ORDER 5676-SEPT1521,pdf,pdf.exe	Get hash	malicious	Browse
	SPT DRINGENDE BESTELLUNG _876453,pdf.exe	Get hash	malicious	Browse
	Confirma#U00e7#U00e3o do pedido _ Urgente,pdf.exe	Get hash	malicious	Browse
	Auftragsbest#U00e4tigung _ Dringend,pdf.exe	Get hash	malicious	Browse
	NUEVO PEDIDO -765452629 (URGENTE),pdf.exe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
youngnonte.hopto.org	Penawaran Harga.exe	Get hash	malicious	Browse	129.205.113.214
	PO.exe	Get hash	malicious	Browse	129.205.113.54
	Penawaran Harg.exe	Get hash	malicious	Browse	194.5.98.14
	PO.exe	Get hash	malicious	Browse	185.165.153.6
	1DZJwbLuaVZCZnit.exe	Get hash	malicious	Browse	129.205.113.156

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
DAVID_CRAIGGG	qs5yhVj1bE.exe	Get hash	malicious	Browse	91.193.75.221
	Ki8WlC0ddA.exe	Get hash	malicious	Browse	91.193.75.221
	xVDAUvl3Pn.exe	Get hash	malicious	Browse	91.193.75.134
	e1f388b8a086e034b1fbd94ca7341008.exe	Get hash	malicious	Browse	185.140.53.3
	CMACGM-WBINS9013246-20210714-125247.pdf.vbs	Get hash	malicious	Browse	91.193.75.131
	po-iteam DOO00076543.exe	Get hash	malicious	Browse	91.193.75.132
	Charter request details.vbs	Get hash	malicious	Browse	91.193.75.194
	SWIFT_poruka ERSTE BANK ad NOVI SAD.vbs	Get hash	malicious	Browse	91.193.75.133
	IMG2_455982134.exe	Get hash	malicious	Browse	185.140.53.174
	Purchase Report.vbs	Get hash	malicious	Browse	91.193.75.175
	BRINK GMBH BESTELLUNG _ ANFORDERUNG SH238429 12x2.5 mm#U00b2.exe	Get hash	malicious	Browse	185.140.53.72
	Scan 1000276325462 document.vbs	Get hash	malicious	Browse	91.193.75.131
	NEW ORDER 0522 202204280000883 pdf.vbs	Get hash	malicious	Browse	91.193.75.132
	commercial invoice.vbs	Get hash	malicious	Browse	185.165.153.84
	CHECK#718263.VBS	Get hash	malicious	Browse	185.140.53.12
	eW8XdXzJ0K.exe	Get hash	malicious	Browse	91.193.75.227
	HIkhD4L4gC.exe	Get hash	malicious	Browse	185.140.53.212
	DHL Shipment Notice of Arrival AWB 8032697940.vbs	Get hash	malicious	Browse	91.193.75.209
	Invoice.vbs	Get hash	malicious	Browse	91.193.75.227
	Payment-Advice.vbs	Get hash	malicious	Browse	91.193.75.189

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Quotation.exe	Get hash	malicious	Browse
	g9WPdiOMmP.exe	Get hash	malicious	Browse
	f8keZ8QG3Lw4Vvy.exe	Get hash	malicious	Browse
	Request for Quotation.exe	Get hash	malicious	Browse
	Purchase Order.exe	Get hash	malicious	Browse
	Profoma Invoice.exe	Get hash	malicious	Browse
	NEW Order.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.AIDetectNet.01.25700.exe	Get hash	malicious	Browse
	Payment Details xls.exe	Get hash	malicious	Browse
	debit note#U6a21#U677f#Uff08USD75455.92#U3001USD200000#U3001USD150124.53#Uff09.exe	Get hash	malicious	Browse
	Request for Quotation (2).exe	Get hash	malicious	Browse
	VEL-P01225013B.exe	Get hash	malicious	Browse
	SOA.exe	Get hash	malicious	Browse
	Dq6Qlhi724.exe	Get hash	malicious	Browse
	VEL-P01225013B.exe	Get hash	malicious	Browse
	TT Copy.exe	Get hash	malicious	Browse
	RFQ#1952022(BOQ-IT-Equipment.pdf.exe	Get hash	malicious	Browse
	PO#7A68D20.exe	Get hash	malicious	Browse
	Bank Slip.exe	Get hash	malicious	Browse
	outstanding invoices.exe	Get hash	malicious	Browse

Created / dropped Files

C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	45152
Entropy (8bit):	6.149629800481177
Encrypted:	false
SSDEEP:	768:bBbSoy+SdIBf0k2dsYyV6Iq87PiU9FViaLmf:EoOIBf0ddsYy8LUjVBC
MD5:	2867A3817C9245F7CF518524DFD18F28
SHA1:	D7BA2A111CEDD5BF523224B3F1CFE58EEC7C2FDC
SHA-256:	43026DCFF238F20CFF0419924486DEE45178119CFDD0D366B79D67D950A9BF50
SHA-512:	7D3D3DBB42B7966644D716AA9CBC75327B2ACB02E43C61F1DAD4AFE5521F9FE248B33347DFE15B637FB33EB97CDB322BCAEAE08BAE3F2FD863A9AD9B3A4D6B42
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Quotation.exe, Detection: malicious, Browse Filename: g9WPdiOMmP.exe, Detection: malicious, Browse Filename: f8keZ8QG3Lw4Vvy.exe, Detection: malicious, Browse Filename: Request for Quotation.exe, Detection: malicious, Browse Filename: Purchase Order.exe, Detection: malicious, Browse Filename: Profoma Invoice.exe, Detection: malicious, Browse Filename: NEW Order.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.W32.AIDetectNet.01.25700.exe, Detection: malicious, Browse Filename: Payment Details xls.exe, Detection: malicious, Browse Filename: debit note#U6a21#U677f#Uff08USD75455.92#U3001USD200000#U3001USD150124.53#Uff09.exe, Detection: malicious, Browse Filename: Request for Quotation (2).exe, Detection: malicious, Browse Filename: VEL-P01225013B.exe, Detection: malicious, Browse Filename: SOA.exe, Detection: malicious, Browse Filename: Dq6Qlhi724.exe, Detection: malicious, Browse Filename: VEL-P01225013B.exe, Detection: malicious, Browse Filename: TT Copy.exe, Detection: malicious, Browse Filename: RFQ#1952022(BOQ-IT-Equipment.pdf.exe, Detection: malicious, Browse Filename: PO#7A68D20.exe, Detection: malicious, Browse Filename: Bank Slip.exe, Detection: malicious, Browse Filename: outstanding invoices.exe, Detection: malicious, Browse
Reputation:	high, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...zX.Z..............0..d..........V.... ........@.. ..............................."....`.....................................O.......8............r..`>.......................................................... ............... ..H............text...\c... ...d.................. ..`.rsrc...8............f..............@..@.reloc...............p..............@..B................8.......H........+...S..........\|...P...........................................r...p(....2.(....(....z..r...p(....(....(......}......{.....s..........0..{...........Q.-.s.....+i~....o....(.....s.......o.....r!..p..(....Q.P,:.P.....(....o....o ........(....o!...o".....,..o#...t........0..(....... ....s$........o%....X..(....-...o&....0...........('......&.........................0...........(.......&.....*.................0............(.....(....~....,.(....~....o....9]...

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.log

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1308
Entropy (8bit):	5.345811588615766
Encrypted:	false
SSDEEP:	24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84FsXE8:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzu
MD5:	2E016B886BDB8389D2DD0867BE55F87B
SHA1:	25D28EF2ACBB41764571E06E11BF4C05DD0E2F8B
SHA-256:	1D037CF00A8849E6866603297F85D3DABE09535E72EDD2636FB7D0F6C7DA3427
SHA-512:	C100729153954328AA2A77EECB2A3CBD03CB7E8E23D736000F890B17AAA50BA87745E30FB9E2B0D61E16DCA45694C79B4CE09B9F4475220BEB38CAEA546CFC2A
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dhcpmon.exe.log

Download File

Process:	C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	142
Entropy (8bit):	5.090621108356562
Encrypted:	false
SSDEEP:	3:QHXMKa/xwwUC7WglAFXMWA2yTMGfsbNRLFS9Am12MFuAvOAsDeieVyn:Q3La/xwczlAFXMWTyAGCDLIP12MUAvvw
MD5:	8C0458BB9EA02D50565175E38D577E35
SHA1:	F0B50702CD6470F3C17D637908F83212FDBDB2F2
SHA-256:	C578E86DB701B9AFA3626E804CF434F9D32272FF59FB32FA9A51835E5A148B53
SHA-512:	804A47494D9A462FFA6F39759480700ECBE5A7F3A15EC3A6330176ED9C04695D2684BF6BF85AB86286D52E7B727436D0BB2E8DA96E20D47740B5CE3F856B5D0F
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	7.024371743172393
Encrypted:	false
SSDEEP:	6:X4LDAnybgCFcpJSQwP4d7ZrqJgTFwoaw+9XU4:X4LEnybgCFCtvd7ZrCgpwoaw+Z9
MD5:	32D0AAE13696FF7F8AF33B2D22451028
SHA1:	EF80C4E0DB2AE8EF288027C9D3518E6950B583A4
SHA-256:	5347661365E7AD2C1ACC27AB0D150FFA097D9246BB3626FCA06989E976E8DD29
SHA-512:	1D77FC13512C0DBC4EFD7A66ACB502481E4EFA0FB73D0C7D0942448A72B9B05BA1EA78DDF0BE966363C2E3122E0B631DB7630D044D08C1E1D32B9FB025C356A5
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
File Type:	Non-ISO extended-ASCII text, with no line terminators
Category:	dropped
Size (bytes):	8
Entropy (8bit):	3.0
Encrypted:	false
SSDEEP:	3:Ftn:Ftn
MD5:	9E0F3049136E4ABE28D27EE1B11D0884
SHA1:	2A5E18BB091286E43CD954AF4D421D78CE042A7C
SHA-256:	86880178E275C92A02FA7EC15A1626618DE00FCE75EA83600F79C39E2AAAAC37
SHA-512:	7EA88728E379BF9F73DF01F18B0F8A8C70F5FACB7234D9DF1B1E498FE7B5B3021C998BEA2378A59B39D12396254A3C3B4BF77D7B772C3716667501753D1564CE
Malicious:	true
Preview:	.>..u3.H

\Device\ConDrv

Download File

Process:	C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1141
Entropy (8bit):	4.44831826838854
Encrypted:	false
SSDEEP:	24:zKLXkb4DObntKlglUEnfQtvNuNpKOK5aM9YJC:zKL0b4DQntKKH1MqJC
MD5:	1AEB3A784552CFD2AEDEDC1D43A97A4F
SHA1:	804286AB9F8B3DE053222826A69A7CDA3492411A
SHA-256:	0BC438F4B1208E1390C12D375B6CBB08BF47599D1F24BD07799BB1DF384AA293
SHA-512:	5305059BA86D5C2185E590EC036044B2A17ED9FD9863C2E3C7E7D8035EF0C79E53357AF5AE735F7D432BC70156D4BD3ACB42D100CFB05C2FB669EA22368F1415
Malicious:	false
Preview:	Microsoft (R) .NET Framework Services Installation Utility Version 4.7.3056.0..Copyright (C) Microsoft Corporation. All rights reserved.....USAGE: regsvcs.exe [options] AssemblyName..Options:.. /? or /help Display this usage message... /fc Find or create target application (default)... /c Create target application, error if it already exists... /exapp Expect an existing application... /tlb:<tlbfile> Filename for the exported type library... /appname:<name> Use the specified name for the target application... /parname:<name> Use the specified name or id for the target partition... /extlb Use an existing type library... /reconfig Reconfigure existing target application (default)... /noreconfig Don't reconfigure existing target application... /u Uninstall target application... /nologo Suppress logo output... /quiet Suppress logo output and success output... /c

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.026942711928976
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	SecuriteInfo.com.Trojan.PackedNET.331.28355.exe
File size:	1173504
MD5:	1f04c12ab3a22f6806d30bacb7552f19
SHA1:	9913975b167b01b96364cad477ca6dfab71da454
SHA256:	de42477eb270c42a2eaf57e6efb465263fc02e72e6c8442fdbd27aa3bd8e76a5
SHA512:	2b95be12e4df50eeb09b950e31ae7003ba1fe540475cd32cd5e4260e59fdbeab8e6378ed457d43ab1142b1bf40e23ec20c849065bb103b79b0179bfd1b8ac274
SSDEEP:	12288:m+Cenfxt7J00Fq6j/wXgl4NV77zvRE2hEr5hHeC5ROGFmTDcvvj6yVBJGen0ni+f:mZg20Fbo7/762hM5hPTmTAL
TLSH:	E24528987254F5DEC85BD071CE685CF0AA207C66C32B820B50173D9DB97EA83DF219B6
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Czb..............0......Z........... ........@.. .......................@............@................................

File Icon


Icon Hash:	f274fec6b6c2e00c

Static PE Info

General

Entrypoint:	0x50aace
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x627A439B [Tue May 10 10:51:07 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:	v4.0.30319
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x10aa78	0x53	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x10c000	0x15718	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x122000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x108ad4	0x108c00	False	0.649346745161	data	7.16329250729	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0x10c000	0x15718	0x15800	False	0.151662427326	data	4.00324413901	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x122000	0xc	0x200	False	0.044921875	data	0.101910425663	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type
RT_ICON	0x10c1d8	0x8a8	data
RT_ICON	0x10ca80	0x568	GLS_BINARY_LSB_FIRST
RT_ICON	0x10cfe8	0x10828	data
RT_ICON	0x11d810	0x25a8	data
RT_ICON	0x11fdb8	0x10a8	data
RT_ICON	0x120e60	0x468	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x1212c8	0x5a	data
RT_VERSION	0x121324	0x3f4	data

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright	Copyright 2011 BASeCamp Software Solutions
Assembly Version	1.4.8.0
InternalName	TypeLoadExceptionHol.exe
FileVersion	1.4.8.0
CompanyName	BASeCamp Software Solutions
LegalTrademarks
Comments
ProductName	BASeCamp JobClock
ProductVersion	1.4.8.0
FileDescription	JobClock Administration Applet
OriginalFilename	TypeLoadExceptionHol.exe

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.791.193.75.1334979723232816718 05/11/22-10:42:39.036019	TCP	2816718	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon	49797	2323	192.168.2.7	91.193.75.133
192.168.2.791.193.75.1334985723232816766 05/11/22-10:43:23.924010	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49857	2323	192.168.2.7	91.193.75.133
192.168.2.791.193.75.1334987523232816766 05/11/22-10:43:44.394960	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49875	2323	192.168.2.7	91.193.75.133
192.168.2.791.193.75.1334986923232816766 05/11/22-10:43:31.252983	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49869	2323	192.168.2.7	91.193.75.133
192.168.2.791.193.75.1334979723232816766 05/11/22-10:42:39.036019	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49797	2323	192.168.2.7	91.193.75.133
192.168.2.791.193.75.1334982123232816766 05/11/22-10:43:17.029709	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49821	2323	192.168.2.7	91.193.75.133
192.168.2.791.193.75.1334980323232816766 05/11/22-10:42:46.018391	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49803	2323	192.168.2.7	91.193.75.133
192.168.2.791.193.75.1334980923232816766 05/11/22-10:43:06.473922	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49809	2323	192.168.2.7	91.193.75.133
192.168.2.791.193.75.1334987323232816766 05/11/22-10:43:38.940134	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49873	2323	192.168.2.7	91.193.75.133
192.168.2.791.193.75.1334978723232816766 05/11/22-10:42:24.860231	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49787	2323	192.168.2.7	91.193.75.133
192.168.2.791.193.75.1334980723232816766 05/11/22-10:42:53.078454	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49807	2323	192.168.2.7	91.193.75.133
192.168.2.791.193.75.1334977723232816766 05/11/22-10:42:09.828204	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49777	2323	192.168.2.7	91.193.75.133
192.168.2.791.193.75.1334987323232816718 05/11/22-10:43:38.940134	TCP	2816718	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon	49873	2323	192.168.2.7	91.193.75.133
192.168.2.791.193.75.1334979423232816766 05/11/22-10:42:31.876458	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49794	2323	192.168.2.7	91.193.75.133
91.193.75.133192.168.2.72323498212810290 05/11/22-10:43:15.841800	TCP	2810290	ETPRO TROJAN NanoCore RAT Keepalive Response 1	2323	49821	91.193.75.133	192.168.2.7
192.168.2.791.193.75.1334978223232816766 05/11/22-10:42:17.828455	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49782	2323	192.168.2.7	91.193.75.133
192.168.2.791.193.75.1334980823232816766 05/11/22-10:43:00.269339	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49808	2323	192.168.2.7	91.193.75.133

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 11, 2022 10:42:07.884488106 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:08.101824045 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:08.101926088 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:08.289627075 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:08.561732054 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:08.702646971 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:08.717859983 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:08.949024916 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:08.951173067 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.218835115 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.366214037 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.628810883 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.630662918 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.632252932 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.634701014 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.636718035 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.636847019 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.640805006 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.643790960 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.643906116 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.647773027 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.651766062 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.651940107 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.659866095 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.667797089 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.668570042 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.828203917 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.868817091 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.869220018 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.878812075 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.878846884 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.878871918 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.879038095 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.879064083 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.879998922 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.880110979 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.881819963 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.882283926 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.884793043 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.884953022 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.886666059 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.887518883 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.889000893 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.891669989 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.891810894 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.892244101 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.896337986 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.896538973 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.900554895 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.901788950 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.902044058 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.907888889 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.907967091 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.909468889 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.910161972 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.917926073 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.917952061 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.918090105 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.924743891 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.924767017 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.924783945 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:09.924873114 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:09.925044060 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.107511044 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.111494064 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.111659050 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.112443924 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.112489939 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.113070965 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.117878914 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.119751930 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.120070934 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.127706051 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.127760887 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.127885103 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.127943039 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.137955904 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.137998104 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.138148069 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.144026041 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.144138098 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.148011923 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.148899078 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.149030924 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.152810097 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.152846098 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.152901888 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.160171032 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.163289070 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.163321018 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.163376093 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.164191008 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.164293051 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.165267944 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.167901039 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.168031931 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.177052975 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.177100897 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.177129030 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.177254915 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.179825068 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.179945946 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.182897091 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.184809923 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.185029984 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.186814070 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.189793110 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.190582991 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.200006008 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.200032949 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.200186014 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.204802036 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.204834938 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.204858065 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.204938889 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.214881897 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.214982986 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.217921972 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.217969894 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.218086004 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.221683025 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.227859974 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.228146076 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.231873989 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.339868069 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.339905977 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.340037107 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.344873905 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.344973087 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.349972963 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.350039959 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.350136042 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.350161076 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.350744963 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.360991001 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.361011982 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.361099005 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.361804008 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.361938000 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.364747047 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.367662907 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.367784023 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.369738102 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.379095078 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.379123926 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.379523993 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.379878998 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.379966021 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.379996061 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.389926910 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.389960051 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.389980078 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.390098095 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.396884918 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.396938086 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.397046089 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.404119015 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.404561043 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.409903049 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.410835981 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.411536932 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.416943073 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.416974068 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.417351961 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.425874949 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.426639080 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.426853895 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.426966906 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.428798914 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.428966045 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.431864977 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.432862997 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.432995081 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.436758041 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.439850092 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.439977884 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.441653013 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.443752050 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.443891048 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.452881098 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.452970028 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.453052044 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.459808111 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.459837914 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.459906101 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.459929943 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.464823008 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.468800068 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.468832016 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.468852997 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.468910933 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.468935966 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.470654011 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.473819017 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.473947048 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.475766897 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.484764099 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.485054016 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.488796949 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.489780903 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.489895105 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.494842052 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.579689980 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.580123901 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.582823992 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.585999966 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.586106062 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.588972092 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.591650009 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.593255997 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.594851017 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.597773075 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.597953081 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.599961996 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.611249924 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.611321926 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.611417055 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.614814043 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.614854097 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.615080118 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.615679979 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.615837097 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.635057926 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.635092974 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.635117054 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.635139942 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.635868073 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.635898113 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.636724949 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.638643026 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.638727903 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.638768911 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.638787031 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.638814926 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.640727043 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.643928051 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.644047022 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.654894114 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.656661987 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.656789064 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.657005072 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.657051086 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.657116890 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.657860994 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.676960945 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.677027941 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.677048922 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.677149057 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.677171946 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.688885927 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.699414015 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.699651003 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.705267906 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.709338903 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.709476948 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.715709925 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.718957901 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.719141006 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.722742081 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.724807978 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.725054979 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.734920025 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.734955072 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.734978914 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.735008955 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.735153913 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.737394094 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.744879007 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.744915962 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.745049000 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.751446009 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.751480103 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.751576900 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.756385088 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.760932922 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.760973930 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.761070013 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.820153952 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.820533037 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.829134941 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.829307079 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.829336882 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.829359055 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.829382896 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.829467058 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.829541922 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.829555988 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.836255074 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.836381912 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.838813066 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.838903904 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.841463089 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.841730118 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.842937946 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.843015909 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.853853941 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.853884935 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.853907108 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.853949070 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.853972912 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.853975058 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.854022980 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.864973068 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.865137100 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.866842985 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.867098093 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.870866060 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.870902061 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.870995998 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.871032953 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.877723932 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.879709959 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.880711079 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.880822897 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.887974024 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.888051033 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.891175985 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.891452074 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.900741100 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.901163101 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.902757883 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.903419018 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.906817913 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.906958103 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.907888889 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.908526897 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.917834044 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.917916059 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.921794891 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.922125101 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.930828094 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.930874109 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.930923939 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.930974007 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.930994034 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.931001902 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.941973925 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.942053080 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.943720102 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.943825960 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.945842028 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.946029902 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.947777987 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.947902918 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.949856043 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.950047970 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.958898067 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.958957911 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.959033012 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.959060907 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.959682941 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.959742069 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.964776993 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.964864016 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.973800898 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.974425077 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.977830887 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.977926970 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.984714985 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.984776974 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.984836102 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.984859943 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.985735893 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.985851049 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.990196943 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.990643978 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.993941069 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.994008064 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:10.997796059 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:10.997960091 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.001879930 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.001960039 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.012742996 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.012767076 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.012825966 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.012841940 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.012854099 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.012898922 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.015845060 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.015914917 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.024854898 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.024895906 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.024970055 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.024991035 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.025717020 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.025779009 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.027780056 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.027858019 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.038865089 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.038934946 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.039875031 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.039912939 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.039975882 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.039990902 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.040842056 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.040910006 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.043570042 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.043672085 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.046742916 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.046832085 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.048970938 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.049052954 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.051630974 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.051733971 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.053761005 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.053877115 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.056808949 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.056895018 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.058715105 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.058809042 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.060719013 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.060837030 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.063803911 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.063905954 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.065948009 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.066042900 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.068711996 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.068818092 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:11.077874899 CEST	2323	49777	91.193.75.133	192.168.2.7
May 11, 2022 10:42:11.077963114 CEST	49777	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:15.372303963 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:15.581623077 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:15.581738949 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:15.582355976 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:15.841619015 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:15.929677010 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:15.999545097 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:16.768171072 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:16.991050959 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:16.991211891 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.261668921 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.372140884 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.661880016 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.702723026 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.707880020 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.707982063 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.713665009 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.722929955 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.722959042 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.723052025 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.723975897 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.724045038 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.734754086 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.737824917 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.738038063 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.739892960 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.739928961 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.740046024 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.828454971 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.935872078 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.936033010 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.940946102 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.941077948 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.943933964 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.944075108 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.945867062 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.946026087 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.948791027 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.948982954 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.958915949 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.959064960 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.960899115 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.960937023 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.961052895 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.961107969 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.965698004 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.965773106 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.970825911 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.970942974 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.983022928 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.983170033 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.983769894 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.983798981 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.983891010 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.983915091 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.983925104 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.983969927 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.983977079 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.984045029 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.985802889 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.985904932 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.996845961 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.996872902 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.997015953 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:17.999872923 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:17.999989986 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.003874063 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.003959894 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.090768099 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.166863918 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.177855968 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.178042889 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.186943054 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.186985016 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.187005997 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.187108040 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.192871094 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.193031073 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.193806887 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.197844028 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.197876930 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.198045015 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.198843956 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.198993921 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.203792095 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.213776112 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.213821888 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.213956118 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.220278025 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.220415115 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.224319935 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.224351883 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.224459887 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.227742910 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.238894939 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.239114046 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.239845991 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.239881039 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.239989996 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.249802113 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.249840021 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.249861956 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.249959946 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.250796080 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.250871897 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.254079103 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.262864113 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.262896061 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.262919903 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.262969971 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.262983084 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.263031006 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.273811102 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.274023056 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.276819944 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.276845932 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.276878119 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.276936054 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.278775930 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.278850079 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.280694962 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.283693075 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.283751011 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.285798073 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.294891119 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.294922113 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.294944048 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.295008898 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.295057058 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.304620028 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.391901016 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.395951033 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.402102947 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.404921055 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.405060053 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.407922029 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.409950018 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.411887884 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.422488928 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.422525883 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.422547102 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.422610998 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.422667027 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.422713995 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.423645973 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.425683975 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.425745964 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.428888083 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.429892063 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.430671930 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.433711052 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.433804989 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.444839001 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.444905043 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.444955111 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.445008039 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.449765921 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.449824095 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.450001001 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.451725006 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.454772949 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.455709934 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.464852095 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.464884996 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.464982986 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.465806961 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.476336002 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.476511002 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.484963894 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.495946884 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.495991945 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.496162891 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.499747038 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.502110958 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.508919954 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.519906044 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.519934893 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.519959927 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.520095110 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.523873091 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.524981976 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.525111914 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.533787012 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.536689997 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.537940025 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.542862892 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.542884111 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.543018103 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.550115108 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.550157070 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.550298929 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.550630093 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.560784101 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.561995029 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.563899994 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.563929081 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.564104080 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.566875935 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.569658041 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.569818020 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.579865932 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.583816051 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.584168911 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.585912943 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.585999012 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.586108923 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.651988983 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.653716087 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.653909922 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.655725956 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.658844948 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.661772013 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.667924881 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.691008091 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.691150904 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.694080114 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.699043036 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.699156046 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.700841904 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.703793049 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.705964088 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.714082956 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.714123964 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.714267015 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.718813896 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.724126101 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.724169016 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.724278927 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.726752996 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.727868080 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.737015009 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.737051964 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.737138033 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.740912914 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.743930101 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.743966103 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.744080067 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.746901989 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.748876095 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.749016047 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.761059046 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.761118889 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.761157990 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.761192083 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.761231899 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.785936117 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.788885117 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.789000988 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.791742086 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.800925016 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.800961971 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.801068068 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.801681995 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.801785946 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.804141045 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.806885004 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.807015896 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.808594942 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.810728073 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.810866117 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.821245909 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.821280003 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.821382999 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.824786901 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.828311920 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.828459978 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.831094980 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.834348917 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.836668968 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.838212013 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.838253021 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.838279963 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.838345051 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.838393927 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.848783016 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.848875046 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.849724054 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.851756096 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.851864100 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.858952999 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.858989000 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.859054089 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.859122992 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.859788895 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.859869957 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.911859035 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.912017107 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.921183109 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.921240091 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.921288013 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.921339035 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.926760912 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.926851034 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.926992893 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.927053928 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.928802013 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.930778980 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.930927038 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.940712929 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.940912962 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.940921068 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.940954924 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.940967083 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.941013098 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.942780018 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.942867041 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.951767921 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.951910019 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.951915026 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.951972961 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.952208996 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.957279921 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.960753918 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.960951090 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.960972071 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.961033106 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.963963985 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.964258909 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.972793102 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.973009109 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.975842953 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.976016045 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.981719971 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.981782913 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.981906891 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.986799955 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.989247084 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.990912914 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.990952969 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.991034031 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.991064072 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:18.991071939 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:18.991164923 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.000827074 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.001527071 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.004271984 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.004312992 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.004434109 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.009924889 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.012980938 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.013820887 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.013971090 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.016789913 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.016963959 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.019716024 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.019824982 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.023788929 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.024658918 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.024813890 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.024904013 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.027879953 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.028160095 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.037214994 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.037275076 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.037308931 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.037317038 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.037354946 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.037445068 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.038897991 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.039037943 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.048855066 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.048918962 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.048959017 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.049072027 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.049113989 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.049276114 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.051861048 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.053549051 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.054786921 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.054910898 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.063807964 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.063853025 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.063944101 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.063952923 CEST	2323	49782	91.193.75.133	192.168.2.7
May 11, 2022 10:42:19.063988924 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:19.064009905 CEST	49782	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:22.986042023 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:23.239286900 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:23.240600109 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:23.241525888 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:23.510751009 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:23.581671000 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:23.582019091 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:23.839351892 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:23.861378908 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.121645927 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.121764898 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.401812077 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.440032959 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.440059900 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.440202951 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.442724943 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.445950985 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.446140051 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.446306944 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.447951078 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.448061943 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.449807882 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.451852083 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.451961040 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.461015940 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.463937998 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.464190960 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.671932936 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.674866915 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.675025940 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.677839994 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.679822922 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.679919958 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.683733940 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.685736895 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.685817957 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.697937012 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.700850010 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.700973988 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.702905893 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.709784031 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.709824085 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.709943056 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.710717916 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.710813999 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.712769032 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.715763092 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.715879917 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.718856096 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.721985102 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.722093105 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.723880053 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.726685047 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.726816893 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.729824066 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.731739998 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.731822968 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.860230923 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.933883905 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.934114933 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.937876940 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.937973022 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.940834999 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.940948963 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.943908930 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.944013119 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.946857929 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.946971893 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.948849916 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.948960066 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.959001064 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.959033966 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.959060907 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.959125996 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.959153891 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.959811926 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.959862947 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.959908962 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.969779015 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.969809055 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.969882011 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.969907045 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.974764109 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.974837065 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.974895000 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.974952936 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.975678921 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.975764990 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.978837013 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.978960037 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.980659008 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.980741978 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.983822107 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.983956099 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:24.985874891 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:24.986027956 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.005256891 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.005414963 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.005608082 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.005706072 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.005748987 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.005812883 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.005830050 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.005882978 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.010623932 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.010730982 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.015816927 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.015861034 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.016021013 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.017733097 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.017855883 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.027910948 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.028021097 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.030724049 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.030770063 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.030842066 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.030872107 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.032792091 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.032860994 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.042893887 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.042929888 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.042953968 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.043006897 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.043041945 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.052691936 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.052792072 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.054742098 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.054841042 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.057713032 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.057823896 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.063693047 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.063730955 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.063810110 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.063880920 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.069782972 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.069871902 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.141675949 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.153868914 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.161039114 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.161190033 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.171802044 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.171832085 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.171864033 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.171946049 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.174907923 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.175015926 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.178817987 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.180887938 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.180958033 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.182846069 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.187819004 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.188587904 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.189883947 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.200767040 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.200798988 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.200845003 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.205770969 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.205801964 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.205909967 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.210916996 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.211090088 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.215780973 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.216828108 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.216909885 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.220875025 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.225841999 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.225891113 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.225997925 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.231931925 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.232018948 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.235802889 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.241231918 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.241338968 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.241709948 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.246825933 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.246895075 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.251885891 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.256820917 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.256869078 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.257031918 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.257580996 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.257658958 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.269016027 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.269059896 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.269085884 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.269190073 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.277786970 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.277833939 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.277879000 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.282809973 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.282938004 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.288021088 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.288059950 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.288132906 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.288161993 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.294030905 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.297816992 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.297910929 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.299771070 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.305248022 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.305269003 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.305335999 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.306727886 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.306790113 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.316736937 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.320779085 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.320861101 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.321700096 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.322691917 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.322772980 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.333751917 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.336815119 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.336839914 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.336875916 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.390935898 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.391726971 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.402803898 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.402901888 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.404715061 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.406817913 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.406902075 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.409059048 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.413911104 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.413943052 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.414002895 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.423748970 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.423830986 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.426763058 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.427803040 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.427886009 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.436808109 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.438905954 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.439008951 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.441310883 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.444022894 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.444135904 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.444185019 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.453537941 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.453603983 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.456819057 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.456851959 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.456873894 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.456924915 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.464323997 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.464358091 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.464379072 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.464441061 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.464458942 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.474811077 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.474848032 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.474931002 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.479728937 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.484811068 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.484935045 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.489710093 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.489757061 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.489818096 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.499798059 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.501007080 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.501126051 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.503705025 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.514936924 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.514975071 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.515012026 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.515054941 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.521737099 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.521811008 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.521841049 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.521864891 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.521912098 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.526204109 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.535890102 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.536020041 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.546200991 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.546230078 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.546248913 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.546349049 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.546442032 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.546545982 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.549765110 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.552794933 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.552894115 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.559839010 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.562711000 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.562860012 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.565793037 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.568787098 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.568929911 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.583692074 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.625432968 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.646946907 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.646981001 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.647100925 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.655667067 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.699930906 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.700098038 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.702811003 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.706391096 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.706578016 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.708820105 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.720980883 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.721025944 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.721055031 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.721115112 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.721163988 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.723803997 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.727876902 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.728012085 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.729732990 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.732937098 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.733026028 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.743962049 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.745711088 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.745873928 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.748735905 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.752871037 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.753041983 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.755227089 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.759015083 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.759308100 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.760700941 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.769772053 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.769884109 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.774894953 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.779942036 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.779978037 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.780100107 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.789732933 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.789927006 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.789925098 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.790688038 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.790760040 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.800261974 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.800287962 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.800405025 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.800692081 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.803921938 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.804016113 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.813905001 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.816800117 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.816924095 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.819727898 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.822845936 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.822989941 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.824296951 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.834744930 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.834906101 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.839838028 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.845062971 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.845201015 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.845977068 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.851475000 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.851562023 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.856410980 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.857712030 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.857809067 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.861438036 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.862768888 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.862847090 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.868944883 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.869000912 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.869020939 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.869046926 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.877927065 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.878040075 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.880815983 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.880893946 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.883883953 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.883933067 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.883965969 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.884016037 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.886751890 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.886831045 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.890719891 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.890790939 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.900973082 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.901050091 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.905811071 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.905883074 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.905919075 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.905949116 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.911261082 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.911353111 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.916827917 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.916846991 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.916894913 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.916920900 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.923818111 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.923854113 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.923957109 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.923974037 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.924005985 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.924031019 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.924609900 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.924689054 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.935529947 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.935565948 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.935590982 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.935636997 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.935688972 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.936189890 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.936258078 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.937740088 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.937877893 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.956063032 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.956099033 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.956265926 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.956896067 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.956923962 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.957032919 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.957082033 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.965759993 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.965900898 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.967907906 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.967997074 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.971266985 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.971301079 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.971345901 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.971378088 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.971590996 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.971646070 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:25.981040955 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:25.981131077 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.052026033 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.052189112 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.064111948 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.064213991 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.066817999 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.066920042 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.068876982 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.068911076 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.068948030 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.068972111 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.069708109 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.069777966 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.072076082 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.072134972 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.082825899 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.082906008 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.084851027 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.084945917 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.088799953 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.088836908 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.088936090 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.091747999 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.091835022 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.093758106 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.093843937 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.105757952 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.105792046 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.105828047 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.105921984 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.105958939 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.105988026 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.106026888 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.106041908 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.108771086 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.108840942 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.112684011 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.112771034 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.114761114 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.114836931 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.123975992 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.124139071 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.128918886 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.128959894 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.129019976 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.129049063 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.134838104 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.134960890 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.137779951 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.137901068 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.138813019 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.138890028 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.147800922 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.147831917 CEST	2323	49787	91.193.75.133	192.168.2.7
May 11, 2022 10:42:26.147917032 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:26.147965908 CEST	49787	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:29.928282976 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:30.140808105 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:30.140939951 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:30.142168045 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:30.402076006 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:30.632570028 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:30.632926941 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:30.862581015 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:30.875238895 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:31.161804914 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.287091970 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:31.579912901 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.579967976 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.580024004 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:31.586765051 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.586828947 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.586921930 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:31.588820934 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.597953081 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.598000050 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.598031998 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:31.603892088 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.603950977 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.604509115 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:31.604965925 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.605082035 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:31.811356068 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.820924044 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.821043015 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:31.821933031 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.824894905 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.824935913 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.825021029 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:31.830961943 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.831020117 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:31.833867073 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.833915949 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.833961964 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:31.844957113 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.845042944 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.845118999 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:31.848736048 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.854901075 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.854944944 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.855063915 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:31.856869936 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.856973886 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:31.860876083 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.862855911 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.862920046 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:31.865900040 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.869955063 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.870049000 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:31.873120070 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.875946999 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:31.876024008 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:31.876457930 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.088742971 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.088783026 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.088908911 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.088948011 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.096000910 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.096086979 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.100747108 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.100788116 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.100855112 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.101079941 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.101695061 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.101768970 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.113763094 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.113842964 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.115662098 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.115726948 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.115748882 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.115796089 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.115811110 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.115833044 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.126980066 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.127032042 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.127063990 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.127072096 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.127099037 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.127105951 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.137897968 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.137928963 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.137953997 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.138241053 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.140830994 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.140908003 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.145936966 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.146054983 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.149765015 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.149872065 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.154900074 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.155033112 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.163921118 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.163966894 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.164144993 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.171061993 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.171107054 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.171190977 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.171221972 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.173883915 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.174017906 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.182894945 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.182929039 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.183332920 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.183831930 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.183897018 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.194036007 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.194093943 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.194119930 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.194134951 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.194159031 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.194196939 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.206044912 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.206091881 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.206118107 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.206130981 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.206141949 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.206187010 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.214941025 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.214987993 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.215013027 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.215032101 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.215034008 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.215115070 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.217075109 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.217184067 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.218897104 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.218992949 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.221918106 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.222026110 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.223790884 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.223881006 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.226905107 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.331790924 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.333803892 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.333909988 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.336749077 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.339234114 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.339304924 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.341934919 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.343672991 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.343728065 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.346726894 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.348804951 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.348901033 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.350703001 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.353652000 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.353723049 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.364052057 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.364114046 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.364171982 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.368823051 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.373806000 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.373876095 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.374978065 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.379885912 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.379951954 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.384949923 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.385193110 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.385256052 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.385683060 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.396884918 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.396945000 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.396965027 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.396986008 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.397047997 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.399173975 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.401146889 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.401211977 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.403778076 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.405857086 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.405931950 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.415344000 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.415386915 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.415426016 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.415488005 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.417741060 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.417851925 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.419976950 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.429745913 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.429790974 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.429825068 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.436161041 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.436203957 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.436284065 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.439810991 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.439922094 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.439976931 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.441164017 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.441248894 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.443775892 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.447022915 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.447274923 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.449784040 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.452898026 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.453015089 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.454804897 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.464874983 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.465006113 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.466835022 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.469347954 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.469472885 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.470732927 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.476176977 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.476221085 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.476298094 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.483059883 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.483189106 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.579843998 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.582855940 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.582969904 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.584855080 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.585776091 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.585848093 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.594964027 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.595010042 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.595077991 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.596939087 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.607867956 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.608020067 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.616914034 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.622899055 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.623049974 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.627836943 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.635124922 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.635166883 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.635339022 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.644926071 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.645092010 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.651273012 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.666496038 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.666541100 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.666652918 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.673000097 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.673168898 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.677903891 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.687521935 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.687565088 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.687608004 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.687674046 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.687712908 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.688714981 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.688812971 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.690834999 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.693205118 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.693320036 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.702894926 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.702939987 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.702980042 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.703022003 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.703107119 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.703160048 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.704804897 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.715061903 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.715234041 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.717812061 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.717961073 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.718084097 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.727231026 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.730001926 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.730045080 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.730139017 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.732235909 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.732377052 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.741880894 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.744821072 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.744951963 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.744976044 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.744992018 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.745048046 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.746659994 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.749762058 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.749891043 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.761002064 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.761091948 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.761356115 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.763994932 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.764081001 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.764158964 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.772957087 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.774986029 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.775140047 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.779798985 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.784990072 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.785185099 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.818854094 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.820913076 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.820955038 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.820996046 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.821011066 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.821054935 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.823760033 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.825895071 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.825978041 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.853005886 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.853065968 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.853203058 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.899194002 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.904774904 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.904823065 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.904860020 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.909862041 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.909960985 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.914838076 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.916950941 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.917079926 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.917716980 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.928785086 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.928936958 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.929917097 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.931869030 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.931998968 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.932724953 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.934757948 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.934839964 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.937764883 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.940704107 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.940814018 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.949918032 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.949971914 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.950014114 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.950134039 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.951601028 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.951715946 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.957730055 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.960936069 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.961020947 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.963928938 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.963984013 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.964004040 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.964065075 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.969902039 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.969979048 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.973788977 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.973846912 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.982822895 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.982868910 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.982954025 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.983000040 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.986881018 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.986967087 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.996912003 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.996978045 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.996994972 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.997030020 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:32.998822927 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:32.998898029 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.000715017 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.000768900 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.012846947 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.012914896 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.014714003 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.014771938 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.018795013 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.018893957 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.029827118 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.029956102 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.032754898 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.032921076 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.033854008 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.033965111 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.034841061 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.034938097 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.037940979 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.038052082 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.039758921 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.039850950 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.050986052 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.051032066 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.051070929 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.051125050 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.051152945 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.057941914 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.057984114 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.058022976 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.058173895 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.058219910 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.068991899 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.069068909 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.069097042 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.069113970 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.069122076 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.069179058 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.077883959 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.078003883 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.079864025 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.079978943 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.083690882 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.083842039 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.094872952 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.094918013 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.094952106 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.094988108 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.099842072 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.099884987 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.099925995 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.099930048 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.099957943 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.099989891 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.101732016 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.101831913 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.103787899 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.103893995 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.180762053 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.180852890 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.183794975 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.183944941 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.186743021 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.186952114 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.248943090 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.248992920 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.249073982 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.249146938 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.249948025 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.250015974 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.260920048 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.261050940 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.263900995 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.264000893 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.265292883 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.265388966 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.273780107 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.273823023 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.273916006 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.273936987 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.273947001 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.274004936 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.274672031 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.274753094 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.284101963 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.284153938 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.284195900 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.284209013 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.284245968 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.287864923 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.287957907 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.289834023 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.289930105 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.291697979 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.291770935 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.301934004 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.301990986 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.302032948 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.302040100 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.302067041 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.302089930 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.302788019 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.302850962 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:33.311822891 CEST	2323	49794	91.193.75.133	192.168.2.7
May 11, 2022 10:42:33.312033892 CEST	49794	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:37.044814110 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:37.271578074 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:37.271673918 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:37.272278070 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:37.554990053 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:37.599699974 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:37.602391958 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:37.821718931 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.001867056 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:38.033819914 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:38.302917004 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.303026915 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:38.571280003 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.572822094 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.577824116 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.580530882 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:38.581737995 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.585423946 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.585597992 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:38.594472885 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.597759962 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.597922087 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:38.598911047 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.602900028 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.602997065 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:38.603044987 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.603671074 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.603776932 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:38.815790892 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.819200993 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.819263935 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:38.823168993 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.826313972 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.826375008 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:38.834933996 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.836813927 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.836932898 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.839034081 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:38.839104891 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.839248896 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:38.840883970 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.842761993 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.842865944 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:38.845860004 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.855001926 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.855072975 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:38.856918097 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.857033014 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.857074976 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.857383013 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:38.867234945 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.867310047 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:38.867320061 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.867372036 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.867456913 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:38.869858027 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.872143030 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:38.873012066 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.036019087 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.059499979 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.059652090 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.061809063 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.061911106 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.062113047 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.062135935 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.065326929 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.065426111 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.067960978 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.068022013 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.068073034 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.068216085 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.068236113 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.070223093 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.070298910 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.080852032 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.080895901 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.080950022 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.080966949 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.080996037 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.081027031 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.081242085 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.081264019 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.081726074 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.082046032 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.085263968 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.085475922 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.086954117 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.087037086 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.096084118 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.096110106 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.096534014 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.101980925 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.102004051 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.102190971 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.102211952 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.107036114 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.107064962 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.107116938 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.108654022 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.109752893 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.110512018 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.110538960 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.113826036 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.113981009 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.116831064 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.116918087 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.118937969 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.119092941 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.123140097 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.123661041 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.123713970 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.123826027 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.127777100 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.127871037 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.135788918 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.135926962 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.137866020 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.137883902 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.137931108 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.137948036 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.137973070 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.137979031 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.138881922 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.139703989 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.141024113 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.141181946 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.151813984 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.151851892 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.151885033 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.151907921 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.156124115 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.156162977 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.156246901 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.156297922 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.156445026 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.168279886 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.168509960 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.292884111 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.302772045 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.302810907 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.302855015 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.302968025 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.303021908 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.303769112 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.306799889 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.307645082 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.309798956 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.313186884 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.314002991 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.316890001 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.318676949 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.319191933 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.322731018 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.331875086 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.331960917 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.334753990 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.334789038 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.334894896 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.335479021 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.338937998 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.340537071 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.347850084 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.347888947 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.347913980 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.348320961 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.356728077 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.356894970 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.362175941 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.365645885 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.365899086 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.367712975 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.372745037 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.372786045 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.372924089 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.374789953 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.374866962 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.377650023 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.380779982 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.381036043 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.384005070 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.395241022 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.395279884 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.395312071 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.395387888 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.395390987 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.395415068 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.396800041 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.398005962 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.399813890 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.401633024 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.403686047 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.405106068 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.414611101 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.414730072 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.414815903 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.414979935 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.415065050 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.417697906 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.426729918 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.426791906 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.426913023 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.426945925 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.427388906 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.428790092 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.431812048 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.433150053 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.449836969 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.449887037 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.450047970 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.450090885 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.451683044 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.451725960 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.451773882 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.502531052 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.538878918 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.538917065 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.539247036 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.543787956 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.545775890 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.546011925 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.547235966 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.547703028 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.551660061 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.556813002 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.560960054 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.561009884 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.561079979 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.564110041 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.564240932 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.569989920 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.574913979 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.574965954 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.575006008 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.575109959 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.575135946 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.576937914 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.586968899 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.587012053 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.587040901 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.587527990 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.587554932 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.588742018 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.591753960 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.591995001 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.594907045 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.604979992 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.605020046 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.605042934 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.605066061 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.605707884 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.605734110 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.606645107 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.607352972 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.628757954 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.629183054 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.629448891 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.648233891 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.648267031 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.648288965 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.648354053 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.648382902 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.648705959 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.649755001 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.651024103 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.653295994 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.653840065 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.663007975 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.663043976 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.663067102 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.663726091 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.663803101 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.663825989 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.674767017 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.675678015 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.676168919 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.687824011 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.687861919 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.688543081 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.693855047 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.693921089 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.694071054 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.699930906 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.699980021 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.700102091 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.705593109 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.705636024 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.705760002 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.707725048 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.710762024 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.710871935 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.737837076 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.773271084 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.775835991 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.782825947 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.784903049 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.785443068 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.785506010 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.785916090 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.787761927 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.791107893 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.791228056 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.792676926 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.795675993 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.799690008 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.804933071 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.804970026 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.804997921 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.805135012 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.806752920 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.807032108 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.808743000 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.820036888 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.820267916 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.821926117 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.827627897 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.829262972 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.836745024 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.839771986 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.840075016 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.841849089 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.844294071 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.846716881 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.846764088 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.846901894 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.846919060 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.847695112 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.857872009 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.857904911 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.857927084 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.858897924 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.859400988 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.859431982 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.861699104 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.861816883 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.863687038 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.866812944 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.868786097 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.868942022 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.872731924 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.873009920 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.881994963 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.883872986 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.883985996 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.884058952 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.884113073 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.887113094 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.887244940 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.888900042 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.890136003 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.890779018 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.892750978 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.893892050 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.901788950 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.905842066 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.905905008 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.906069040 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.911262989 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.912534952 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.914906025 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.920288086 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.921725988 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.922211885 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.929124117 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.929181099 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.929841042 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.930124044 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.932862043 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.933124065 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.934782982 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.935388088 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.937772989 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.939897060 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:39.941190004 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:39.999994993 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.003911972 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.004698992 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.010822058 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.012655973 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.012788057 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.017735004 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.020849943 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.021378994 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.023816109 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.033296108 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.033480883 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.033509016 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.033529043 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.033576965 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.033620119 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.034719944 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.035470963 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.044852972 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.045613050 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.045795918 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.046391964 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.049824953 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.049860954 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.049988985 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.050153017 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.056837082 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.057632923 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.059861898 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.059945107 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.061669111 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.063180923 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.065788031 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.065875053 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.074830055 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.074990034 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.075817108 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.075854063 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.075947046 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.081845045 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.081931114 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.086000919 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.086123943 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.088943005 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.088983059 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.089049101 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.091228008 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.092418909 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.101273060 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.101314068 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.101342916 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.101397038 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.101444006 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.111397028 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.111443996 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.111519098 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.115060091 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.115107059 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.115195990 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.122051001 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.122174978 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.123728991 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.123821974 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.123869896 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.123929024 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.123953104 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.124013901 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.125802040 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.125869989 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.128938913 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.129127026 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.130739927 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.130836010 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.139870882 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.139940023 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.140023947 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.140039921 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.140105009 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.140115976 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.142642975 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.144656897 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.144756079 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.144968033 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.146672964 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.147754908 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.156013012 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.156136990 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:40.159101963 CEST	2323	49797	91.193.75.133	192.168.2.7
May 11, 2022 10:42:40.159187078 CEST	49797	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:44.111144066 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:44.322052956 CEST	2323	49803	91.193.75.133	192.168.2.7
May 11, 2022 10:42:44.322182894 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:44.322824001 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:44.594757080 CEST	2323	49803	91.193.75.133	192.168.2.7
May 11, 2022 10:42:45.022366047 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:45.301584959 CEST	2323	49803	91.193.75.133	192.168.2.7
May 11, 2022 10:42:46.018390894 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:46.101577044 CEST	2323	49803	91.193.75.133	192.168.2.7
May 11, 2022 10:42:46.142712116 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:46.281748056 CEST	2323	49803	91.193.75.133	192.168.2.7
May 11, 2022 10:42:46.281879902 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:46.527369976 CEST	2323	49803	91.193.75.133	192.168.2.7
May 11, 2022 10:42:46.580240965 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:46.776066065 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:47.019366026 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:47.053891897 CEST	2323	49803	91.193.75.133	192.168.2.7
May 11, 2022 10:42:47.054476976 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:47.056818962 CEST	2323	49803	91.193.75.133	192.168.2.7
May 11, 2022 10:42:47.056998968 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:47.061705112 CEST	2323	49803	91.193.75.133	192.168.2.7
May 11, 2022 10:42:47.061831951 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:47.063785076 CEST	2323	49803	91.193.75.133	192.168.2.7
May 11, 2022 10:42:47.066694975 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:47.067882061 CEST	2323	49803	91.193.75.133	192.168.2.7
May 11, 2022 10:42:47.070760012 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:47.070884943 CEST	2323	49803	91.193.75.133	192.168.2.7
May 11, 2022 10:42:47.070997953 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:47.074671030 CEST	2323	49803	91.193.75.133	192.168.2.7
May 11, 2022 10:42:47.074820995 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:47.077711105 CEST	2323	49803	91.193.75.133	192.168.2.7
May 11, 2022 10:42:47.077826977 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:47.086848974 CEST	2323	49803	91.193.75.133	192.168.2.7
May 11, 2022 10:42:47.087024927 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:47.089823008 CEST	2323	49803	91.193.75.133	192.168.2.7
May 11, 2022 10:42:47.092442036 CEST	49803	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:51.085016966 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:51.311538935 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:51.311666965 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:51.312262058 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:51.571813107 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:51.846709967 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:51.877819061 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:52.101779938 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.101871014 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:52.371951103 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.372051954 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:52.641555071 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.653850079 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.657847881 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.660870075 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:52.660887003 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.663743019 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.666825056 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.666940928 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:52.669739962 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.671546936 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:52.680943966 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.682843924 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.682862997 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.682949066 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:52.683736086 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.686872005 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:52.901307106 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.901346922 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.901484966 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:52.905154943 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.905719995 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.905850887 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:52.907864094 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.916843891 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.918781042 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.918889999 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:52.921857119 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.923271894 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:52.923875093 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.932848930 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.932972908 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:52.936806917 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.937901020 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.938000917 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.938020945 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:52.939924002 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.941862106 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.941979885 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:52.945255041 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.947212934 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:52.948975086 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.951811075 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.954843044 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.954967976 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:52.956899881 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:52.958889961 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.078454018 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.140831947 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.140876055 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.140980005 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.141017914 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.141709089 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.141830921 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.144969940 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.146872997 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.147808075 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.147898912 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.157886028 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.159090996 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.159171104 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.159322977 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.160855055 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.163574934 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.169820070 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.169877052 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.169985056 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.173896074 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.175307989 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.175420046 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.179790974 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.179930925 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.180036068 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.186716080 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.186770916 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.186867952 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.186877012 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.186916113 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.188708067 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.188808918 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.191797972 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.194735050 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.194906950 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.195687056 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.197695017 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.197807074 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.208636999 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.208710909 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.210784912 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.212904930 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.213799000 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.213813066 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.213887930 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.213906050 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.213989019 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.215725899 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.215785027 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.217709064 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.217793941 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.220743895 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.220808029 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.222722054 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.222789049 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.233901024 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.234354019 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.236785889 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.236820936 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.236871004 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.236891031 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.240984917 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.241020918 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.241097927 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.241619110 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.241676092 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.243776083 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.243947029 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.253786087 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.253825903 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.253926039 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.253938913 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.253993988 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.383991957 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.384123087 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.387716055 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.391769886 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.391988993 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.394905090 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.397702932 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.399840117 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.400002003 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.402900934 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.404515982 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.405157089 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.406744003 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.407953978 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.409899950 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.419945002 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.420018911 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.420171022 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.420653105 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.420744896 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.429879904 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.433064938 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.433094978 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.433147907 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.434806108 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.434894085 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.437747955 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.447849989 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.447962046 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.450838089 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.450872898 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.450999975 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.451050997 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.460334063 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.460403919 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.460563898 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.464801073 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.469885111 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.470007896 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.473862886 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.473906040 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.473928928 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.474004030 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.475827932 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.475941896 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.478677034 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.479708910 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.479824066 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.481715918 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.483791113 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.483957052 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.488792896 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.490685940 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.490797043 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.500861883 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.501719952 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.501959085 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.504787922 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.504831076 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.505002022 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.513835907 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.515799046 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.515948057 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.519814968 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.520872116 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.521049023 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.521619081 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.523757935 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.523891926 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.526151896 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.528747082 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.528939962 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.537822008 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.537849903 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.537904024 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.537974119 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.538810015 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.538896084 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.638909101 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.649816990 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.649888039 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.651205063 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.651920080 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.652008057 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.652848959 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.656719923 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.656793118 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.662118912 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.662208080 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.662209034 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.662278891 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.662823915 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.665801048 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.665879965 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.668000937 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.670883894 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.670952082 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.673726082 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.684942961 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.684978008 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.684993982 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.685010910 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.685062885 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.685117960 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.687762976 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.687859058 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.690942049 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.693830967 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.693958998 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.695691109 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.698738098 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.698836088 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.708956003 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.708997011 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.709081888 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.713726044 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.715814114 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.715945959 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.718791008 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.719780922 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.719902992 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.732886076 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.732923985 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.733095884 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.733853102 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.737809896 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.737937927 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.745235920 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.745265007 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.745573997 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.756880999 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.757941961 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.758068085 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.761347055 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.761374950 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.761472940 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.771994114 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.772784948 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.772900105 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.776281118 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.778712034 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.778914928 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.788975954 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.789022923 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.789046049 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.789167881 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.814534903 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.814652920 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.814707994 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.814728022 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.814771891 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.814802885 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.816961050 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.817095995 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.817801952 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.880870104 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.881031990 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.882733107 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.885232925 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.885349989 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.887820005 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.897283077 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.897406101 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.901400089 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.902909040 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.903002977 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.914743900 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.926063061 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.926207066 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.928865910 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.933161020 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.933258057 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.935882092 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.938648939 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.938762903 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.941847086 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.944713116 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.944854975 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.954868078 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.954921961 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.955045938 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.960980892 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.961021900 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.961046934 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.961117983 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.961143017 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.970921993 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.971095085 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.974807024 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.975778103 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.975914001 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.980844975 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.983076096 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.983227015 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:53.985867023 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.988857985 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:53.988996029 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.000989914 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.002943039 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.003063917 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.012859106 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.013149977 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.013175011 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.013235092 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.014844894 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.014924049 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.016812086 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.019834995 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.019932032 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.029849052 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.032849073 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.032989979 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.034815073 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.036768913 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.036880016 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.046989918 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.048702002 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.048924923 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.060810089 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.063935041 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.063973904 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.064095020 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.065668106 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.065808058 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.075994968 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.077893019 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.077930927 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.078032017 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.088821888 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.088862896 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.088999987 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.092833996 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.092952967 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.093833923 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.097774029 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.097907066 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.103044033 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.105782032 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.105925083 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.118010998 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.123877048 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.124026060 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.128887892 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.139775038 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.139983892 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.142769098 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.148907900 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.149069071 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.154805899 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.161995888 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.162154913 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.173790932 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.184968948 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.185142040 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.190203905 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.201240063 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.201425076 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.202951908 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.207875967 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.208028078 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.213924885 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.217235088 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.217343092 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.219855070 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.222790003 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.222862959 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.225856066 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.228687048 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.228792906 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.230819941 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.242027998 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.242104053 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.242153883 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.242186069 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.242228031 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.243722916 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.254903078 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.254968882 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.255058050 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.264055967 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.264143944 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.264347076 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.267849922 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.267992973 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.274782896 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.278925896 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.279077053 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.284020901 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.285763979 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.285872936 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.285893917 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.294879913 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.295007944 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.305330038 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.305370092 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.305494070 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.306911945 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.307804108 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.307914972 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.308815956 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.308852911 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.308926105 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.308967113 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.311763048 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.311878920 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.313841105 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.313967943 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.317951918 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.318053961 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.323924065 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.323970079 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.324074030 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.328537941 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.329874992 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.330033064 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.333724022 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.333756924 CEST	2323	49807	91.193.75.133	192.168.2.7
May 11, 2022 10:42:54.333852053 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:54.333894968 CEST	49807	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:58.478550911 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:58.702240944 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:42:58.702389956 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:58.703037024 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:58.998739004 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:42:59.285814047 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:42:59.550587893 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:42:59.970763922 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:42:59.971060038 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:00.201026917 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:00.253278971 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:00.269339085 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:00.541719913 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:00.541809082 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:00.810684919 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:00.852895975 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:00.856825113 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:00.856903076 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:00.859721899 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:00.862907887 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:00.863713026 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:00.865782976 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:00.868834972 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:00.868978977 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:00.878875971 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:00.880877972 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:00.880929947 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:00.881000996 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:00.890059948 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:00.890127897 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.082978010 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.083096027 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.083276987 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.092839956 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.096704960 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.096740007 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.096822977 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.100763083 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.104195118 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.105737925 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.111835003 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.111922026 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.121975899 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.122016907 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.122128010 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.132803917 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.132843971 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.132904053 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.142993927 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.143040895 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.143068075 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.143143892 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.145766973 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.148458958 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.149025917 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.159012079 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.160330057 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.160895109 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.160932064 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.163217068 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.272595882 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.321160078 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.321808100 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.326755047 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.328320980 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.329319000 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.329528093 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.337989092 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.340416908 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.343930006 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.343970060 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.344043970 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.344624996 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.344686985 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.355794907 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.357568979 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.360806942 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.362104893 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.362226963 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.371994019 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.372061968 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.374270916 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.374310017 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.374382019 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.374691963 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.375011921 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.378089905 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.378201008 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.380693913 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.383198023 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.383663893 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.383744955 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.393789053 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.393868923 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.394026995 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.394085884 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.394097090 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.394165993 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.403862000 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.403897047 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.403989077 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.404678106 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.408878088 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.408966064 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.413749933 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.413846016 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.413966894 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.416810989 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.421675920 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.426970959 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.427000046 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.427098036 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.433825970 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.433865070 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.433927059 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.433969975 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.440090895 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.440171003 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.440177917 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.440624952 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.445993900 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.446090937 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.446209908 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.446266890 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.446757078 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.446832895 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.449881077 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.451777935 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.451889038 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.462018013 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.462121964 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.462153912 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.462197065 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.462268114 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.462353945 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:01.465289116 CEST	2323	49808	91.193.75.133	192.168.2.7
May 11, 2022 10:43:01.465415001 CEST	49808	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:05.387655973 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:05.601804972 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:05.602025032 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:05.602510929 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:05.890270948 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:05.961791992 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:05.984683037 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:06.211467028 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:06.394473076 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:06.473922014 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:06.741854906 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:06.741982937 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.011801958 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.022911072 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.025772095 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.025885105 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.028765917 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.031205893 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.031342030 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.040088892 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.040179968 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.040388107 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.045912981 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.045975924 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.046058893 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.047694921 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.060046911 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.060235023 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.267899990 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.268737078 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.268829107 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.279372931 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.279412985 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.279512882 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.280890942 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.283816099 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.283899069 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.283972979 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.293884993 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.293984890 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.297311068 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.298688889 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.298778057 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.301865101 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.310993910 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.311039925 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.311178923 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.320874929 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.321008921 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.325881958 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.331712961 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.331836939 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.332748890 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.335748911 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.335822105 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.339118958 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.341773987 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.341871023 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.488768101 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.493685007 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.493813038 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.496746063 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.496922016 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.499963045 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.500049114 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.502783060 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.502887011 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.512973070 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.513066053 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.516875982 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.516916037 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.516941071 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.516952038 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.516973019 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.516994953 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.519838095 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.519948006 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.523861885 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.523967028 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.532778978 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.532962084 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.537879944 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.537920952 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.537982941 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.538006067 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.543879032 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.543966055 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.543983936 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.544017076 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.544035912 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.544066906 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.553821087 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.553904057 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.553930044 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.553950071 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.553975105 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.556941032 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.557020903 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.565912962 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.566040993 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.567799091 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.567835093 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.567898035 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.567920923 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.568823099 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.568901062 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.579097033 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.579193115 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.580250025 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.580285072 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.580337048 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.580387115 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.581844091 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.582034111 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.591845989 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.591994047 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.594780922 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.594971895 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.597181082 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.597258091 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.597279072 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.597345114 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.598839998 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.598920107 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.600809097 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.600929976 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.611952066 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.611990929 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.612111092 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.612159967 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.616913080 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.617032051 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.617845058 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.617878914 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.617933989 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.617952108 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.619909048 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.620007992 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:07.629829884 CEST	2323	49809	91.193.75.133	192.168.2.7
May 11, 2022 10:43:07.629978895 CEST	49809	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:15.264926910 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:15.507231951 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:15.507335901 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:15.507853031 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:15.761796951 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:15.841799974 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:15.842073917 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:16.078870058 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:16.079013109 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:16.350637913 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:16.761557102 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.029596090 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.029709101 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.072710991 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.072812080 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.074837923 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.074940920 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.085838079 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.085864067 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.085973024 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.097774029 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.097821951 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.097843885 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.097872972 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.102823973 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.102942944 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.154772043 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.154819012 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.154905081 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.154938936 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.154984951 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.155050993 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.292979956 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.295864105 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.295953989 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.300645113 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.302839994 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.302917957 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.313848019 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.313894033 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.313966036 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.314016104 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.324033976 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.324682951 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.328756094 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.328810930 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.328927040 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.334908009 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.340821028 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.340929985 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.345736980 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.351010084 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.351109982 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.392843962 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.404788971 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.404834986 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.404889107 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.409816980 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.409878969 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.413707018 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.420779943 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.420866966 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.518804073 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.524796009 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.524921894 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.527746916 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.533792973 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.533902884 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.534018040 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.540771961 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.540816069 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.540901899 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.540929079 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.541007042 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.543726921 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.550445080 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.550549030 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.550851107 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.569087982 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.569138050 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.569166899 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.569179058 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.569232941 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.570013046 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.570059061 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.570080996 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.570127010 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.571738958 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.574810028 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.574881077 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.584836006 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.586827040 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.586867094 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.586910009 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.590914965 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.590981007 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.595837116 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.595951080 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.596007109 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.598716021 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.609957933 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.610011101 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.610076904 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.610677958 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.610797882 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.628783941 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.628947973 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.629028082 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.632837057 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.635912895 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.635998964 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.644864082 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.648811102 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.648853064 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.648933887 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.651643991 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.651705980 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.662700891 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.664741993 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.664845943 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.665880919 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.666702032 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.666775942 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.668756962 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.769918919 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.770030022 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.774821043 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.776808023 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.776932001 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.781883955 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.791748047 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.791821957 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.792763948 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.802831888 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.802905083 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.809020996 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.811754942 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.811861038 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.811872959 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.828871965 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.828929901 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.828982115 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.830750942 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.830851078 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.840869904 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.845797062 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.845885038 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.850766897 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.864860058 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.864903927 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.865479946 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.869396925 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.869528055 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.875715971 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.880911112 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.881036043 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.885874033 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.887727976 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.887830973 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.891834021 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.891891003 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.891932964 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.903805017 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.903915882 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.905834913 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.905916929 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.912707090 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.912802935 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.913944960 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.914061069 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.923732042 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.923829079 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.932847023 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.932894945 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.932913065 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.932982922 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.943794012 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.943939924 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.954747915 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.954826117 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.957824945 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.957912922 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.976913929 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.976975918 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.977040052 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.977051020 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.977066040 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.977102995 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.977721930 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.977788925 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.987668037 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.987740993 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.987741947 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.987799883 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:17.997812033 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:17.997894049 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.000962019 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.001030922 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.015702963 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.015794992 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.024991035 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.025058985 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.025059938 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.025141954 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.031820059 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.031915903 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.031992912 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.032133102 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.037120104 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.037185907 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.052947998 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.053052902 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.055905104 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.056035995 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.067694902 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.067780018 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.067919970 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.067977905 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.076947927 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.077040911 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.080876112 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.080965042 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.083821058 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.083884954 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.086889029 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.087032080 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.096841097 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.096920013 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.101917028 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.102001905 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.105880022 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.105943918 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.105959892 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.106012106 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.117898941 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.117965937 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.128818989 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.128864050 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.128880024 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.128905058 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.132838011 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.132900000 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.135776997 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.135838032 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.138884068 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.139012098 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.152750969 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.152899981 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.166623116 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.166702986 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.166973114 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.167020082 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.167089939 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.167110920 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.169950962 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.170017004 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.178725958 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.178776979 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.178803921 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.178833008 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:18.185921907 CEST	2323	49821	91.193.75.133	192.168.2.7
May 11, 2022 10:43:18.185997963 CEST	49821	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:21.972279072 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:22.202116966 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:22.202395916 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:22.202903032 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:22.461815119 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:22.541846037 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:22.545038939 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:22.778883934 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:22.924483061 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.190710068 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.396244049 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.687808990 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.697029114 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.697066069 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.697096109 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.697181940 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.697231054 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.700790882 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.700829029 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.700867891 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.700932026 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.709980011 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.710135937 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.710761070 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.711802959 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.711911917 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.920872927 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.924010038 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.925915956 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.926062107 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.928813934 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.928936005 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.939877033 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.939977884 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.945116043 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.945240974 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.948707104 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.948805094 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.949865103 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.949960947 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.958853006 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.958977938 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.963273048 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.963417053 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.968698025 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.968815088 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.969800949 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.969914913 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.978915930 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.978977919 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.979051113 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.979085922 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.988765955 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.988900900 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.988982916 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.989039898 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.995790005 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.995910883 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.999049902 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.999145985 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:23.999777079 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:23.999856949 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.002929926 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.003019094 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.006882906 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.007011890 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.096925020 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.145374060 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.145483971 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.148948908 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.149023056 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.152905941 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.152966022 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.155808926 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.155874968 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.167220116 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.167311907 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.171268940 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.171356916 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.178478956 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.178647995 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.180866003 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.180942059 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.183743000 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.183799028 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.189817905 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.189918995 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.200738907 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.200871944 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.202819109 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.202925920 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.205830097 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.205940008 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.209791899 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.209856987 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.220833063 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.220932961 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.222872019 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.222979069 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.225852013 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.225989103 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.232337952 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.232438087 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.233036995 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.233138084 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.244791031 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.244811058 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.244909048 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.245002985 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.250226021 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.250411987 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.256863117 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.257049084 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.261003971 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.261025906 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.261140108 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.262696981 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.262780905 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.274318933 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.274343014 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.274414062 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.280839920 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.281122923 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.284281015 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.284393072 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.285134077 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.285301924 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.295243025 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.295373917 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.297221899 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.297352076 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.301789999 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.301839113 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.301918030 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.310806036 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.310982943 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.314162016 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.314275026 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.314308882 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.314373970 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.314623117 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.314717054 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.317882061 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.317965031 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:24.320664883 CEST	2323	49857	91.193.75.133	192.168.2.7
May 11, 2022 10:43:24.320777893 CEST	49857	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:28.186899900 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:28.401990891 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:28.402115107 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:28.402595043 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:28.681834936 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:28.741997957 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:28.742348909 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:28.987215042 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:29.033005953 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:29.067287922 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:29.338479996 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:30.105240107 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:30.470866919 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:30.978295088 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.252876997 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.252983093 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.255734921 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.255862951 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.264851093 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.265017986 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.269628048 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.269678116 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.269799948 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.274899960 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.274950027 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.275062084 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.275103092 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.279695988 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.279793978 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.279836893 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.279910088 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.281737089 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.281821012 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.498908043 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.500638008 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.500785112 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.503709078 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.512808084 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.513000011 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.517764091 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.524194956 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.524297953 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.524389029 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.527201891 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.527312994 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.529618979 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.534320116 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.534499884 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.542870045 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.548285961 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.548448086 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.552170992 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.557990074 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.558142900 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.569822073 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.574525118 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.574698925 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.575711966 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.577676058 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.577835083 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.580745935 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.585295916 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.585489035 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.731993914 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.734745979 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.734920025 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.736742973 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.746406078 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.746561050 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.748712063 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.750858068 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.751019955 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.754787922 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.762372971 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.762433052 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.762542009 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.762592077 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.762654066 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.772804022 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.772862911 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.772990942 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.779850960 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.783843040 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.784009933 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.785844088 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.795152903 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.795809984 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.797211885 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.803889990 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.804048061 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.805183887 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.814969063 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.815020084 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.815113068 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.820754051 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.820915937 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.821870089 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.821927071 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.822011948 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.830935001 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.834911108 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.835032940 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.845205069 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.845259905 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.845299959 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.845369101 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.849756002 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.849867105 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.849946976 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.861769915 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.861819983 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.861879110 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.861968040 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.862143993 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.864746094 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.870215893 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.870362043 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.873737097 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.976809978 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.976875067 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.976995945 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.977653980 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.977766037 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.980940104 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.984285116 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.984426975 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.986836910 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.998087883 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:31.998204947 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:31.998923063 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.000086069 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.000158072 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.002789021 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.006917953 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.007061005 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.009634972 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.012947083 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.013075113 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.014821053 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.017612934 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.017728090 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.019907951 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.031362057 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.031423092 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.031543016 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.034826994 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.034962893 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.040884972 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.045917034 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.046106100 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.052424908 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.071980000 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.072043896 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.072083950 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.072127104 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.072130919 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.072158098 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.072174072 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.072232008 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.072307110 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.077940941 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.078083038 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.082854033 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.083697081 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.083801031 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.097953081 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.100877047 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.101012945 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.111419916 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.113401890 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.113562107 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.119929075 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.119990110 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.120076895 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.122845888 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.126720905 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.126825094 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.138375998 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.141799927 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.141861916 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.141921997 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.149266005 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.149329901 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.149432898 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.204045057 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.204216003 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.207845926 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.208952904 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.209063053 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.214854002 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.219010115 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.219161987 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.220828056 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.229939938 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.230099916 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.231766939 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.231810093 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.231924057 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.236933947 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.238940954 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.239027977 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.242816925 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.247937918 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.248084068 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.258961916 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.264914989 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.264971972 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.265012026 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.265078068 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.265115976 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.266798973 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.269773006 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.269917011 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.279895067 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.291251898 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.291398048 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.296675920 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.296720028 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.296813965 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.306857109 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.315903902 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.315998077 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.322369099 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.327318907 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.327456951 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.327759981 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.338788986 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.338829994 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.338958979 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.339662075 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.339757919 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.343841076 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.355082989 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.355315924 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.356718063 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.360912085 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.361064911 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.363799095 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.367836952 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.367999077 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.371088982 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.373775005 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.373917103 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.375720978 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.385397911 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.385590076 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.399785042 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.406601906 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.663160086 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.663343906 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.665184021 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.665312052 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.666205883 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.666307926 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.666958094 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.667020082 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.667056084 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.667081118 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.668775082 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.668876886 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.671849012 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.671958923 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.680913925 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.680973053 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.681005001 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.681040049 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.682109118 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.682183027 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.685818911 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.685926914 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.688844919 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.688949108 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.693738937 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.693850994 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.703610897 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.703669071 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.703751087 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.703798056 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.703928947 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.703989983 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.713330030 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.713432074 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.716799974 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.716849089 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.716892958 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.716914892 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.725832939 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.725954056 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.729221106 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.729327917 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.730114937 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.730190992 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.740874052 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.741007090 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.744004965 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.744025946 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.744139910 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.744187117 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.746198893 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.746361017 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.748744011 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.748821974 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.751791000 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.751888037 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.761418104 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.761481047 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.761565924 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.761605024 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.770066977 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.770128965 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.770178080 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.770220995 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.776722908 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.776865005 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.780761003 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.780812025 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.780850887 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.780880928 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.780910969 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.789978981 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.790026903 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.790061951 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.790123940 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.797192097 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.797341108 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.799895048 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.800055027 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.803852081 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.803960085 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.810777903 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.810828924 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.810872078 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.810898066 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.811791897 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.811877012 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.820887089 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.821005106 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.823846102 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.823921919 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.827828884 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.827860117 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.827934027 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.827960014 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.837228060 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.837315083 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.839914083 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.840002060 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:32.840007067 CEST	2323	49869	91.193.75.133	192.168.2.7
May 11, 2022 10:43:32.840059042 CEST	49869	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:36.492446899 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:36.720629930 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:36.720774889 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:36.721599102 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:37.018235922 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:37.121714115 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:37.124953985 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:37.379034042 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:37.379462957 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:37.747684002 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:37.747828007 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.030603886 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.044013023 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.047764063 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.047976017 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.049875975 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.052834034 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.052958965 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.061774969 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.061822891 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.061861038 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.061904907 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.070849895 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.070899963 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.070930958 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.077722073 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.078083038 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.378002882 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.587971926 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.588141918 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.591089010 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.591178894 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.593858957 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.593945980 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.597281933 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.597373009 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.599775076 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.599864006 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.602782965 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.602925062 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.612766027 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.612868071 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.613836050 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.613904953 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.617227077 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.617300987 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.619751930 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.619839907 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.623914003 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.623974085 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.629857063 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.629971981 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.630789042 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.630846977 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.632806063 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.632882118 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.637758017 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.637945890 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.640737057 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.640803099 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.647830009 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.647933960 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.649692059 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.649777889 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.655914068 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.655976057 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.665282965 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:38.665426016 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:38.940134048 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.098726988 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.315000057 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.316972971 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.317042112 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.317867994 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.319032907 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.319258928 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.319722891 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.321669102 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.321718931 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.341978073 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.342010975 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.343307018 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.343770027 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.346086025 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.346154928 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.350755930 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.360924006 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.361017942 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.361124039 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.372837067 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.372993946 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.375812054 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.379529953 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.379689932 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.379719973 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.380987883 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.381385088 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.386128902 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.386662960 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.397406101 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.397473097 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.397533894 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.397712946 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.401489973 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.401582003 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.403728008 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.403856993 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.417905092 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.418103933 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.429877043 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.430092096 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.438293934 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.438424110 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.443795919 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.444518089 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.454341888 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.454394102 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.454451084 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.454482079 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.454722881 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.454839945 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.464061022 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.464303970 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.468873978 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.469012022 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:39.695183039 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:39.695847034 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:40.020148993 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:40.020212889 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:40.020255089 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:40.020292997 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:40.020467043 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:40.020813942 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:40.020966053 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:40.031054974 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:40.032026052 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:40.032155991 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:40.032263994 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:40.035096884 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:40.037075043 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:40.044975042 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:40.045073986 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:40.045543909 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:40.050803900 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:40.050916910 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:40.051250935 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:40.060993910 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:40.065383911 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:40.066023111 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:40.066159964 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:40.066926003 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:40.067177057 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:40.078577995 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:40.078777075 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:40.078886986 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:40.083229065 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:40.083405018 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:40.085784912 CEST	2323	49873	91.193.75.133	192.168.2.7
May 11, 2022 10:43:40.088614941 CEST	49873	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:43.454750061 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:43.688544035 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:43.688672066 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:43.689399004 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:43.941684008 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:44.169831038 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:44.170181990 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:44.390860081 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:44.394959927 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:44.672415972 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:44.672606945 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.039931059 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.041955948 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.042058945 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.044882059 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.050725937 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.050801992 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.057856083 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.057895899 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.057981014 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.060847044 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.071768999 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.071866035 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.078804970 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.082762957 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.082824945 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.273912907 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.278953075 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.279056072 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.281812906 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.285990953 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.286083937 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.288836002 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.298791885 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.298841953 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.298861027 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.298888922 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.298939943 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.300717115 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.303730965 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.303797007 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.306190014 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.308850050 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.308929920 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.312850952 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.314892054 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.315067053 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.325727940 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.328721046 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.328792095 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.329874992 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.339828014 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.339874983 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.339922905 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.346734047 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.346818924 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.532674074 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.532749891 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.532809973 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.532855034 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.535840034 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.535916090 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.538722992 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.541744947 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.541832924 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.543581963 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.552792072 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.552859068 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.552913904 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.561744928 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.561842918 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.562783957 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.562860012 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.563175917 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.571930885 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.574771881 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.574863911 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.577662945 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.577876091 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.578073978 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.588854074 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.590709925 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.590889931 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.592952013 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.593014002 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.593132019 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.594655991 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.606276035 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.606327057 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.606452942 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.606674910 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.606734991 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.609798908 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.611753941 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.611881971 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.622392893 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.622451067 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.622493029 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.622523069 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.633935928 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.634056091 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.635828972 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.642745972 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.642788887 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.642899990 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.648958921 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.649318933 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.655651093 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.655796051 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.655836105 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.655884981 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.657788038 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.659189939 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.668998957 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.669059992 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.669101000 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.669198036 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.722125053 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.848798990 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.852921963 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.853080034 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.853662014 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.859024048 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.859177113 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.860567093 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.864748001 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.864927053 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.869090080 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.870861053 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.871114016 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.882932901 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.887490988 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.889563084 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.891931057 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.892940044 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.893084049 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.896611929 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.898683071 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.900245905 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.908993959 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.909022093 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.909157991 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.911688089 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.914872885 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.917685986 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.925867081 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.928802013 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.928945065 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.932718039 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.941634893 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.941740036 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.941956043 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.941983938 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.942148924 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.942753077 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.954082012 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.954200983 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.962812901 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.962853909 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.962913990 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.962924957 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.971704960 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.972641945 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.972793102 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.975708008 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.975847960 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.984628916 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.984721899 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:45.984944105 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:45.994725943 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.004724979 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.004750967 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.004910946 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.013828993 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.013861895 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.013884068 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.013978958 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.014238119 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.017693996 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.019763947 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.019877911 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.030788898 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.033305883 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.033418894 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.042759895 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.044652939 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.044678926 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.044774055 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.047714949 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.047812939 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.050689936 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.053641081 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.053845882 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.065175056 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.070936918 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.071053028 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.075664997 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.096854925 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.096884966 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.097023010 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.097059011 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.097486019 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.106904984 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.109751940 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.110830069 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.110964060 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.118762970 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.118916988 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.122751951 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.126739025 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.128088951 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.130606890 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.133739948 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.133919954 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.137283087 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.138806105 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.138928890 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.141717911 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.152782917 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.152851105 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.152899981 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.158866882 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.159014940 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.164802074 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.173885107 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.174005985 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.177834034 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.182856083 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.182972908 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.184717894 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.191916943 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.192018986 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.200906992 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.211769104 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.211878061 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.236969948 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.252942085 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.252986908 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.253298998 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.253813982 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.257344007 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.271137953 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.309809923 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.311737061 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.311863899 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.364564896 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.541285038 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.541337013 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.541378021 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.541624069 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.591790915 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.591919899 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.603252888 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.604929924 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.604988098 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.605081081 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.614130974 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.614178896 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.614268064 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.614347935 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.614741087 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.615674019 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.617770910 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.617851019 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.629002094 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.629034996 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.629117966 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.635241985 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.638684034 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.638818026 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.644793034 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.646150112 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.646245003 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.648827076 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.651730061 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.651786089 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.655879974 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.664750099 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.664885044 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.670762062 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.671741009 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.675580025 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.675651073 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.678642035 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.678720951 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.680705070 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.683685064 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.683760881 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.685771942 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.688961029 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.689066887 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.699188948 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.701267958 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.701318979 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.701400042 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.704838991 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.704948902 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.710784912 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.712043047 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.712112904 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.741215944 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.741460085 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.742125988 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.742192030 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.742193937 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.742275000 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.742326975 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.742537975 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.742588997 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.747823954 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.749754906 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.749845028 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.764961958 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.765012026 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.765122890 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.770884037 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.795154095 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.795310974 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.797703981 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.813896894 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.814030886 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.860881090 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.863284111 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.863492966 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.874917984 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.880855083 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.880975008 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.892905951 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.897826910 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.897902966 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.901819944 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.925399065 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.925487041 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.925498962 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.925553083 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.925616980 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.934901953 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.941181898 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.941243887 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.941335917 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.950923920 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.951131105 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.953696012 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.953783989 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.953973055 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.971951962 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.982758045 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.983010054 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.984745026 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.997760057 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:46.997961044 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:46.999775887 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.004158974 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.004241943 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.010142088 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.019232988 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.019370079 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.020716906 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.022821903 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.023094893 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.031892061 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.033782005 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.033951998 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.040781021 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.047790051 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.047887087 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.059823990 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.060806990 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.060949087 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.065210104 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.069864988 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.070154905 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.074807882 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.074852943 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.074958086 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.079771042 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.088927984 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.089066029 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.090744972 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.093744040 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.093852043 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.098761082 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.101708889 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.101958990 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.105197906 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.110735893 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.110816956 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.121795893 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.125221014 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.125276089 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.125345945 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.131762981 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.131860971 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.135862112 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.144710064 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.145637035 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.146748066 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.146791935 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.146857977 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.151911974 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.161919117 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.162132978 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.164833069 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.166776896 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.166903019 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.172084093 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.174649954 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.174746990 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.185014009 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.185153008 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.185194016 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.185291052 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.186883926 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.187014103 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.197757959 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.197805882 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.197954893 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.211807966 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.211862087 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.211935997 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.215334892 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.215394020 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.215481997 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.217803001 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.221272945 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.221344948 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.224812984 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.268982887 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.374891996 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:47.641700029 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.882106066 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:47.909270048 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:48.197403908 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:48.253459930 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:48.489674091 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:48.490601063 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:48.701776028 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:48.701950073 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:48.971162081 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:48.971486092 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:49.241816044 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:49.309535027 CEST	49875	2323	192.168.2.7	91.193.75.133
May 11, 2022 10:43:49.578877926 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:54.145792961 CEST	2323	49875	91.193.75.133	192.168.2.7
May 11, 2022 10:43:54.191637039 CEST	49875	2323	192.168.2.7	91.193.75.133

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 11, 2022 10:42:07.846601009 CEST	50519	53	192.168.2.7	8.8.8.8
May 11, 2022 10:42:07.867922068 CEST	53	50519	8.8.8.8	192.168.2.7
May 11, 2022 10:42:15.350569963 CEST	54143	53	192.168.2.7	8.8.8.8
May 11, 2022 10:42:15.369637966 CEST	53	54143	8.8.8.8	192.168.2.7
May 11, 2022 10:42:22.935004950 CEST	52480	53	192.168.2.7	8.8.8.8
May 11, 2022 10:42:22.954726934 CEST	53	52480	8.8.8.8	192.168.2.7
May 11, 2022 10:42:29.905711889 CEST	50125	53	192.168.2.7	8.8.8.8
May 11, 2022 10:42:29.927062035 CEST	53	50125	8.8.8.8	192.168.2.7
May 11, 2022 10:42:37.024189949 CEST	65214	53	192.168.2.7	8.8.8.8
May 11, 2022 10:42:37.043608904 CEST	53	65214	8.8.8.8	192.168.2.7
May 11, 2022 10:42:44.090857029 CEST	62843	53	192.168.2.7	8.8.8.8
May 11, 2022 10:42:44.109671116 CEST	53	62843	8.8.8.8	192.168.2.7
May 11, 2022 10:42:51.063699961 CEST	59946	53	192.168.2.7	8.8.8.8
May 11, 2022 10:42:51.082979918 CEST	53	59946	8.8.8.8	192.168.2.7
May 11, 2022 10:42:58.456557035 CEST	60920	53	192.168.2.7	8.8.8.8
May 11, 2022 10:42:58.477355957 CEST	53	60920	8.8.8.8	192.168.2.7
May 11, 2022 10:43:05.366317034 CEST	51160	53	192.168.2.7	8.8.8.8
May 11, 2022 10:43:05.385807991 CEST	53	51160	8.8.8.8	192.168.2.7
May 11, 2022 10:43:15.109352112 CEST	49495	53	192.168.2.7	8.8.8.8
May 11, 2022 10:43:15.128709078 CEST	53	49495	8.8.8.8	192.168.2.7
May 11, 2022 10:43:21.949346066 CEST	62837	53	192.168.2.7	8.8.8.8
May 11, 2022 10:43:21.971178055 CEST	53	62837	8.8.8.8	192.168.2.7
May 11, 2022 10:43:28.166333914 CEST	51516	53	192.168.2.7	8.8.8.8
May 11, 2022 10:43:28.185709953 CEST	53	51516	8.8.8.8	192.168.2.7
May 11, 2022 10:43:36.466886044 CEST	64521	53	192.168.2.7	8.8.8.8
May 11, 2022 10:43:36.487708092 CEST	53	64521	8.8.8.8	192.168.2.7
May 11, 2022 10:43:43.429339886 CEST	49198	53	192.168.2.7	8.8.8.8
May 11, 2022 10:43:43.447773933 CEST	53	49198	8.8.8.8	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
May 11, 2022 10:42:07.846601009 CEST	192.168.2.7	8.8.8.8	0x3026	Standard query (0)	youngnonte.hopto.org	A (IP address)	IN (0x0001)
May 11, 2022 10:42:15.350569963 CEST	192.168.2.7	8.8.8.8	0xef57	Standard query (0)	youngnonte.hopto.org	A (IP address)	IN (0x0001)
May 11, 2022 10:42:22.935004950 CEST	192.168.2.7	8.8.8.8	0x7a53	Standard query (0)	youngnonte.hopto.org	A (IP address)	IN (0x0001)
May 11, 2022 10:42:29.905711889 CEST	192.168.2.7	8.8.8.8	0x8cdf	Standard query (0)	youngnonte.hopto.org	A (IP address)	IN (0x0001)
May 11, 2022 10:42:37.024189949 CEST	192.168.2.7	8.8.8.8	0x373b	Standard query (0)	youngnonte.hopto.org	A (IP address)	IN (0x0001)
May 11, 2022 10:42:44.090857029 CEST	192.168.2.7	8.8.8.8	0x2b83	Standard query (0)	youngnonte.hopto.org	A (IP address)	IN (0x0001)
May 11, 2022 10:42:51.063699961 CEST	192.168.2.7	8.8.8.8	0xa6c6	Standard query (0)	youngnonte.hopto.org	A (IP address)	IN (0x0001)
May 11, 2022 10:42:58.456557035 CEST	192.168.2.7	8.8.8.8	0x6f9c	Standard query (0)	youngnonte.hopto.org	A (IP address)	IN (0x0001)
May 11, 2022 10:43:05.366317034 CEST	192.168.2.7	8.8.8.8	0x7267	Standard query (0)	youngnonte.hopto.org	A (IP address)	IN (0x0001)
May 11, 2022 10:43:15.109352112 CEST	192.168.2.7	8.8.8.8	0x881c	Standard query (0)	youngnonte.hopto.org	A (IP address)	IN (0x0001)
May 11, 2022 10:43:21.949346066 CEST	192.168.2.7	8.8.8.8	0x1d62	Standard query (0)	youngnonte.hopto.org	A (IP address)	IN (0x0001)
May 11, 2022 10:43:28.166333914 CEST	192.168.2.7	8.8.8.8	0xccd9	Standard query (0)	youngnonte.hopto.org	A (IP address)	IN (0x0001)
May 11, 2022 10:43:36.466886044 CEST	192.168.2.7	8.8.8.8	0xc95d	Standard query (0)	youngnonte.hopto.org	A (IP address)	IN (0x0001)
May 11, 2022 10:43:43.429339886 CEST	192.168.2.7	8.8.8.8	0x78f5	Standard query (0)	youngnonte.hopto.org	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
May 11, 2022 10:42:07.867922068 CEST	8.8.8.8	192.168.2.7	0x3026	No error (0)	youngnonte.hopto.org	91.193.75.133	A (IP address)	IN (0x0001)
May 11, 2022 10:42:15.369637966 CEST	8.8.8.8	192.168.2.7	0xef57	No error (0)	youngnonte.hopto.org	91.193.75.133	A (IP address)	IN (0x0001)
May 11, 2022 10:42:22.954726934 CEST	8.8.8.8	192.168.2.7	0x7a53	No error (0)	youngnonte.hopto.org	91.193.75.133	A (IP address)	IN (0x0001)
May 11, 2022 10:42:29.927062035 CEST	8.8.8.8	192.168.2.7	0x8cdf	No error (0)	youngnonte.hopto.org	91.193.75.133	A (IP address)	IN (0x0001)
May 11, 2022 10:42:37.043608904 CEST	8.8.8.8	192.168.2.7	0x373b	No error (0)	youngnonte.hopto.org	91.193.75.133	A (IP address)	IN (0x0001)
May 11, 2022 10:42:44.109671116 CEST	8.8.8.8	192.168.2.7	0x2b83	No error (0)	youngnonte.hopto.org	91.193.75.133	A (IP address)	IN (0x0001)
May 11, 2022 10:42:51.082979918 CEST	8.8.8.8	192.168.2.7	0xa6c6	No error (0)	youngnonte.hopto.org	91.193.75.133	A (IP address)	IN (0x0001)
May 11, 2022 10:42:58.477355957 CEST	8.8.8.8	192.168.2.7	0x6f9c	No error (0)	youngnonte.hopto.org	91.193.75.133	A (IP address)	IN (0x0001)
May 11, 2022 10:43:05.385807991 CEST	8.8.8.8	192.168.2.7	0x7267	No error (0)	youngnonte.hopto.org	91.193.75.133	A (IP address)	IN (0x0001)
May 11, 2022 10:43:15.128709078 CEST	8.8.8.8	192.168.2.7	0x881c	No error (0)	youngnonte.hopto.org	91.193.75.133	A (IP address)	IN (0x0001)
May 11, 2022 10:43:21.971178055 CEST	8.8.8.8	192.168.2.7	0x1d62	No error (0)	youngnonte.hopto.org	91.193.75.133	A (IP address)	IN (0x0001)
May 11, 2022 10:43:28.185709953 CEST	8.8.8.8	192.168.2.7	0xccd9	No error (0)	youngnonte.hopto.org	91.193.75.133	A (IP address)	IN (0x0001)
May 11, 2022 10:43:36.487708092 CEST	8.8.8.8	192.168.2.7	0xc95d	No error (0)	youngnonte.hopto.org	91.193.75.133	A (IP address)	IN (0x0001)
May 11, 2022 10:43:43.447773933 CEST	8.8.8.8	192.168.2.7	0x78f5	No error (0)	youngnonte.hopto.org	91.193.75.133	A (IP address)	IN (0x0001)

Target ID:	0
Start time:	10:41:39
Start date:	11/05/2022
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe"
Imagebase:	0x960000
File size:	1173504 bytes
MD5 hash:	1F04C12AB3A22F6806D30BACB7552F19
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.415299432.0000000002EE8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.414167821.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.416862550.0000000003F52000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.416862550.0000000003F52000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000000.00000002.416862550.0000000003F52000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
Reputation:	low

Show Windows behavior

Target ID:	4
Start time:	10:42:01
Start date:	11/05/2022
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Imagebase:	0x8d0000
File size:	45152 bytes
MD5 hash:	2867A3817C9245F7CF518524DFD18F28
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000004.00000000.408831258.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000004.00000000.408831258.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000004.00000000.408831258.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000004.00000000.409213843.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000004.00000000.409213843.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000004.00000000.409213843.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000004.00000002.631819376.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000004.00000002.631819376.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000004.00000002.631819376.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000004.00000002.631819376.0000000005E30000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000004.00000000.408232276.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000004.00000000.408232276.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000004.00000000.408232276.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000004.00000002.629684099.0000000003C51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000004.00000002.626920584.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000004.00000002.626920584.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000004.00000002.626920584.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000004.00000002.628123506.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000004.00000002.631747506.0000000005D90000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000004.00000002.631747506.0000000005D90000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000004.00000002.631747506.0000000005D90000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000004.00000000.409721909.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000004.00000000.409721909.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000004.00000000.409721909.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
Reputation:	high

Show Windows behavior

Target ID:	8
Start time:	10:42:16
Start date:	11/05/2022
Path:	C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe"
Imagebase:	0x7ff7e8070000
File size:	45152 bytes
MD5 hash:	2867A3817C9245F7CF518524DFD18F28
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 0%, Metadefender, Browse Detection: 0%, ReversingLabs
Reputation:	high

Show Windows behavior

Target ID:	9
Start time:	10:42:17
Start date:	11/05/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7bab80000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Execution Graph

Execution Coverage:	10.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	112
Total number of Limit Nodes:	8

Executed Functions

Function 012AAC10 Relevance: 1.7, APIs: 1, Instructions: 195
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 012AAE56

Memory Dump Source

Source File: 00000000.00000002.413223311.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12a0000_SecuriteInfo.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 403eb9b6c101856bb78668a9d56a8c59e67f552943de00d49b41eecc4bd721b1
Instruction ID: b230124c497b26f0a078579786363836180a81ead02fefee1b2a27cf2dffef3f
Opcode Fuzzy Hash: 403eb9b6c101856bb78668a9d56a8c59e67f552943de00d49b41eecc4bd721b1
Instruction Fuzzy Hash: EA711470A10B068FDB24DF6AD14476ABBF1FF88304F408929D686DBA50DB75E845CF91

Uniqueness

Uniqueness Score: -1.00%

Function 012A4294 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 012A5BB1

Memory Dump Source

Source File: 00000000.00000002.413223311.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12a0000_SecuriteInfo.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: f731f80da198592be3cc99d52114406a0ae66cae37f8c78fa0d1d46be942445c
Instruction ID: be7689f89d65869c7711d04b332ffacca8bd01ab14a9e1aae50bd5f830eb1763
Opcode Fuzzy Hash: f731f80da198592be3cc99d52114406a0ae66cae37f8c78fa0d1d46be942445c
Instruction Fuzzy Hash: 93410F70C1465CCBDB24CFA9C884B9EBBB6FF49308F608169D508AB245DBB46985CF90

Uniqueness

Uniqueness Score: -1.00%

Function 012AD1F1 Relevance: 1.6, APIs: 1, Instructions: 83
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,012AD0F6,?,?,?,?,?), ref: 012AD1B7

Memory Dump Source

Source File: 00000000.00000002.413223311.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12a0000_SecuriteInfo.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 3ffefab036e029273045e272c3f55c596a0bde864ed0cbcca4fe910f09c596fd
Instruction ID: 5d0d92d9302a630788a232f649962c993fd5ef95cd50985fca4135e36f04d403
Opcode Fuzzy Hash: 3ffefab036e029273045e272c3f55c596a0bde864ed0cbcca4fe910f09c596fd
Instruction Fuzzy Hash: F431CE79E903418FE345EF60F45A76A7BA6FB99300F05983AEE028B7C5CB709950CB00

Uniqueness

Uniqueness Score: -1.00%

Function 012AC30C Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,012AD0F6,?,?,?,?,?), ref: 012AD1B7

Memory Dump Source

Source File: 00000000.00000002.413223311.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12a0000_SecuriteInfo.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: c9a32db4937f33e725f1412640f311edf0ba94d83973ffd658f8447923ac8da1
Instruction ID: 371ddc52c34dbe339f41eb5e5fea8a863bb87bca1089cf47e2103e22fec6a1bd
Opcode Fuzzy Hash: c9a32db4937f33e725f1412640f311edf0ba94d83973ffd658f8447923ac8da1
Instruction Fuzzy Hash: DB21E3B59103489FDB10CF9AD884ADEBBF4FB48320F54841AE914A7711D774A954CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 012AA680 Relevance: 1.6, APIs: 1, Instructions: 63
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,012AAED1,00000800,00000000,00000000), ref: 012AB0E2

Memory Dump Source

Source File: 00000000.00000002.413223311.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12a0000_SecuriteInfo.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: eff2b2e671aeab3a4367360164a150968074e3837bef55ed5615d96468fd30f9
Instruction ID: 073a3e4ba10caf33c08b5e8128d6564a68a21d0ea6e806903c72804c4e0a60f9
Opcode Fuzzy Hash: eff2b2e671aeab3a4367360164a150968074e3837bef55ed5615d96468fd30f9
Instruction Fuzzy Hash: 642168B2804788CFCB10CFAAC484BDEBFF4EB59320F04842AD525AB601C774A549CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 012AD129 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,012AD0F6,?,?,?,?,?), ref: 012AD1B7

Memory Dump Source

Source File: 00000000.00000002.413223311.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12a0000_SecuriteInfo.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: c68362cedd4d7b7b902285b43ee879dca1d228c01be573eb85fc6191d642e75d
Instruction ID: 15a21b68f5778f4e4fe6632483bdd8b32c959428e0e46b04394234afbcd85f98
Opcode Fuzzy Hash: c68362cedd4d7b7b902285b43ee879dca1d228c01be573eb85fc6191d642e75d
Instruction Fuzzy Hash: 2421E0B5D002499FDB00CFA9D584AEEBBF4FB48320F14841AE914A3750D778AA44CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 012AA698 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,012AAED1,00000800,00000000,00000000), ref: 012AB0E2

Memory Dump Source

Source File: 00000000.00000002.413223311.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12a0000_SecuriteInfo.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 729c75e5b3db0090f2692a2ab4f7d9e401bb633e03aaf1de6e0a638a15237ee9
Instruction ID: 7a263b55dbf6c7176534d588bd48b3607ce6a6bc5ec795dfab66ff18e6316efd
Opcode Fuzzy Hash: 729c75e5b3db0090f2692a2ab4f7d9e401bb633e03aaf1de6e0a638a15237ee9
Instruction Fuzzy Hash: FD1114B6904749CFDB10CF9AC444BDEFBF4EB48320F44842AE525A7600C7B5A549CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 012AB073 Relevance: 1.6, APIs: 1, Instructions: 52
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,012AAED1,00000800,00000000,00000000), ref: 012AB0E2

Memory Dump Source

Source File: 00000000.00000002.413223311.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12a0000_SecuriteInfo.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: ee361566895a5782cbf3fdfbd1b55505a3aa2293fa9167fd7aa45e7601ca58b5
Instruction ID: 8de78f488fb5b0e86bd87d2f97436eec40e8cf0529b5030b2ec5084700a93bbc
Opcode Fuzzy Hash: ee361566895a5782cbf3fdfbd1b55505a3aa2293fa9167fd7aa45e7601ca58b5
Instruction Fuzzy Hash: 661112B6D002498FDB14CFAAD484BDEFBF4EB88320F14842AE525A7600C775A549CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 012AADF0 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 012AAE56

Memory Dump Source

Source File: 00000000.00000002.413223311.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12a0000_SecuriteInfo.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 2f45b5ee9689a7081ac68790d3dc3df8c47caf1684501deb3b6ca19b59adfda4
Instruction ID: 2c4fd3732082b213fed57c0a34028c13dfae45d4e4fb68c8d34c36ec9633f3a4
Opcode Fuzzy Hash: 2f45b5ee9689a7081ac68790d3dc3df8c47caf1684501deb3b6ca19b59adfda4
Instruction Fuzzy Hash: C111DFB6C006898FDB10CF9AD544ADEFBF4AF89324F54842AD929B7600C778A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0123D1FC Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.412854484.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_123d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b82221e92124ce60e5fb87c9376b50555dd3926e1b5f7a73a51d82a67d632be4
Instruction ID: 899b8f42b12a13a3cb452f4030997cc8789726f9369b42bd7b3bf1231f5e1536
Opcode Fuzzy Hash: b82221e92124ce60e5fb87c9376b50555dd3926e1b5f7a73a51d82a67d632be4
Instruction Fuzzy Hash: 5B2103B1514248EFDB06CF94D8C0B2ABB65FBC8324F648669EE054B207C776D816CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0123D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.412854484.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_123d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e4dc3ae3299eabbcfa4329df67141698f74f520805c8b812d91a2cb932961a1
Instruction ID: 23eef3267076c10e59cd9ffa10572591aad563aaf88c20d5c8c386bf1ccfcfb0
Opcode Fuzzy Hash: 3e4dc3ae3299eabbcfa4329df67141698f74f520805c8b812d91a2cb932961a1
Instruction Fuzzy Hash: 0C2148F5514248EFDB01CF54D8C0B6ABB65FBC4324F20C569EB054B206C336E846CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0124D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.412925979.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_124d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 643c21f33aaf1d8ea465907ac00b7adc73d5016f708c881636b61c4f059d82ab
Instruction ID: ef927d4f7ac5ffb0c12d58af1aa44e14400c80c17d792a9d1b1cad4f19cc9546
Opcode Fuzzy Hash: 643c21f33aaf1d8ea465907ac00b7adc73d5016f708c881636b61c4f059d82ab
Instruction Fuzzy Hash: 6E214971514248EFDB09CF94D5C0B26BBA1FB94324F20C66DEA094B347C776D846CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0124D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.412925979.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_124d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ce5405d08fccfaae70f7902790e121e23b9988f8996a2f45f60d31e6ac9b62c
Instruction ID: 818d7fead5edff5f68c577b493cc82310367b45f51b3340831235e7d4e63580d
Opcode Fuzzy Hash: 2ce5405d08fccfaae70f7902790e121e23b9988f8996a2f45f60d31e6ac9b62c
Instruction Fuzzy Hash: 91213771514248EFCB19CF54D4C4B26BB61FB94354F20C96DDA094B346C776D847CA61

Uniqueness

Uniqueness Score: -1.00%

Function 0124D006 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.412925979.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_124d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1bae623c890b0ab02836be9b9d0c655304d42d94b0ee7b0e75bc1361a5f160f
Instruction ID: d8d56c7cf2eacc606f172691017676f4dd56ee84f0cf378a3b434cab87acc909
Opcode Fuzzy Hash: d1bae623c890b0ab02836be9b9d0c655304d42d94b0ee7b0e75bc1361a5f160f
Instruction Fuzzy Hash: 67219F754083849FCB07CF64D994B11BF71EB46314F28C5EAD9498B6A7C33AD84ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 0123D1F7 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.412854484.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_123d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c8d9952c634a1209b5bb77a9bf3532fea4164f4de497655e1883f6b2462da24
Instruction ID: eace8fdc6b84702d6fda2157f422726592e4fc36adbd78df0ee752a8be424c4e
Opcode Fuzzy Hash: 9c8d9952c634a1209b5bb77a9bf3532fea4164f4de497655e1883f6b2462da24
Instruction Fuzzy Hash: 43219DB6404284DFDB06CF54D9C4B56BF72FB84320F24C6AADD440A657C33AD46ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0123D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.412854484.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_123d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82610aa3e020a866ac59a3751361b765b59786763d493822f6aa965c65018ded
Instruction ID: 85433b393ef99a037beccfc96d27a35b669c4a04e065a57c79f603c87c1b3c3e
Opcode Fuzzy Hash: 82610aa3e020a866ac59a3751361b765b59786763d493822f6aa965c65018ded
Instruction Fuzzy Hash: 2011B1B6404284DFDB12CF54D5C4B56BF71FB84324F24C6A9DA490B617C33AE45ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0124D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.412925979.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_124d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b61bc530cdc1d8e9bcdc33184057b97d6ce8be3f280e0505c2e03bdc51aecaf
Instruction ID: 0564b676c15e50127493dc01a64f5dc351e2b47b366bb5077c743810d14b55eb
Opcode Fuzzy Hash: 7b61bc530cdc1d8e9bcdc33184057b97d6ce8be3f280e0505c2e03bdc51aecaf
Instruction Fuzzy Hash: 9911BB75904284DFDB06CF54C5C4B15BBA1FB84224F28C6ADD9494B657C33AD44ACB61

Uniqueness

Uniqueness Score: -1.00%

Function 0123D745 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.412854484.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_123d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bda48aa1b17d3804af73555b5ff335115004321bbb4c549d62e19fbe2133a57
Instruction ID: fecc90a6396aebd7ffee034a60671449c51ba90cf0372e768f9a62309cf947cc
Opcode Fuzzy Hash: 3bda48aa1b17d3804af73555b5ff335115004321bbb4c549d62e19fbe2133a57
Instruction Fuzzy Hash: E9017BB14183C89AE7168E65CC84B67BF98EF81274F48C01AEF045F247C7B89844CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 0123D744 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.412854484.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_123d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10971ece39eee0c0f88b08005d8aa3f21188287e5ef16523054a93c36eadbdd4
Instruction ID: 798f47756cf3c30f8211ae2a1101a0a8f4f826143a8a57004ce31b42095968c1
Opcode Fuzzy Hash: 10971ece39eee0c0f88b08005d8aa3f21188287e5ef16523054a93c36eadbdd4
Instruction Fuzzy Hash: A3F0FC714043889EE7158E19CCC4B63FF98EB81274F18C05AEE044B787C7749844CAB0

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: RegSvcs.exePID: 4736, Parent PID: 5012COMMON

Execution Graph

Execution Coverage:	13.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	161
Total number of Limit Nodes:	8

Executed Functions

Function 06320040 Relevance: .6, Instructions: 607COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.632281707.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6320000_RegSvcs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc68aa4a710d8003dd1c9844b272c23a2e506f0628f97eb2feb8b9157238bcd7
Instruction ID: f095eb52a3b79b1d5b92c4f40c7959e64ce0266570aac5e2bbd4258a62cd296d
Opcode Fuzzy Hash: fc68aa4a710d8003dd1c9844b272c23a2e506f0628f97eb2feb8b9157238bcd7
Instruction Fuzzy Hash: 0F425E71A10616CFCB58CF58C4849AEBBF2FF88310B258969D45AA7751DB30F886CF94

Uniqueness

Uniqueness Score: -1.00%

Function 02BDB6CB Relevance: 6.1, APIs: 4, Instructions: 121
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 02BDB730
GetCurrentThread.KERNEL32 ref: 02BDB76D
GetCurrentProcess.KERNEL32 ref: 02BDB7AA
GetCurrentThreadId.KERNEL32 ref: 02BDB803

Memory Dump Source

Source File: 00000004.00000002.628091869.0000000002BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bd0000_RegSvcs.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 333c5425fc3302bfa91a86833c6d9d3bb5e33af9da94a0c8d9cd4f05522404be
Instruction ID: 28241a82799c4ea91bcecf855f40ce25efb5b6953ca7079ecc999a808f6af61f
Opcode Fuzzy Hash: 333c5425fc3302bfa91a86833c6d9d3bb5e33af9da94a0c8d9cd4f05522404be
Instruction Fuzzy Hash: D65166B4E002488FDB10CFA9D549BEEBBF1FB48318F20849AE419B3750DB785984CB65

Uniqueness

Uniqueness Score: -1.00%

Function 02BDB6D0 Relevance: 6.1, APIs: 4, Instructions: 120
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 02BDB730
GetCurrentThread.KERNEL32 ref: 02BDB76D
GetCurrentProcess.KERNEL32 ref: 02BDB7AA
GetCurrentThreadId.KERNEL32 ref: 02BDB803

Memory Dump Source

Source File: 00000004.00000002.628091869.0000000002BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bd0000_RegSvcs.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: dc019222a6b80e8c85090073ac4dacb999abc34eda40538914de7d7579cf8b26
Instruction ID: 9f6999c9f4b305756ce96c8466f0459a31a0056b6d1b2b9882bb4b38676d0622
Opcode Fuzzy Hash: dc019222a6b80e8c85090073ac4dacb999abc34eda40538914de7d7579cf8b26
Instruction Fuzzy Hash: B35164B4E002488FDB10CFA9D549BEEBBF1FB48318F20849AE019A3750DB785984CB61

Uniqueness

Uniqueness Score: -1.00%

Function 06323558 Relevance: 1.7, APIs: 1, Instructions: 211
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000004.00000002.632281707.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6320000_RegSvcs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2562a829eb334e7ab88574916bff69aab4cb4ab4ff3147b6bb7b0fb2074fd96
Instruction ID: 684131d2dfdd66f518d8148a85775e1531b3490776348087d007865befe7f7eb
Opcode Fuzzy Hash: d2562a829eb334e7ab88574916bff69aab4cb4ab4ff3147b6bb7b0fb2074fd96
Instruction Fuzzy Hash: 948167B1D0425ACFEF10CFA9C8806DEBBB5FF49314F20852AD415AB600DB74A949CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 02BD93E8 Relevance: 1.7, APIs: 1, Instructions: 194
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 02BD962E

Memory Dump Source

Source File: 00000004.00000002.628091869.0000000002BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bd0000_RegSvcs.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 128f3722f4192cb0273e0c8ac438c0d8a18a8f16ba066c16e6421815be83e5f8
Instruction ID: 48f9e89c329641b3645023b48503d92497f9b7d44368c9012e5f32bd38e6088c
Opcode Fuzzy Hash: 128f3722f4192cb0273e0c8ac438c0d8a18a8f16ba066c16e6421815be83e5f8
Instruction Fuzzy Hash: D9710270A00B058FDB24DF2AC54579ABBF1FF88218F048969D58ADBA50EB74E845CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02BDFB98 Relevance: 1.6, APIs: 1, Instructions: 143
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02BDFD0A

Memory Dump Source

Source File: 00000004.00000002.628091869.0000000002BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bd0000_RegSvcs.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 8404ae35abbab4366f8fdd5ee4880dcdfc6957f11ad79360cafc312a418a573f
Instruction ID: 55198f0d72c605eebaf8f54693f92b3e838bc6b03c38984d7f519789e0047651
Opcode Fuzzy Hash: 8404ae35abbab4366f8fdd5ee4880dcdfc6957f11ad79360cafc312a418a573f
Instruction Fuzzy Hash: 095103B1C08249AFDF11CFA9C880ADEBFB1FF49314F14816AE809AB221D7719955CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06323604 Relevance: 1.6, APIs: 1, Instructions: 143
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DnsQuery_A.DNSAPI(?,?,?,?,?,?), ref: 06323738

Memory Dump Source

Source File: 00000004.00000002.632281707.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6320000_RegSvcs.jbxd

Similarity

API ID: Query_
String ID:
API String ID: 428220571-0
Opcode ID: 20266652da2a2a3fc75619941fb33e56d88d0acfa9d85fb864b2213c0a504690
Instruction ID: 4fc4acc53a59bf54eee1adfefc420b3bae67fe54a81e400cdff81b514cdf51f4
Opcode Fuzzy Hash: 20266652da2a2a3fc75619941fb33e56d88d0acfa9d85fb864b2213c0a504690
Instruction Fuzzy Hash: 355125B1D042598FDF50CFA9C8806DDBBB5FF48304F248129E815AB350DB74994ACF91

Uniqueness

Uniqueness Score: -1.00%

Function 063218FC Relevance: 1.6, APIs: 1, Instructions: 140
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DnsQuery_A.DNSAPI(?,?,?,?,?,?), ref: 06323738

Memory Dump Source

Source File: 00000004.00000002.632281707.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6320000_RegSvcs.jbxd

Similarity

API ID: Query_
String ID:
API String ID: 428220571-0
Opcode ID: a981f957837271d8700092f05134c36e62a2948d153ead0af0b1b7ad41e81c8b
Instruction ID: c952e9b00a223c81c04e0db9d7b30c914859dab5974e522e24fb2f1202b94583
Opcode Fuzzy Hash: a981f957837271d8700092f05134c36e62a2948d153ead0af0b1b7ad41e81c8b
Instruction Fuzzy Hash: 7051F2B1D0425D9FDF54CFA9C8806DEBBB5BF48304F248129E815AB350DBB4A94ACF91

Uniqueness

Uniqueness Score: -1.00%

Function 02BDFB61 Relevance: 1.6, APIs: 1, Instructions: 130
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02BDFD0A

Memory Dump Source

Source File: 00000004.00000002.628091869.0000000002BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bd0000_RegSvcs.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 6a4e7d5461fd71c90f11c32b910dc8d36f292bc144711ceb16dad7abc36c1eb9
Instruction ID: e6f22b6fb8b653d379539e52d32d0fac680b293d79d8f2287074efd2a8c3f415
Opcode Fuzzy Hash: 6a4e7d5461fd71c90f11c32b910dc8d36f292bc144711ceb16dad7abc36c1eb9
Instruction Fuzzy Hash: E151F0B1D043499FDB14CFA9D884ADEBFB1FF48304F24816AE80AAB610D7749985CF90

Uniqueness

Uniqueness Score: -1.00%

Function 02BDFBF8 Relevance: 1.6, APIs: 1, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02BDFD0A

Memory Dump Source

Source File: 00000004.00000002.628091869.0000000002BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bd0000_RegSvcs.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: b8fc1983c0ef16b832d39bc10ca8c0eaf263bc073a25e879fc070b77863cf979
Instruction ID: af791e615f37cf542837c92195586bf9b370766fec382f340aa7abd729f2bc5a
Opcode Fuzzy Hash: b8fc1983c0ef16b832d39bc10ca8c0eaf263bc073a25e879fc070b77863cf979
Instruction Fuzzy Hash: 4641BEB1D043499FDF14CF99C884ADEBBB5FF48314F24812AE819AB610D7759985CF90

Uniqueness

Uniqueness Score: -1.00%

Function 02BDBCF9 Relevance: 1.6, APIs: 1, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02BDBD87

Memory Dump Source

Source File: 00000004.00000002.628091869.0000000002BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bd0000_RegSvcs.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 61040f2e62a29947e263aa37278a686b3a8c966c9d5442c351f89d9bb8cf6d11
Instruction ID: 86c2e1e93b02258139c6e19b842438140a5001a82708b214f3fd4b273e2f7d63
Opcode Fuzzy Hash: 61040f2e62a29947e263aa37278a686b3a8c966c9d5442c351f89d9bb8cf6d11
Instruction Fuzzy Hash: ED21E3B5904249AFDB10CFAAD984ADEBFF4EB48324F14805AE954B3310D378A954CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 02BDBD00 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02BDBD87

Memory Dump Source

Source File: 00000004.00000002.628091869.0000000002BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bd0000_RegSvcs.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 2e9afb7b5f3f1ca1cb2934b4d82a15cfe87ade2bbe0b1cf577e1534d48b460e9
Instruction ID: 9ee1017b50c0efdc19ed82cbd8711a7b9782f5629ddf25fbfb711b10a6bd4bf5
Opcode Fuzzy Hash: 2e9afb7b5f3f1ca1cb2934b4d82a15cfe87ade2bbe0b1cf577e1534d48b460e9
Instruction Fuzzy Hash: 2121C2B5D002499FDB10CFAAD984ADEBBF8FB48324F15845AE915A7310D378A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 02BD8768 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02BD96A9,00000800,00000000,00000000), ref: 02BD98BA

Memory Dump Source

Source File: 00000004.00000002.628091869.0000000002BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bd0000_RegSvcs.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: f3828baf45c2c10c731ea36bdb94a5f326e854de1d10464bb1c5b66e101d2810
Instruction ID: db73e24c6ad2115248fadec103d44d18196817ef29f7e051fd273b9a886cfff5
Opcode Fuzzy Hash: f3828baf45c2c10c731ea36bdb94a5f326e854de1d10464bb1c5b66e101d2810
Instruction Fuzzy Hash: 311133B2D042498FCB10CF9AC444BDEBBF4EB48764F04846EE519B7600D3B5A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02BD984B Relevance: 1.6, APIs: 1, Instructions: 53
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02BD96A9,00000800,00000000,00000000), ref: 02BD98BA

Memory Dump Source

Source File: 00000004.00000002.628091869.0000000002BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bd0000_RegSvcs.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 444ae80a8672db83a4df360303ae089413462c87e5c5daf73d8d32808b91863b
Instruction ID: 1a8df0beeac6b5ba879a5b2e535fee120fade0d147ce04bf643284a92340fd0b
Opcode Fuzzy Hash: 444ae80a8672db83a4df360303ae089413462c87e5c5daf73d8d32808b91863b
Instruction Fuzzy Hash: A61100B6D042499FCB10CF9AC484ADEBBF4EB88764F04846AE819B7600C7B5A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02BD95C8 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 02BD962E

Memory Dump Source

Source File: 00000004.00000002.628091869.0000000002BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bd0000_RegSvcs.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 4c93b51cfa36647f336a2aef89eccfe7c28fc1f15a94fe07f5400280d0c99019
Instruction ID: 8f49fed7a1b7bf7f5ab2396f39af567a77ec012f6be7da95167eae97befed99a
Opcode Fuzzy Hash: 4c93b51cfa36647f336a2aef89eccfe7c28fc1f15a94fe07f5400280d0c99019
Instruction Fuzzy Hash: C011E0B6D006898FCB10CF9AC444BDEFBF4EB88224F14846AD819B7600D3B5A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 02BDFE3B Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 02BDFE9D

Memory Dump Source

Source File: 00000004.00000002.628091869.0000000002BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bd0000_RegSvcs.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 1b96485d92fde26d9e2acb1fa42112e8882efb29843b371dd86d8544339d54fc
Instruction ID: 4bb48481aa38a4f700b786fd74753ff63ff398cc4ba429eaa048588b48a64029
Opcode Fuzzy Hash: 1b96485d92fde26d9e2acb1fa42112e8882efb29843b371dd86d8544339d54fc
Instruction Fuzzy Hash: DD1100B58042499FDB10CF99D589BDFBBF8EB48324F10845AE919B7700D3B4A984CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 02BDFE40 Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 02BDFE9D

Memory Dump Source

Source File: 00000004.00000002.628091869.0000000002BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bd0000_RegSvcs.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 9ac08f29cffafd79effe89ae22fbadd5bcc79a7745056f51ccf6bb3f2198cd22
Instruction ID: a803930d127d5e12fb041cc1316ae6b50a452bb9efde59d4e1bc8e9bf342b3f3
Opcode Fuzzy Hash: 9ac08f29cffafd79effe89ae22fbadd5bcc79a7745056f51ccf6bb3f2198cd22
Instruction Fuzzy Hash: FD1112B58002498FDB10CF99D589BDFFBF8EB48324F10845AE919A7700C3B4A984CFA1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 02BDE480 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.628091869.0000000002BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bd0000_RegSvcs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a48e019fa5256f095d51e62856cda7cfafd61fcde49a4b5803372c75d93cc5b
Instruction ID: f4daa43398685c75f8f3044f92f476173503167ef3037d1a5009c2f326830fe0
Opcode Fuzzy Hash: 8a48e019fa5256f095d51e62856cda7cfafd61fcde49a4b5803372c75d93cc5b
Instruction Fuzzy Hash: 251285F1411746CBE7B8CF65E9981893BB3B745328B914228D2712BAD9D7B811CACF84

Uniqueness

Uniqueness Score: -1.00%

Function 02BDBBD4 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.628091869.0000000002BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bd0000_RegSvcs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07238571d8dbe8a1aba6db9a0aed6f4d5a4f3b2cc7c6a98e999a7a6939446902
Instruction ID: 8fb9e319b3d7b6f7df6b5ab8c227bdf85b0041b0be051abcbbf840b3f51b46e3
Opcode Fuzzy Hash: 07238571d8dbe8a1aba6db9a0aed6f4d5a4f3b2cc7c6a98e999a7a6939446902
Instruction Fuzzy Hash: 61A17A36E0021ACFCF15DFB5C8845DEBBB6FF85304B1585AAE905AB220EB71A945CF40

Uniqueness

Uniqueness Score: -1.00%

Function 02BDE47B Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.628091869.0000000002BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bd0000_RegSvcs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8dba33be95773cb0de986753e4b9722e7b527ceec49ec6ec9b184366e1a24c8
Instruction ID: cbf65eba3182aaf3a26f5233d7a1f335bb1d91e46c27c6f316338b69fef40f00
Opcode Fuzzy Hash: a8dba33be95773cb0de986753e4b9722e7b527ceec49ec6ec9b184366e1a24c8
Instruction Fuzzy Hash: 9AC1ECB1811745CBD7A8DF65E8881897B73FB85328F514328D1716BAD8D7B821CACF84

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: dhcpmon.exePID: 6792, Parent PID: 3808COMMON

Executed Functions

Function 015D0F38 Relevance: 1.8, Strings: 1, Instructions: 578COMMON

Download Yara Rule

Strings

$,!l, xrefs: 015D176D

Memory Dump Source

Source File: 00000008.00000002.443858294.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_15d0000_dhcpmon.jbxd

Similarity

API ID:
String ID: $,!l
API String ID: 0-4158152801
Opcode ID: 372262b67e9b93a4735a34b0b2b3d9924e629cde975a726aa94b769f74f93164
Instruction ID: d142e0fe424f03ab049e59e666088f4d6b933c771d9ff0de0ab91a37bc50963f
Opcode Fuzzy Hash: 372262b67e9b93a4735a34b0b2b3d9924e629cde975a726aa94b769f74f93164
Instruction Fuzzy Hash: 54329F34702601CFC724DF68E4A476E77E2FB89209B14896CD5168F789DB3AEC46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 015D0728 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.443858294.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_15d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f200657422781d0362ce091ffb52b69ba1ee840a8e4a9e3b65b7828137ba1e6
Instruction ID: 57deb51f37fa6ce220f80b717bcc9a4956e8fe013f1ff412edeb1d3574537b87
Opcode Fuzzy Hash: 6f200657422781d0362ce091ffb52b69ba1ee840a8e4a9e3b65b7828137ba1e6
Instruction Fuzzy Hash: 693153319012808FEB35DB68D4187DE7FB2FF49318F0A8469D402AF290CB349C88CB91

Uniqueness

Uniqueness Score: -1.00%

Function 015D08F0 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.443858294.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_15d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85fe4d5082fa6928ffe31e107e3a0a8448fddb42a3da12bf79222c9b41629646
Instruction ID: d867ee45cf243b438981c4041c0eb627eeed69c196abc429b855b7e5b19d922f
Opcode Fuzzy Hash: 85fe4d5082fa6928ffe31e107e3a0a8448fddb42a3da12bf79222c9b41629646
Instruction Fuzzy Hash: 6871BE34B002448FDB259BA8D41879EBBE2FF88314F198529E5126B7A4DF35AC85DB41

Uniqueness

Uniqueness Score: -1.00%

Function 015D0E31 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.443858294.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_15d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96ebb0444663e4bae4d66205f7c5eb8ec4697507be9212595a21dc45ec10e148
Instruction ID: 3dd3a082f7e7b299cb2caefc9b928dcd3a8aba5731dccf7df4efbef40cd5846b
Opcode Fuzzy Hash: 96ebb0444663e4bae4d66205f7c5eb8ec4697507be9212595a21dc45ec10e148
Instruction Fuzzy Hash: 39314575B046108FC758EB78C468A6D37E1AF9961932608BCE506CF7B1DB36EC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 015D0E40 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.443858294.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_15d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d279157d9357d7a656e3f09d23fce9bec7d310e8e863e0d0774e9e5eb448476
Instruction ID: 481dd9790c36a668760fd1de514cde46327b5a98831cc2a1060d5bd3f0416a4d
Opcode Fuzzy Hash: 4d279157d9357d7a656e3f09d23fce9bec7d310e8e863e0d0774e9e5eb448476
Instruction Fuzzy Hash: 5A2107757046108FC758EB78C06892D37E2AF8961932608BCE506CF7B5DB36EC82CB90

Uniqueness

Uniqueness Score: -1.00%

Function 015D17F8 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.443858294.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_15d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da8f3e7ca466cbe0c83ad9d2a1858bcc915ba8d6985ed89be457a197dcb248d5
Instruction ID: 34b29b607045d861127e250470b1db987e4d353094a3806f1601ca96e1bbb425
Opcode Fuzzy Hash: da8f3e7ca466cbe0c83ad9d2a1858bcc915ba8d6985ed89be457a197dcb248d5
Instruction Fuzzy Hash: 8911C275E002098FCB40DFB8E8449EEFBF5FF8D310B10826AE504A7221E7349905CB90

Uniqueness

Uniqueness Score: -1.00%

Function 015D1808 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.443858294.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_15d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99d0e30d2b79fa92fc0e2aad8212fa8acb03d8098d742facc978b0b68fa21fc3
Instruction ID: 84f082641df7aef77439ee805ee70fd7cdca0401ef8bb2bf1e46857dcb9e1ed5
Opcode Fuzzy Hash: 99d0e30d2b79fa92fc0e2aad8212fa8acb03d8098d742facc978b0b68fa21fc3
Instruction Fuzzy Hash: 27014076E00205DFCB40DFA8D84499EF7F5FF8D210710826AE515A7721E735A955CB90

Uniqueness

Uniqueness Score: -1.00%

Function 015D0480 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.443858294.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_15d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e09beda9253a9d53e1716539b98a379c6f5490844c92a033c1078771c5753cb
Instruction ID: 75b46c966c445d020dd6cba5bbb96a814a1ec3cb4ee7bbfd1767e7fdd9123a1e
Opcode Fuzzy Hash: 5e09beda9253a9d53e1716539b98a379c6f5490844c92a033c1078771c5753cb
Instruction Fuzzy Hash: 4DF09061D0E3845FCB529BB469840DEBFF0B94B210F0A41EBC489DB153F2344A0AC7A3

Uniqueness

Uniqueness Score: -1.00%

Function 015D0B9C Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.443858294.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_15d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b0d229a2366ce83d158cba28b8b30ce010b4855dbcd3c026f948016b6ffa49d
Instruction ID: 4c7ab64ef2590a023fe39a81e09a00bd3e11ab69859b6b290f85c78afecdd099
Opcode Fuzzy Hash: 5b0d229a2366ce83d158cba28b8b30ce010b4855dbcd3c026f948016b6ffa49d
Instruction Fuzzy Hash: C9F01C74944345CFEB24EF68C1587AD7BF0BF08318F150859E002AB3D5CB749984CB90

Uniqueness

Uniqueness Score: -1.00%

Function 015D16D8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.443858294.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_15d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d54466654f9ae7ba2a6b1f813125b1ea7d933015436152cf2dbc0cbb0fc841d0
Instruction ID: 53ca7bd5a7ef4020a02fb5eadcb6ee8473fe08ded29d8dde595b9eb92c26d876
Opcode Fuzzy Hash: d54466654f9ae7ba2a6b1f813125b1ea7d933015436152cf2dbc0cbb0fc841d0
Instruction Fuzzy Hash: AED05B757002149FD724EB7CF949A497BB8EF09A51F114055EA04DF254DB72DC14C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 015D04A8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.443858294.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_15d0000_dhcpmon.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a8dad74f7fddd403c0483fc1f58888e041f7d5a4e73d9d0eacf56dea1f604be
Instruction ID: e76900c236955b3ab4013075f1a8a72e19863bcfbe0721027e937a7248868d1f
Opcode Fuzzy Hash: 3a8dad74f7fddd403c0483fc1f58888e041f7d5a4e73d9d0eacf56dea1f604be
Instruction Fuzzy Hash: 32D017B1D00229AF8B50EFBC99051EEBBF8EA08250F0004A6D919E7200E2704A108BE1

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software, such as Team Viewer, Go2Assist, LogMein, AmmyyAdmin, etc, to establish an interactive command and control channel to target systems within networks. These services are commonly used as legitimate technical support software, and may be allowed by application control within a target environment. Remote access tools like VNC, Ammyy, and Teamviewer are used frequently when compared with other legitimate software commonly used by adversaries.
Tactics:	Command and Control
Data Sources:	Network intrusion detection system, Network protocol analysis, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Trojan.PackedNET.331.28355.4334

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: NanoCore

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

AV Detection

E-Banking Fraud

Stealing of Sensitive Information

Remote Access Functionality

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.PackedNET.331.28355.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dhcpmon.exe.log

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

\Device\ConDrv

Static File Info

General

File Icon

Static PE Info

General

Windows Analysis Report
SecuriteInfo.com.Trojan.PackedNET.331.28355.4334

Function 012AAC10 Relevance: 1.7, APIs: 1, Instructions: 195
COMMON

Function 012A4294 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 012AD1F1 Relevance: 1.6, APIs: 1, Instructions: 83
COMMON

Function 012AC30C Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Function 012AA680 Relevance: 1.6, APIs: 1, Instructions: 63
libraryCOMMON

Function 012AD129 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Function 012AA698 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Function 012AB073 Relevance: 1.6, APIs: 1, Instructions: 52
libraryCOMMON

Function 012AADF0 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON