Edit tour

Windows Analysis Report
TBYtld7aq2.exe

Overview

General Information

Sample name:	TBYtld7aq2.exe renamed because original name is a hash value
Original sample name:	39CA93F7EC603D931BE5B07A4D0AE682.exe
Analysis ID:	1417354
MD5:	39ca93f7ec603d931be5b07a4d0ae682
SHA1:	d6031730299d9a3e0755dbce7fb792258fd987a2
SHA256:	8d4934af5ee8162d5e8042181c44969aecb40c6404726f27d45bf37722fc3a47
Tags:	exenjratRAT
Infos:

Detection

Njrat

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected Njrat

.NET source code contains potential unpacker

.NET source code contains process injector

.NET source code references suspicious native API functions

C2 URLs / IPs found in malware configuration

Contains functionality to log keystrokes (.Net Source)

Creates multiple autostart registry keys

Disables zone checking for all users

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies the windows firewall

Uses netsh to modify the Windows network and firewall settings

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Tries to load missing DLLs

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

TBYtld7aq2.exe (PID: 7524 cmdline: "C:\Users\user\Desktop\TBYtld7aq2.exe" MD5: 39CA93F7EC603D931BE5B07A4D0AE682)

chargeable.exe (PID: 7800 cmdline: "C:\Users\user\AppData\Roaming\confuse\chargeable.exe" MD5: C5489DB83F5E2865111EFCAB5001DA7B)

chargeable.exe (PID: 7848 cmdline: C:\Users\user\AppData\Roaming\confuse\chargeable.exe MD5: C5489DB83F5E2865111EFCAB5001DA7B)

netsh.exe (PID: 5076 cmdline: netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\confuse\chargeable.exe" "chargeable.exe" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)

conhost.exe (PID: 2520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chargeable.exe (PID: 7944 cmdline: "C:\Users\user\AppData\Roaming\confuse\chargeable.exe" MD5: C5489DB83F5E2865111EFCAB5001DA7B)

chargeable.exe (PID: 8096 cmdline: C:\Users\user\AppData\Roaming\confuse\chargeable.exe MD5: C5489DB83F5E2865111EFCAB5001DA7B)

WerFault.exe (PID: 4940 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 80 MD5: C31336C1EFC2CCB44B4326EA793040F2)

chargeable.exe (PID: 8108 cmdline: C:\Users\user\AppData\Roaming\confuse\chargeable.exe MD5: C5489DB83F5E2865111EFCAB5001DA7B)

WerFault.exe (PID: 5300 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 72 MD5: C31336C1EFC2CCB44B4326EA793040F2)

chargeable.exe (PID: 8116 cmdline: C:\Users\user\AppData\Roaming\confuse\chargeable.exe MD5: C5489DB83F5E2865111EFCAB5001DA7B)

WerFault.exe (PID: 5344 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 12 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 7804 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 20 MD5: C31336C1EFC2CCB44B4326EA793040F2)

chargeable.exe (PID: 8132 cmdline: C:\Users\user\AppData\Roaming\confuse\chargeable.exe MD5: C5489DB83F5E2865111EFCAB5001DA7B)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
NjRAT	RedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.	AQUATIC PANDA Earth Lusca Operation C-Major The Gorgon Group	http://blog.trendmicro.com/trendlabs-security-intelligence/new-rats-emerge-from-leaked-njw0rm-source-code/ http://blogs.360.cn/post/analysis-of-apt-c-37.html http://threatgeek.typepad.com/files/fta-1009---njrat-uncovered-1.pdf https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/ https://asec.ahnlab.com/1369	https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

Malware Configuration

Threatname: Njrat

{"Host": "doddyfire.linkpc.net", "Port": "10000", "Version": "0.7d", "Campaign ID": "neuf", "Install Name": "softcontrol.exe", "Install Dir": "TEMP", "Network Seprator": "|'|'|"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000009.00000002.1875658263.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
00000009.00000002.1875658263.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x3a9a:$a1: get_Registry 0x4b76:$a2: SEE_MASK_NOZONECHECKS 0x4c72:$a3: Download ERROR 0x4b38:$a4: cmd.exe /c ping 0 -n 2 & del " 0x4aca:$a5: netsh firewall delete allowedprogram "
00000009.00000002.1875658263.0000000000402000.00000040.00000400.00020000.00000000.sdmp	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x4ba6:$a1: netsh firewall add allowedprogram 0x4b76:$a2: SEE_MASK_NOZONECHECKS 0x4e20:$b1: [TAP] 0x4b38:$c3: cmd.exe /c ping
00000009.00000002.1875658263.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Njrat	detect njRAT in memory	JPCERT/CC Incident Response Group	0x4b76:$reg: SEE_MASK_NOZONECHECKS 0x4c4e:$msg: Execute ERROR 0x4caa:$msg: Execute ERROR 0x4b38:$ping: cmd.exe /c ping 0 -n 2 & del
00000002.00000002.1750581872.0000000003081000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
00000002.00000002.1750581872.0000000003081000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x4070e:$a1: get_Registry 0x417ea:$a2: SEE_MASK_NOZONECHECKS 0x418e6:$a3: Download ERROR 0x417ac:$a4: cmd.exe /c ping 0 -n 2 & del " 0x4173e:$a5: netsh firewall delete allowedprogram "
00000002.00000002.1750581872.0000000003081000.00000004.00000800.00020000.00000000.sdmp	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x4181a:$a1: netsh firewall add allowedprogram 0x417ea:$a2: SEE_MASK_NOZONECHECKS 0x41a94:$b1: [TAP] 0x417ac:$c3: cmd.exe /c ping
00000002.00000002.1750581872.0000000003081000.00000004.00000800.00020000.00000000.sdmp	Njrat	detect njRAT in memory	JPCERT/CC Incident Response Group	0x417ea:$reg: SEE_MASK_NOZONECHECKS 0x418c2:$msg: Execute ERROR 0x4191e:$msg: Execute ERROR 0x417ac:$ping: cmd.exe /c ping 0 -n 2 & del
00000003.00000002.4091677933.00000000035A1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
Process Memory Space: chargeable.exe PID: 7800	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
Process Memory Space: chargeable.exe PID: 7848	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
Process Memory Space: chargeable.exe PID: 8132	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
Click to see the 7 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
2.2.chargeable.exe.30bda74.1.raw.unpack	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
2.2.chargeable.exe.30bda74.1.raw.unpack	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x3c9a:$a1: get_Registry 0x4d76:$a2: SEE_MASK_NOZONECHECKS 0x4e72:$a3: Download ERROR 0x4d38:$a4: cmd.exe /c ping 0 -n 2 & del " 0x4cca:$a5: netsh firewall delete allowedprogram "
2.2.chargeable.exe.30bda74.1.raw.unpack	CN_disclosed_20180208_c	Detects malware from disclosed CN malware set	Florian Roth	0x4d38:$x1: cmd.exe /c ping 0 -n 2 & del " 0x4e90:$s3: Executed As 0x4e72:$s6: Download ERROR
2.2.chargeable.exe.30bda74.1.raw.unpack	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x4da6:$a1: netsh firewall add allowedprogram 0x4d76:$a2: SEE_MASK_NOZONECHECKS 0x5020:$b1: [TAP] 0x4d38:$c3: cmd.exe /c ping
2.2.chargeable.exe.30bda74.1.raw.unpack	Njrat	detect njRAT in memory	JPCERT/CC Incident Response Group	0x4d76:$reg: SEE_MASK_NOZONECHECKS 0x4e4e:$msg: Execute ERROR 0x4eaa:$msg: Execute ERROR 0x4d38:$ping: cmd.exe /c ping 0 -n 2 & del
2.2.chargeable.exe.30bda74.1.raw.unpack	MALWARE_Win_NjRAT	Detects NjRAT / Bladabindi	ditekSHen	0x4cca:$s1: netsh firewall delete allowedprogram 0x4da6:$s2: netsh firewall add allowedprogram 0x4d38:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 63 00 20 00 70 00 69 00 6E 00 67 0x4e4e:$s4: Execute ERROR 0x4eaa:$s4: Execute ERROR 0x4e72:$s5: Download ERROR 0x4fd6:$s6: [kl]
9.2.chargeable.exe.400000.0.unpack	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
9.2.chargeable.exe.400000.0.unpack	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x3c9a:$a1: get_Registry 0x4d76:$a2: SEE_MASK_NOZONECHECKS 0x4e72:$a3: Download ERROR 0x4d38:$a4: cmd.exe /c ping 0 -n 2 & del " 0x4cca:$a5: netsh firewall delete allowedprogram "
9.2.chargeable.exe.400000.0.unpack	CN_disclosed_20180208_c	Detects malware from disclosed CN malware set	Florian Roth	0x4d38:$x1: cmd.exe /c ping 0 -n 2 & del " 0x4e90:$s3: Executed As 0x4e72:$s6: Download ERROR
9.2.chargeable.exe.400000.0.unpack	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x4da6:$a1: netsh firewall add allowedprogram 0x4d76:$a2: SEE_MASK_NOZONECHECKS 0x5020:$b1: [TAP] 0x4d38:$c3: cmd.exe /c ping
9.2.chargeable.exe.400000.0.unpack	Njrat	detect njRAT in memory	JPCERT/CC Incident Response Group	0x4d76:$reg: SEE_MASK_NOZONECHECKS 0x4e4e:$msg: Execute ERROR 0x4eaa:$msg: Execute ERROR 0x4d38:$ping: cmd.exe /c ping 0 -n 2 & del
9.2.chargeable.exe.400000.0.unpack	MALWARE_Win_NjRAT	Detects NjRAT / Bladabindi	ditekSHen	0x4cca:$s1: netsh firewall delete allowedprogram 0x4da6:$s2: netsh firewall add allowedprogram 0x4d38:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 63 00 20 00 70 00 69 00 6E 00 67 0x4e4e:$s4: Execute ERROR 0x4eaa:$s4: Execute ERROR 0x4e72:$s5: Download ERROR 0x4fd6:$s6: [kl]
2.2.chargeable.exe.30bda74.1.unpack	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
2.2.chargeable.exe.30bda74.1.unpack	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x1e9a:$a1: get_Registry 0x2f76:$a2: SEE_MASK_NOZONECHECKS 0x3072:$a3: Download ERROR 0x2f38:$a4: cmd.exe /c ping 0 -n 2 & del " 0x2eca:$a5: netsh firewall delete allowedprogram "
2.2.chargeable.exe.30bda74.1.unpack	CN_disclosed_20180208_c	Detects malware from disclosed CN malware set	Florian Roth	0x2f38:$x1: cmd.exe /c ping 0 -n 2 & del " 0x3090:$s3: Executed As 0x3072:$s6: Download ERROR
2.2.chargeable.exe.30bda74.1.unpack	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x2fa6:$a1: netsh firewall add allowedprogram 0x2f76:$a2: SEE_MASK_NOZONECHECKS 0x3220:$b1: [TAP] 0x2f38:$c3: cmd.exe /c ping
2.2.chargeable.exe.30bda74.1.unpack	Njrat	detect njRAT in memory	JPCERT/CC Incident Response Group	0x2f76:$reg: SEE_MASK_NOZONECHECKS 0x304e:$msg: Execute ERROR 0x30aa:$msg: Execute ERROR 0x2f38:$ping: cmd.exe /c ping 0 -n 2 & del
2.2.chargeable.exe.30bda74.1.unpack	MALWARE_Win_NjRAT	Detects NjRAT / Bladabindi	ditekSHen	0x2eca:$s1: netsh firewall delete allowedprogram 0x2fa6:$s2: netsh firewall add allowedprogram 0x2f38:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 63 00 20 00 70 00 69 00 6E 00 67 0x304e:$s4: Execute ERROR 0x30aa:$s4: Execute ERROR 0x3072:$s5: Download ERROR 0x31d6:$s6: [kl]
Click to see the 13 entries

Sigma Signatures

System Summary

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\confuse\chargeable.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\TBYtld7aq2.exe, ProcessId: 7524, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\confuse

Snort Signatures

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 160.176.152.91

Timestamp:	03/29/24-03:21:02.937564
SID:	2825564
Source Port:	49741
Destination Port:	10000
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 160.176.152.91

Timestamp:	03/29/24-03:17:21.142872
SID:	2033132
Source Port:	49741
Destination Port:	10000
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 160.176.152.91

Timestamp:	03/29/24-03:21:03.778286
SID:	2814860
Source Port:	49741
Destination Port:	10000
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 160.176.152.91

Timestamp:	03/29/24-03:17:21.557651
SID:	2825563
Source Port:	49741
Destination Port:	10000
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 160.176.152.91

Timestamp:	03/29/24-03:17:21.557651
SID:	2814856
Source Port:	49741
Destination Port:	10000
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: TBYtld7aq2.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe

Avira: detection malicious, Label: TR/Dropper.Gen

Found malware configuration

Source: 00000003.00000002.4091677933.00000000035A1000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Njrat {"Host": "doddyfire.linkpc.net", "Port": "10000", "Version": "0.7d", "Campaign ID": "neuf", "Install Name": "softcontrol.exe", "Install Dir": "TEMP", "Network Seprator": "|'|'|"}

Multi AV Scanner detection for submitted file

Source: TBYtld7aq2.exe	Virustotal: Detection: 79%			Perma Link
Source: TBYtld7aq2.exe	ReversingLabs: Detection: 100%

Yara detected Njrat

Source: Yara match	File source: 2.2.chargeable.exe.30bda74.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.chargeable.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.chargeable.exe.30bda74.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.1875658263.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1750581872.0000000003081000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4091677933.00000000035A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: chargeable.exe PID: 7800, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: chargeable.exe PID: 7848, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: chargeable.exe PID: 8132, type: MEMORYSTR

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: TBYtld7aq2.exe

Joe Sandbox ML: detected

Source: TBYtld7aq2.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\TBYtld7aq2.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: TBYtld7aq2.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49741 -> 160.176.152.91:10000
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49741 -> 160.176.152.91:10000
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49741 -> 160.176.152.91:10000
Source: Traffic	Snort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49741 -> 160.176.152.91:10000
Source: Traffic	Snort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49741 -> 160.176.152.91:10000

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: doddyfire.linkpc.net

Source: global traffic

TCP traffic: 192.168.2.4:49741 -> 160.176.152.91:10000

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: doddyfire.linkpc.net

Source: chargeable.exe, 00000003.00000002.4090674234.000000000147A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.
Source: chargeable.exe, 00000003.00000002.4090674234.000000000147A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.LinkId=42127
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: TBYtld7aq2.exe, chargeable.exe.0.dr	String found in binary or memory: https://www.sysinternals.com0

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to log keystrokes (.Net Source)

Source: 2.2.chargeable.exe.30bda74.1.raw.unpack, kl.cs

.Net Code: VKCodeToUnicode

E-Banking Fraud

Yara detected Njrat

Source: Yara match	File source: 2.2.chargeable.exe.30bda74.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.chargeable.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.chargeable.exe.30bda74.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.1875658263.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1750581872.0000000003081000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4091677933.00000000035A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: chargeable.exe PID: 7800, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: chargeable.exe PID: 7848, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: chargeable.exe PID: 8132, type: MEMORYSTR

System Summary

Malicious sample detected (through community Yara rule)

Source: 2.2.chargeable.exe.30bda74.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 2.2.chargeable.exe.30bda74.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 2.2.chargeable.exe.30bda74.1.raw.unpack, type: UNPACKEDPE	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 2.2.chargeable.exe.30bda74.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.chargeable.exe.30bda74.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 9.2.chargeable.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 9.2.chargeable.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 9.2.chargeable.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 9.2.chargeable.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 9.2.chargeable.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 2.2.chargeable.exe.30bda74.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 2.2.chargeable.exe.30bda74.1.unpack, type: UNPACKEDPE	Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 2.2.chargeable.exe.30bda74.1.unpack, type: UNPACKEDPE	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 2.2.chargeable.exe.30bda74.1.unpack, type: UNPACKEDPE	Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.chargeable.exe.30bda74.1.unpack, type: UNPACKEDPE	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 00000009.00000002.1875658263.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000009.00000002.1875658263.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000009.00000002.1875658263.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000002.1750581872.0000000003081000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000002.00000002.1750581872.0000000003081000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000002.00000002.1750581872.0000000003081000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group

Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Code function: 2_2_05610EE6 NtWriteVirtualMemory,	2_2_05610EE6
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Code function: 2_2_05610E3E NtResumeThread,	2_2_05610E3E
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Code function: 2_2_05610DFA NtResumeThread,	2_2_05610DFA
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Code function: 2_2_05610EB9 NtWriteVirtualMemory,	2_2_05610EB9
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Code function: 4_2_05BB0E3E NtResumeThread,	4_2_05BB0E3E
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Code function: 4_2_05BB0EE6 NtWriteVirtualMemory,	4_2_05BB0EE6
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Code function: 4_2_05BB0EB9 NtWriteVirtualMemory,	4_2_05BB0EB9
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Code function: 4_2_05BB0DFA NtResumeThread,	4_2_05BB0DFA

Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Code function: 2_2_013509EA		2_2_013509EA
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Code function: 3_2_057A22D8		3_2_057A22D8

Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 80

Source: TBYtld7aq2.exe, 00000000.00000000.1620764324.0000000000202000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilename1.exe0 vs TBYtld7aq2.exe
Source: TBYtld7aq2.exe, 00000000.00000002.1717036074.0000000002931000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameriched20.dllp( vs TBYtld7aq2.exe
Source: TBYtld7aq2.exe, 00000000.00000002.1717036074.0000000002931000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs TBYtld7aq2.exe
Source: TBYtld7aq2.exe, 00000000.00000002.1717036074.0000000002931000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: kU,\\StringFileInfo\\000004B0\\OriginalFilenameL. vs TBYtld7aq2.exe
Source: TBYtld7aq2.exe, 00000000.00000002.1717036074.0000000002931000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameb6052.dll4 vs TBYtld7aq2.exe
Source: TBYtld7aq2.exe, 00000000.00000002.1716537438.00000000008AE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename1. vs TBYtld7aq2.exe
Source: TBYtld7aq2.exe, 00000000.00000002.1716537438.00000000007FE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemscorwks.dllT vs TBYtld7aq2.exe
Source: TBYtld7aq2.exe, 00000000.00000002.1717133190.0000000003931000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename1.exe0 vs TBYtld7aq2.exe
Source: TBYtld7aq2.exe, 00000000.00000002.1718223413.00000000066D0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameb6052.dll4 vs TBYtld7aq2.exe
Source: TBYtld7aq2.exe	Binary or memory string: OriginalFilename1.exe0 vs TBYtld7aq2.exe

Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ifmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasmontr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mfc42u.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: authfwcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcmonitor.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3cfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3api.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: onex.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappprxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: hnetmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netshell.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netsetupapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netiohlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: httpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshipsec.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: activeds.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: polstore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winipsec.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshwfp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2pnetsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2p.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rpcnsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: whhelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlancfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlanapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wshelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: peerdistsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wcmapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mobilenetworking.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprmsg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: msasn1.dll	Jump to behavior

Source: TBYtld7aq2.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 2.2.chargeable.exe.30bda74.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 2.2.chargeable.exe.30bda74.1.raw.unpack, type: UNPACKEDPE	Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 2.2.chargeable.exe.30bda74.1.raw.unpack, type: UNPACKEDPE	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 2.2.chargeable.exe.30bda74.1.raw.unpack, type: UNPACKEDPE	Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 2.2.chargeable.exe.30bda74.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 9.2.chargeable.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 9.2.chargeable.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 9.2.chargeable.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 9.2.chargeable.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 9.2.chargeable.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 2.2.chargeable.exe.30bda74.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 2.2.chargeable.exe.30bda74.1.unpack, type: UNPACKEDPE	Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 2.2.chargeable.exe.30bda74.1.unpack, type: UNPACKEDPE	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 2.2.chargeable.exe.30bda74.1.unpack, type: UNPACKEDPE	Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 2.2.chargeable.exe.30bda74.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 00000009.00000002.1875658263.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000009.00000002.1875658263.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000009.00000002.1875658263.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000002.00000002.1750581872.0000000003081000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000002.00000002.1750581872.0000000003081000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000002.00000002.1750581872.0000000003081000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan

Source: TBYtld7aq2.exe, MusicExpressMain.cs	Base64 encoded string: 'H7rrlW34uZ4g7TG29m695QHDWNDM6maH760RUMe2fvs6fBSV9ArU3xwZc58t79bYW92J4Kch8bJvQTXR7ZSLOpr16aCx9Y9b8sq08YK78X7af00cL6y1OAAaRhD2nS8883jy033am604F33HjHR2N4DSNOFX55eN2ArGi81FaNmmYUdOT0DytcGnj0PgMQ04e0wiA616'
Source: chargeable.exe.0.dr, MusicExpressMain.cs	Base64 encoded string: 'H7rrlW34uZ4g7TG29m695QHDWNDM6maH760RUMe2fvs6fBSV9ArU3xwZc58t79bYW92J4Kch8bJvQTXR7ZSLOpr16aCx9Y9b8sq08YK78X7af00cL6y1OAAaRhD2nS8883jy033am604F33HjHR2N4DSNOFX55eN2ArGi81FaNmmYUdOT0DytcGnj0PgMQ04e0wiA616'
Source: 0.2.TBYtld7aq2.exe.3954170.2.raw.unpack, MusicExpressMain.cs	Base64 encoded string: 'H7rrlW34uZ4g7TG29m695QHDWNDM6maH760RUMe2fvs6fBSV9ArU3xwZc58t79bYW92J4Kch8bJvQTXR7ZSLOpr16aCx9Y9b8sq08YK78X7af00cL6y1OAAaRhD2nS8883jy033am604F33HjHR2N4DSNOFX55eN2ArGi81FaNmmYUdOT0DytcGnj0PgMQ04e0wiA616'
Source: 0.2.TBYtld7aq2.exe.3937ef0.1.raw.unpack, MusicExpressMain.cs	Base64 encoded string: 'H7rrlW34uZ4g7TG29m695QHDWNDM6maH760RUMe2fvs6fBSV9ArU3xwZc58t79bYW92J4Kch8bJvQTXR7ZSLOpr16aCx9Y9b8sq08YK78X7af00cL6y1OAAaRhD2nS8883jy033am604F33HjHR2N4DSNOFX55eN2ArGi81FaNmmYUdOT0DytcGnj0PgMQ04e0wiA616'

Source: classification engine

Classification label: mal100.phis.troj.spyw.evad.winEXE@21/12@1/1

Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Code function: 3_2_058B2662 AdjustTokenPrivileges,		3_2_058B2662
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Code function: 3_2_058B262B AdjustTokenPrivileges,		3_2_058B262B

Source: C:\Users\user\Desktop\TBYtld7aq2.exe

File created: C:\Users\user\AppData\Roaming\confuse

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2520:120:WilError_03
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess8096
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Mutant created: \Sessions\1\BaseNamedObjects\e1a87040f2026369a233f9ae76301b7b
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess8116
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess8108

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\87147202-26df-4e54-81fe-c5f89d84edd3

Jump to behavior

Source: TBYtld7aq2.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: TBYtld7aq2.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\TBYtld7aq2.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\TBYtld7aq2.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: TBYtld7aq2.exe	Virustotal: Detection: 79%
Source: TBYtld7aq2.exe	ReversingLabs: Detection: 100%

Source: C:\Users\user\Desktop\TBYtld7aq2.exe

File read: C:\Users\user\Desktop\TBYtld7aq2.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\TBYtld7aq2.exe "C:\Users\user\Desktop\TBYtld7aq2.exe"
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe "C:\Users\user\AppData\Roaming\confuse\chargeable.exe"
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe C:\Users\user\AppData\Roaming\confuse\chargeable.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe "C:\Users\user\AppData\Roaming\confuse\chargeable.exe"
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe C:\Users\user\AppData\Roaming\confuse\chargeable.exe
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe C:\Users\user\AppData\Roaming\confuse\chargeable.exe
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe C:\Users\user\AppData\Roaming\confuse\chargeable.exe
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe C:\Users\user\AppData\Roaming\confuse\chargeable.exe
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 80
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 12
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 72
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\confuse\chargeable.exe" "chargeable.exe" ENABLE
Source: C:\Windows\SysWOW64\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 20
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe "C:\Users\user\AppData\Roaming\confuse\chargeable.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\confuse\chargeable.exe" "chargeable.exe" ENABLE	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Jump to behavior

Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: TBYtld7aq2.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\TBYtld7aq2.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: TBYtld7aq2.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains potential unpacker

Source: 2.2.chargeable.exe.30bda74.1.raw.unpack, OK.cs

.Net Code: Plugin System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe

Code function: 3_2_019B04B7 push cs; retf

3_2_019B04B8

Source: C:\Users\user\Desktop\TBYtld7aq2.exe

File created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe

Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run confuse			Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SysMain			Jump to behavior

Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run confuse	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run confuse	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SysMain	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SysMain	Jump to behavior

Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Memory allocated: 9A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Memory allocated: 2930000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Memory allocated: BD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Memory allocated: 1340000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Memory allocated: 2FF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Memory allocated: 4FF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Memory allocated: 19A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Memory allocated: 35A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Memory allocated: 55A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Memory allocated: 1890000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Memory allocated: 34E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Memory allocated: 54E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Memory allocated: 10E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Memory allocated: 2DA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Memory allocated: 4DA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Window / User API: threadDelayed 1016	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Window / User API: threadDelayed 3692	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Window / User API: threadDelayed 4722	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Window / User API: foregroundWindowGot 1417	Jump to behavior

Source: C:\Users\user\Desktop\TBYtld7aq2.exe TID: 7544	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe TID: 7824	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe TID: 7852	Thread sleep time: -1016000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe TID: 7852	Thread sleep time: -4722000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe TID: 7964	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe TID: 8152	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: chargeable.exe, 00000003.00000002.4090674234.000000000147A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll[i
Source: netsh.exe, 00000011.00000003.1837880922.0000000000B61000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000011.00000002.1838442111.0000000000B64000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\TBYtld7aq2.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

.NET source code contains process injector

Source: 0.2.TBYtld7aq2.exe.66d0000.3.raw.unpack, D.cs	.Net Code: Run contains injection code
Source: 0.2.TBYtld7aq2.exe.298c09c.0.raw.unpack, D.cs	.Net Code: Run contains injection code
Source: 2.2.chargeable.exe.304c2fc.0.raw.unpack, D.cs	.Net Code: Run contains injection code

.NET source code references suspicious native API functions

Source: 0.2.TBYtld7aq2.exe.66d0000.3.raw.unpack, D.cs	Reference to suspicious API methods: VirtualAllocEx((IntPtr)array4[0], intPtr, (uint)(ptr2 + 80), 12288u, 64u)
Source: 0.2.TBYtld7aq2.exe.66d0000.3.raw.unpack, D.cs	Reference to suspicious API methods: NtWriteVirtualMemory((IntPtr)array4[0], intPtr, (IntPtr)ptr5, (uint)(ptr2 + 84), IntPtr.Zero)
Source: 0.2.TBYtld7aq2.exe.66d0000.3.raw.unpack, D.cs	Reference to suspicious API methods: NtSetContextThread((IntPtr)array4[1], (IntPtr)ptr4)
Source: 2.2.chargeable.exe.30bda74.1.raw.unpack, kl.cs	Reference to suspicious API methods: MapVirtualKey(a, 0u)
Source: 2.2.chargeable.exe.30bda74.1.raw.unpack, kl.cs	Reference to suspicious API methods: GetAsyncKeyState(num2)
Source: 2.2.chargeable.exe.30bda74.1.raw.unpack, OK.cs	Reference to suspicious API methods: capGetDriverDescriptionA(wDriver, ref lpszName, 100, ref lpszVer, 100)

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Memory written: C:\Users\user\AppData\Roaming\confuse\chargeable.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Memory written: C:\Users\user\AppData\Roaming\confuse\chargeable.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Memory written: C:\Users\user\AppData\Roaming\confuse\chargeable.exe base: 400000 value starts with: 4D5A	Jump to behavior

Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Process created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe "C:\Users\user\AppData\Roaming\confuse\chargeable.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Process created: C:\Users\user\AppData\Roaming\confuse\chargeable.exe C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Jump to behavior

Source: chargeable.exe, 00000003.00000002.4091677933.00000000039D5000.00000004.00000800.00020000.00000000.sdmp, chargeable.exe, 00000003.00000002.4091677933.00000000035F7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: chargeable.exe, 00000003.00000002.4091677933.00000000039D5000.00000004.00000800.00020000.00000000.sdmp, chargeable.exe, 00000003.00000002.4091677933.00000000035F7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager@9

Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TBYtld7aq2.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\TBYtld7aq2.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disables zone checking for all users

Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe

Registry value created: HKEY_CURRENT_USER\Environment SEE_MASK_NOZONECHECKS

Jump to behavior

Modifies the windows firewall

Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\confuse\chargeable.exe" "chargeable.exe" ENABLE

Uses netsh to modify the Windows network and firewall settings

Source: C:\Users\user\AppData\Roaming\confuse\chargeable.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\confuse\chargeable.exe" "chargeable.exe" ENABLE

Stealing of Sensitive Information

Yara detected Njrat

Source: Yara match	File source: 2.2.chargeable.exe.30bda74.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.chargeable.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.chargeable.exe.30bda74.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.1875658263.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1750581872.0000000003081000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4091677933.00000000035A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: chargeable.exe PID: 7800, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: chargeable.exe PID: 7848, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: chargeable.exe PID: 8132, type: MEMORYSTR

Remote Access Functionality

Yara detected Njrat

Source: Yara match	File source: 2.2.chargeable.exe.30bda74.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.chargeable.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.chargeable.exe.30bda74.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.1875658263.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1750581872.0000000003081000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4091677933.00000000035A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: chargeable.exe PID: 7800, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: chargeable.exe PID: 7848, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: chargeable.exe PID: 8132, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	11 Registry Run Keys / Startup Folder	1 Access Token Manipulation	1 Masquerading	1 Input Capture	11 Security Software Discovery	Remote Services	1 Input Capture	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	212 Process Injection	31 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	11 Registry Run Keys / Startup Folder	41 Virtualization/Sandbox Evasion	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	1 Access Token Manipulation	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	11 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	212 Process Injection	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Obfuscated Files or Information	Cached Domain Credentials	12 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
TBYtld7aq2.exe	79%	Virustotal		Browse
TBYtld7aq2.exe	100%	ReversingLabs	ByteCode-MSIL.Backdoor.Bladabhindi
TBYtld7aq2.exe	100%	Avira	TR/Dropper.Gen
TBYtld7aq2.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\confuse\chargeable.exe	100%	Avira	TR/Dropper.Gen
C:\Users\user\AppData\Roaming\confuse\chargeable.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
http://go.microsoft.	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	Avira URL Cloud	safe
http://go.microsoft.LinkId=42127	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/cThe	0%	Avira URL Cloud	safe
https://www.sysinternals.com0	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cn	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	Virustotal		Browse
http://www.founder.com.cn/cn/cThe	0%	Virustotal		Browse
http://www.founder.com.cn/cn	0%	Virustotal		Browse
http://www.zhongyicts.com.cn	1%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
doddyfire.linkpc.net	160.176.152.91	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
doddyfire.linkpc.net	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.apache.org/licenses/LICENSE-2.0	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designersG	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/?	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/bThe	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers?	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://go.microsoft.	chargeable.exe, 00000003.00000002.4090674234.000000000147A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.tiro.com	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.goodfont.co.kr	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://go.microsoft.LinkId=42127	chargeable.exe, 00000003.00000002.4090674234.000000000147A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://www.carterandcone.coml	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/cThe	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.sysinternals.com0	TBYtld7aq2.exe, chargeable.exe.0.dr	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/DPlease	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fonts.com	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.sakkal.com	TBYtld7aq2.exe, 00000000.00000002.1717636856.00000000061F2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
160.176.152.91	doddyfire.linkpc.net	Morocco		36903	MT-MPLSMA	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417354
Start date and time:	2024-03-29 03:16:10 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	24
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	TBYtld7aq2.exe renamed because original name is a hash value
Original Sample Name:	39CA93F7EC603D931BE5B07A4D0AE682.exe
Detection:	MAL
Classification:	mal100.phis.troj.spyw.evad.winEXE@21/12@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 211 Number of non-executed functions: 1
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.168.117.173
Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
02:17:03	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run confuse C:\Users\user\AppData\Roaming\confuse\chargeable.exe
02:17:13	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SysMain C:\Users\user\Desktop\TBYtld7aq2.exe
02:17:33	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run confuse C:\Users\user\AppData\Roaming\confuse\chargeable.exe
02:17:53	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run SysMain C:\Users\user\Desktop\TBYtld7aq2.exe
03:17:29	API Interceptor	2x Sleep call for process: WerFault.exe modified
03:17:50	API Interceptor	1256385x Sleep call for process: chargeable.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
doddyfire.linkpc.net	xvLXAGwd5d.exe	Get hash	malicious	Njrat	Browse	245.108.88.122
doddyfire.linkpc.net	xvLXAGwd5d.exe	Get hash	malicious	Njrat	Browse	245.108.88.122

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MT-MPLSMA	bot.arm-20240324-1846.elf	Get hash	malicious	Mirai, Moobot	Browse	41.143.30.181
	bot.mips-20240324-1846.elf	Get hash	malicious	Mirai, Moobot	Browse	41.143.104.81
	bot.x86_64-20240324-1846.elf	Get hash	malicious	Mirai, Moobot	Browse	41.143.77.191
	57MarRRXFN.elf	Get hash	malicious	Mirai	Browse	105.159.240.189
	BKO78694D5.elf	Get hash	malicious	Mirai, Moobot	Browse	196.84.14.225
	x8bQ5T4284.elf	Get hash	malicious	Unknown	Browse	160.180.17.171
	9l2zY4BbAa.elf	Get hash	malicious	Mirai, Moobot	Browse	41.251.165.155
	6NlqBnezcC.elf	Get hash	malicious	Mirai, Moobot	Browse	41.250.204.34
	c9agTsZ4l9.elf	Get hash	malicious	Mirai, Moobot	Browse	41.141.72.151
	Gu4LdNvj3l.elf	Get hash	malicious	Mirai	Browse	196.206.229.117

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_cfe88533-e54f-4c79-b308-dc554a6df94f\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.5827671255380231
Encrypted:	false
SSDEEP:	96:kKFgpktD+BvqsQhMov7JYqQXIDcQ4c6fcE+cw3tZAX/d5FMT2SlPkpXmTAPf/VXm:vaktD+Bvqk0WbkQzuiFXZ24IO8b
MD5:	D131CE4D6960E150B0A562092F6E12BD
SHA1:	ECAE788612446881CC4459C18E6C3322BF424407
SHA-256:	C9E2E769A676EDC7017FA6ADC84DD9889238136353FCD797905B837BBD6147F4
SHA-512:	4F08EC563E6993BF3D835B50022A51F8513853B79BBD2708D843479B699B226E67F0F4DB029E885E5D7088BC7339C4EDF7802C8059ABA22D0CB9ED25C2EE2D08
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.6.1.5.2.2.3.7.1.7.3.0.9.0.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.6.1.5.2.2.4.1.4.5.4.3.4.5.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.f.e.8.8.5.3.3.-.e.5.4.f.-.4.c.7.9.-.b.3.0.8.-.d.c.5.5.4.a.6.d.f.9.4.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.9.1.e.5.f.d.4.-.e.6.0.e.-.4.f.6.4.-.a.4.c.1.-.9.d.0.0.8.7.4.7.3.d.b.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.b.a.d._.m.o.d.u.l.e._.i.n.f.o.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.f.b.4.-.0.0.0.1.-.0.0.1.4.-.6.9.6.b.-.2.d.3.8.7.f.8.1.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.e.6.a.9.b.c.a.9.9.c.6.c.8.d.1.5.e.f.6.c.3.8.1.e.c.9.9.6.9.d.4.0.0.0.0.0.0.0.0.!.0.0.0.0.0.b.e.0.5.2.6.7.9.b.b.d.4.9.7.c.7.2.c.f.4.b.5.0.8.8.0.4.7.3.9.c.1.8.d.1.3.8.e.c.!.c.h.a.r.g.e.a.b.l.e...e.x.e.....T.a.r.g.e.t.A.p.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_f5b4a6202a53ee73c263cc4c99e711b13cd935ac_85207d7d_6c377d9c-479c-4e30-ab2a-7ef078d7e84d\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	modified
Size (bytes):	65536
Entropy (8bit):	0.5830264975636489
Encrypted:	false
SSDEEP:	96:F4QFBktD+BvJsQhMov7JfqQXIDcQ4c6fcE+cw3tZAX/d5FMT2SlPkpXmTAPf/VXe:3zktD+BvJD0WbkQzuiFXZ24IO8b
MD5:	CCC105F7FEFEE92A142EEE5A1ABF45BD
SHA1:	780B76FD9632E0F789A281360E30B9235311B4C6
SHA-256:	7B1D87C78FC10B0DD13DCB8F68B8C7E98BF807321662E1A2773F9136EAA8541D
SHA-512:	9DAC46516A731899414A5179455E650E5E09BD72E3D9A93E4788441B23141DD21F6B4082BB00CEF737C869078E13D9FEF16157556F58672E71BF6608773ED279
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.6.1.5.2.2.4.9.8.8.9.2.6.2.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.6.1.5.2.2.5.4.4.8.3.0.1.6.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.c.3.7.7.d.9.c.-.4.7.9.c.-.4.e.3.0.-.a.b.2.a.-.7.e.f.0.7.8.d.7.e.8.4.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.b.b.b.8.e.8.e.-.7.2.b.6.-.4.6.b.d.-.b.d.4.9.-.4.b.b.4.0.7.1.4.b.a.e.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.b.a.d._.m.o.d.u.l.e._.i.n.f.o.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.f.b.4.-.0.0.0.1.-.0.0.1.4.-.6.9.6.b.-.2.d.3.8.7.f.8.1.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.e.6.a.9.b.c.a.9.9.c.6.c.8.d.1.5.e.f.6.c.3.8.1.e.c.9.9.6.9.d.4.0.0.0.0.0.0.0.0.!.0.0.0.0.0.b.e.0.5.2.6.7.9.b.b.d.4.9.7.c.7.2.c.f.4.b.5.0.8.8.0.4.7.3.9.c.1.8.d.1.3.8.e.c.!.c.h.a.r.g.e.a.b.l.e...e.x.e.....T.a.r.g.e.t.A.p.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDC84.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6260
Entropy (8bit):	3.694142004116181
Encrypted:	false
SSDEEP:	96:RSIU6o7wVetbYCW6HYR+Vw0KgaMeUq89bxssf57m:R6l7wVeJYCW6HYUdpxq89bxssf57m
MD5:	398F60D10AA0F271A30FEB758EB6CCF9
SHA1:	3A64C3F92B756B6C9C6FB8DE2917FF1602B38518
SHA-256:	23E172736CA626A26FDC83D06ACFF07F0EB8A55690A86EB2B442A10E50946014
SHA-512:	325EBDB980B5BF07584C7E023929F4E431EDE2D2703061D0FB7BAC980649AF2EF554B281DD6E5A696F4EB8628C0AED5BFA740327D2EC57FC0C73894A2B335587
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.8.1.1.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDCA4.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4578
Entropy (8bit):	4.437646037484261
Encrypted:	false
SSDEEP:	48:cvIwWl8zsnJg77aI9KVWpW8VYeYm8M4JTHFP+q876T+wsd:uIjfJI7Ik7VCJZnKwsd
MD5:	EDD575B9A8B3FB9B5395D54FC9CA2D7B
SHA1:	482EABB892B301B7C620B0E6CF19C78C15E62A68
SHA-256:	CB4AE0CD8BE953597D86BAAD637CD10FCAD979D46314008ED954E99D56C7E11D
SHA-512:	54F9A0533B427DE44DEB4C9593352363715C89AF459A57CF8EB92B624D74CBB4A49479D0724DBCED0305F48D72C802B898EC7C71BA9E38D28710FE0E8A2EF970
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="255920" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF3C.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6262
Entropy (8bit):	3.694145041890217
Encrypted:	false
SSDEEP:	96:RSIU6o7wVetbYCS60YR3Vw0KgaMQUB89b9ssfF4Gm:R6l7wVeJYCS60YhdpDB89b9ssfF/m
MD5:	68C8C7C40D4DAF050EF90C1268E5A9C4
SHA1:	76E488BDAE1E4E6F52A08A43A0FF25EDDCB02F18
SHA-256:	283E6A5DF4C0A5BD018A69E12082B08F54A04C09C751CB31BEA353D48ACC7C37
SHA-512:	97101407885C76CACD9320C759E495B7D98069D2ABF3ED16F8671B65B0F08C8ADB68A0F8301C521D9E32BB0E3E901AE37777B9F9F1F8FC7C1AC278723DC3F416
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.8.1.1.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF9B.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4578
Entropy (8bit):	4.440655218721392
Encrypted:	false
SSDEEP:	48:cvIwWl8zsnJg77aI9KVWpW8VYeYm8M4JTEFfw+q8a6T+wsd:uIjfJI7Ik7VCJIwEKwsd
MD5:	0FBBF1DFAAD7A995BE70C4CBC6D208DF
SHA1:	38E17072137148F44E61FEC5756D0F4EC2039AA7
SHA-256:	D12B92991AD1345DED255865CC5080922AF36F98ABA8BDAB496C3D323E498C87
SHA-512:	73FB46806BD20C5F9A21CD319E1CBBCACA4AC97788A3797748580206F3A0DDE129BD0B33C43577B536E18AC03E75A7FB0FC5D7D38CA14A2D7AA02EE846C9897E
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="255920" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\TBYtld7aq2.exe.log

Download File

Process:	C:\Users\user\Desktop\TBYtld7aq2.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	388
Entropy (8bit):	5.20595142366915
Encrypted:	false
SSDEEP:	12:Q3LaJU2C9XAn10U29xtUz1B0U2uk71K6xhk7v:MLF2CpI329Iz52Ve
MD5:	2452328391F7A0B3C56DDF0E6389513E
SHA1:	6FE308A325AE8BFB17DE5CAAF54432E5301987B6
SHA-256:	2BC0F7D1CBD869EF4FD93B95495C8081B01B3FD627890B006B6A531D8C050AA2
SHA-512:	AC65283B0959E112B73160BB4322D0725C7D0EC79E3BB93555B1412204AA72F1F66BB9EB8D8B24B6570EC8717A1A4A129454588C3EA9ACE206B6E9CCB7F2ABDC
Malicious:	false
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\chargeable.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\confuse\chargeable.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	388
Entropy (8bit):	5.20595142366915
Encrypted:	false
SSDEEP:	12:Q3LaJU2C9XAn10U29xtUz1B0U2uk71K6xhk7v:MLF2CpI329Iz52Ve
MD5:	2452328391F7A0B3C56DDF0E6389513E
SHA1:	6FE308A325AE8BFB17DE5CAAF54432E5301987B6
SHA-256:	2BC0F7D1CBD869EF4FD93B95495C8081B01B3FD627890B006B6A531D8C050AA2
SHA-512:	AC65283B0959E112B73160BB4322D0725C7D0EC79E3BB93555B1412204AA72F1F66BB9EB8D8B24B6570EC8717A1A4A129454588C3EA9ACE206B6E9CCB7F2ABDC
Malicious:	false
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

C:\Users\user\AppData\Local\Temp\WERCCB4.tmp.WERDataCollectionStatus.txt

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	4734
Entropy (8bit):	3.239352669644134
Encrypted:	false
SSDEEP:	96:pwpIiWkXkkXfkuguWkO0Qg0Qz0QgW0QXt0Qt0QgX3gVXFMszeuzSzbxGQI5lmZsB:pLle+u58e8oeyOkN7
MD5:	7E34F7D20F288A8F45D3B91733C0441B
SHA1:	7C7B104714792AD116FF9D8B25D1915F7E182366
SHA-256:	EC191277BC40296E2135EB1960A5942F30DF1DBBD82ADEA820708BD65CF4F8F0
SHA-512:	9A1A6EECC69C49E6421BEBF96D72E7B048E6C7C53EF0A7FD72B55A4A7E99321C723F2EEFFA287D6EE95D7A26C0F494EBB763B35CBB8D3CB3DF0802F6F591503D
Malicious:	false
Preview:	......S.n.a.p.s.h.o.t. .s.t.a.t.i.s.t.i.c.s.:.....-. .S.i.g.n.a.t.u.r.e. . . . . . . . . . . . . . . . .:. .P.S.S.D.......-. .F.l.a.g.s./.C.a.p.t.u.r.e.F.l.a.g.s. . . . . . . .:. .0.0.0.0.0.0.0.1./.d.0.0.0.3.9.f.f.......-. .A.u.x. .p.a.g.e.s. . . . . . . . . . . . . . . . .:. .1. .e.n.t.r.i.e.s. .l.o.n.g.......-. .V.A. .s.p.a.c.e. .s.t.r.e.a.m. . . . . . . . . . .:. .3.6.9.6. .b.y.t.e.s. .i.n. .s.i.z.e.......-. .H.a.n.d.l.e. .t.r.a.c.e. .s.t.r.e.a.m. . . . . . .:. .0. .b.y.t.e.s. .i.n. .s.i.z.e.......-. .H.a.n.d.l.e. .s.t.r.e.a.m. . . . . . . . . . . . .:. .6.4.0. .b.y.t.e.s. .i.n. .s.i.z.e.......-. .T.h.r.e.a.d.s. . . . . . . . . . . . . . . . . . .:. .1. .t.h.r.e.a.d.s.......-. .T.h.r.e.a.d. .s.t.r.e.a.m. . . . . . . . . . . . .:. .8.3.2. .b.y.t.e.s. .i.n. .s.i.z.e...........S.n.a.p.s.h.o.t. .p.e.r.f.o.r.m.a.n.c.e. .c.o.u.n.t.e.r.s.:.....-. .T.o.t.a.l.C.y.c.l.e.C.o.u.n.t. . . . . . . . . . .:. .2.4.5.4.3.2.4. .c.y.c.l.e.s.......-. .V.a.C.l.o.n.e.C.y.c.l.e.C.o.u.n.t. . . . . . . . .:.

C:\Users\user\AppData\Local\Temp\WERFF1E.tmp.WERDataCollectionStatus.txt

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	4732
Entropy (8bit):	3.239625153054285
Encrypted:	false
SSDEEP:	96:pwpIimkXkkXakuguWX0Qf0Q90Qgz0QXP0QE0QRFzg8XDfszeuzSzbxGQI5Pmisp1:prlb+upLQoeyOkNE
MD5:	9597D35787B8E89292198C938730F9B6
SHA1:	4238F8975B115289ADC60524A46E16A2AA432371
SHA-256:	758B570C029520779D87B7D11D340B11387B06A0CDFBA502B14EFB3B64A7B803
SHA-512:	1917BED289A675551D9A1F82567EE22A883AB30F1410DD10BC826C6B916AC3A703F3D24D1DBEF75369FFFC1E0093D3DD24741311CE1A23B523BA1F15583BE108
Malicious:	false
Preview:	......S.n.a.p.s.h.o.t. .s.t.a.t.i.s.t.i.c.s.:.....-. .S.i.g.n.a.t.u.r.e. . . . . . . . . . . . . . . . .:. .P.S.S.D.......-. .F.l.a.g.s./.C.a.p.t.u.r.e.F.l.a.g.s. . . . . . . .:. .0.0.0.0.0.0.0.1./.d.0.0.0.3.9.f.f.......-. .A.u.x. .p.a.g.e.s. . . . . . . . . . . . . . . . .:. .1. .e.n.t.r.i.e.s. .l.o.n.g.......-. .V.A. .s.p.a.c.e. .s.t.r.e.a.m. . . . . . . . . . .:. .3.5.0.4. .b.y.t.e.s. .i.n. .s.i.z.e.......-. .H.a.n.d.l.e. .t.r.a.c.e. .s.t.r.e.a.m. . . . . . .:. .0. .b.y.t.e.s. .i.n. .s.i.z.e.......-. .H.a.n.d.l.e. .s.t.r.e.a.m. . . . . . . . . . . . .:. .5.4.6. .b.y.t.e.s. .i.n. .s.i.z.e.......-. .T.h.r.e.a.d.s. . . . . . . . . . . . . . . . . . .:. .1. .t.h.r.e.a.d.s.......-. .T.h.r.e.a.d. .s.t.r.e.a.m. . . . . . . . . . . . .:. .8.3.2. .b.y.t.e.s. .i.n. .s.i.z.e...........S.n.a.p.s.h.o.t. .p.e.r.f.o.r.m.a.n.c.e. .c.o.u.n.t.e.r.s.:.....-. .T.o.t.a.l.C.y.c.l.e.C.o.u.n.t. . . . . . . . . . .:. .2.1.1.4.4.3.3. .c.y.c.l.e.s.......-. .V.a.C.l.o.n.e.C.y.c.l.e.C.o.u.n.t. . . . . . . . .:.

C:\Users\user\AppData\Roaming\confuse\chargeable.exe

Download File

Process:	C:\Users\user\Desktop\TBYtld7aq2.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	115360
Entropy (8bit):	6.051822510323776
Encrypted:	false
SSDEEP:	1536:WWp5eznKUlIOp3YjVCguHEvQEbFqVC3woFRKpT4XEQhuxzuMk:P5eznsjsguGDFqGZ2rk
MD5:	C5489DB83F5E2865111EFCAB5001DA7B
SHA1:	0BE052679BBD497C72CF4B508804739C18D138EC
SHA-256:	69887B52237CE6A2A9C051B1968C0A98D437109B1BBC0C9A06C2E7ADC68454F0
SHA-512:	6F3DBE18594DF4BC5F7B8E191E0BE8770000153F9E79340582026782EA69D45FAA2014EBE82C0B229D34B62E3EF54AB49D7C7806477FD027C4B46328EBD70108
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S..[.................x..........^.... ........@.. ....................................@.....................................S.......H................'........................................................... ............... ..H............text...dv... ...x.................. ..`.rsrc...H............z..............@..@.reloc...............~..............@..B................@.......H...........h...........@...^T..........................................N.(.....(.....(....*.0..9I.......s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....} ....s....}!....s....}"....s

\Device\ConDrv

Download File

Process:	C:\Windows\SysWOW64\netsh.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	313
Entropy (8bit):	4.971939296804078
Encrypted:	false
SSDEEP:	6:/ojfKsUTGN8Ypox42k9L+DbGMKeQE+vigqAZs2E+AYeDPO+Yswyha:wjPIGNrkHk9iaeIM6ADDPOHyha
MD5:	689E2126A85BF55121488295EE068FA1
SHA1:	09BAAA253A49D80C18326DFBCA106551EBF22DD6
SHA-256:	D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25
SHA-512:	C3736A8FC7E6573FA1B26FE6A901C05EE85C55A4A276F8F569D9EADC9A58BEC507D1BB90DBF9EA62AE79A6783178C69304187D6B90441D82E46F5F56172B5C5C
Malicious:	false
Preview:	..IMPORTANT: Command executed successfully...However, "netsh firewall" is deprecated;..use "netsh advfirewall firewall" instead...For more information on using "netsh advfirewall firewall" commands..instead of "netsh firewall", see KB article 947709..at https://go.microsoft.com/fwlink/?linkid=121488 .....Ok.....

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.050205433428026
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	TBYtld7aq2.exe
File size:	115'296 bytes
MD5:	39ca93f7ec603d931be5b07a4d0ae682
SHA1:	d6031730299d9a3e0755dbce7fb792258fd987a2
SHA256:	8d4934af5ee8162d5e8042181c44969aecb40c6404726f27d45bf37722fc3a47
SHA512:	c169c3effe7ca9ee7e5c1fa28a56025c2ce388afad79ac168a5f7ebfaf2f25ee30176a0a821ff82207b5a885052ff3586fef809276aa447cf3e2b000b815226b
SSDEEP:	1536:WWp5eznKUlIOp3YjVCguHEvQEbFqVC3woFRKpT4XEQhuxzuMM:P5eznsjsguGDFqGZ2rM
TLSH:	BCB30D387D952133C67AC1F689E50A8BEB69223F3191E8ED4CA752C418B2F156EC1D1F
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S..[.................x..........^.... ........@.. ....................................@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x41965e
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x5B1EAC53 [Mon Jun 11 17:07:31 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:
Signature Issuer:
Signature Validation Error:
Error Number:
Not Before, Not After
Subject Chain
Version:
Thumbprint MD5:
Thumbprint SHA-1:
Thumbprint SHA-256:
Serial:

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x19608	0x53	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1a000	0x348	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x18e80	0x27a0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1c000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x17664	0x17800	7acd957f3266ee65ab01391ebf758013	False	0.46648520611702127	data	5.649987526076151	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x1a000	0x348	0x400	2f8c2571ca02df8c52b2a03fcee90517	False	0.37109375	data	2.7512174114856074	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1c000	0xc	0x200	5219651ec1890b5711996a05a6f4ed37	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x1a058	0x2ec	data			0.4625668449197861

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
03/29/24-03:21:02.937564	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49741	10000	192.168.2.4	160.176.152.91
03/29/24-03:17:21.142872	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49741	10000	192.168.2.4	160.176.152.91
03/29/24-03:21:03.778286	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49741	10000	192.168.2.4	160.176.152.91
03/29/24-03:17:21.557651	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49741	10000	192.168.2.4	160.176.152.91
03/29/24-03:17:21.557651	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49741	10000	192.168.2.4	160.176.152.91

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 29, 2024 03:17:20.826837063 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:17:21.068953991 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:17:21.069145918 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:17:21.142872095 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:17:21.557591915 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:17:21.557651043 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:17:21.979924917 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:17:26.716949940 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:17:27.141247988 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:17:27.301471949 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:17:27.304538965 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:17:27.721575022 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:17:34.924117088 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:17:35.333292961 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:17:43.044954062 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:17:43.478421926 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:17:45.373953104 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:17:45.374234915 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:17:45.784907103 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:03.433013916 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:03.433758974 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:03.849649906 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:15.079036951 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:15.495393038 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:16.498434067 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:17.008133888 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:21.030287981 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:21.447038889 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:21.447145939 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:21.501637936 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:21.544429064 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:21.863377094 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:21.863451004 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:22.342987061 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:22.561146021 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:22.981723070 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:22.981817007 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:23.348244905 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:23.398222923 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:23.398296118 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:23.565890074 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:23.566025972 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:23.781589031 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:23.781683922 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:24.274909973 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:24.275038958 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:24.689299107 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:24.689471006 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:24.974896908 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:25.108719110 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:25.110713005 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:25.194215059 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:25.195087910 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:25.409519911 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:25.409647942 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:25.678057909 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:25.825474024 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:25.826751947 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:25.894942045 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:25.895103931 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:26.113266945 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:26.113373995 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:26.375013113 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:26.528781891 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:26.528894901 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:26.591183901 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:26.591315985 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:26.811271906 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:26.811403036 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:27.101294041 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:27.237045050 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:27.237157106 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:27.320806980 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:27.321022034 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:27.543586016 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:27.543737888 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:27.796941996 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:27.973382950 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:27.973520041 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:28.015182018 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:28.015361071 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:28.230712891 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:28.232781887 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:28.433378935 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:28.447588921 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:28.635932922 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:28.649597883 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:28.649708986 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:28.854099035 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:28.854295015 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:29.032608032 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:29.120511055 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:29.120635986 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:29.250693083 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:29.250832081 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:29.402067900 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:29.465747118 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:29.465847015 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:29.588650942 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:29.621989965 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:29.622081995 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:29.756886005 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:29.807746887 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:29.807826042 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:29.849647045 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:29.849708080 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:29.989469051 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:29.989589930 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:30.073631048 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:30.073739052 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:30.218492031 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:30.289175034 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:30.289283037 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:30.434847116 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:30.434945107 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:30.572529078 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:30.649791956 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:30.649910927 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:30.782634020 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:30.791759968 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:30.791843891 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:30.923168898 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:31.000277996 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:31.000524998 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:31.011224985 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:31.011296988 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:31.148125887 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:31.148376942 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:31.228674889 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:31.228780985 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:31.381215096 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:31.445077896 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:31.445174932 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:31.582288027 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:31.596867085 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:31.596952915 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:31.733855963 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:31.801269054 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:31.801373959 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:31.813205957 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:31.813278913 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:31.943461895 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:31.952807903 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:31.952884912 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:32.027487040 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:32.027574062 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:32.164556980 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:32.164664030 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:32.246129036 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:32.246222973 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:32.406959057 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:32.460977077 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:32.461054087 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:32.608390093 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:32.623338938 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:32.623415947 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:32.786586046 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:32.824589014 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:32.824698925 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:32.837776899 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:32.837836027 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:32.975227118 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:33.005080938 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:33.005146027 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:33.053164959 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:33.053230047 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:33.192414999 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:33.192519903 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:33.268548012 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:33.268629074 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:33.403683901 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:33.486316919 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:33.486428976 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:33.623730898 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:33.623830080 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:33.776072025 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:33.839699030 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:33.839818001 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:33.990313053 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:33.997231960 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:34.130361080 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:34.212898970 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:34.212996960 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:34.346221924 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:34.346432924 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:34.428601980 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:34.428694963 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:34.584908009 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:34.644798994 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:34.644906044 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:34.801315069 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:34.801386118 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:34.950987101 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:35.021822929 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:35.021933079 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:35.169909954 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:35.169998884 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:35.327881098 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:35.385132074 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:35.385222912 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:35.525047064 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:35.544348001 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:35.544440031 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:35.693228960 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:35.745141029 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:35.745239019 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:35.761239052 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:35.761296988 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:35.903634071 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:35.908339977 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:35.974947929 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:35.975152969 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:36.115055084 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:36.131856918 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:36.131948948 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:36.279288054 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:36.331056118 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:36.331156015 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:36.349561930 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:36.349606991 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:36.500653028 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:36.502377987 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:36.564160109 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:36.564264059 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:36.700181007 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:36.722460032 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:36.722577095 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:36.853514910 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:36.917049885 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:36.917196989 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:36.938278913 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:36.938358068 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:37.070120096 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:37.070223093 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:37.153753042 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:37.153836012 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:37.368206024 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:37.370340109 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:37.515604019 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:37.590042114 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:37.590182066 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:37.733038902 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:37.733135939 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:37.949749947 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:37.949887991 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:38.120052099 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:38.263154030 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:38.340866089 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:38.340975046 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:38.481106043 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:38.481198072 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:38.557432890 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:38.557549000 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:38.696073055 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:38.696146965 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:38.839971066 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:38.912909985 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:38.913012028 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:39.054791927 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:39.056109905 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:39.197154999 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:39.269891024 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:39.269994974 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:39.413568974 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:39.413672924 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:39.485652924 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:39.485747099 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:39.562927008 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:39.563024044 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:39.699402094 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:39.699500084 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:39.913904905 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:39.917793036 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:40.128712893 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:40.128803968 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:40.352545977 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:40.435024977 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:40.552006006 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:40.552150965 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:40.568917990 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:40.569003105 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:40.649899960 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:40.650001049 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:40.769340992 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:40.769443035 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:40.782386065 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:40.782447100 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:40.948957920 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:40.988929033 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:40.989025116 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:41.132275105 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:41.164907932 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:41.165005922 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:41.205207109 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:41.205291986 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:41.346128941 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:41.350121975 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:41.419792891 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:41.419874907 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:41.550687075 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:41.561187029 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:41.561258078 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:41.699210882 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:41.767338991 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:41.767441988 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:41.776401043 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:41.914885044 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:41.914967060 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:42.072478056 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:42.130337954 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:42.130455971 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:42.267044067 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:42.288696051 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:42.288769960 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:42.438747883 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:42.482816935 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:42.482933998 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:42.502831936 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:42.502944946 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:42.656368017 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:42.656466007 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:42.717951059 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:42.718018055 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:42.869111061 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:42.932230949 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:42.932336092 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:43.083789110 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:43.083978891 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:43.244180918 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:43.298962116 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:43.299139977 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:43.462197065 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:43.462300062 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:43.617094994 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:43.678600073 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:43.678672075 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:43.833056927 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:43.833180904 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:43.965019941 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:44.047128916 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:44.047224998 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:44.179625988 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:44.179740906 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:44.308947086 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:44.394925117 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:44.395024061 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:44.526604891 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:44.526824951 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:44.666836023 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:44.742614985 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:44.742731094 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:44.882581949 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:44.883007050 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:45.070825100 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:45.099154949 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:45.099251986 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:45.250973940 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:45.285628080 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:45.285698891 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:45.312422037 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:45.312488079 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:45.470585108 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:45.470695019 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:45.526854038 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:45.526932001 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:45.667993069 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:45.742018938 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:45.742237091 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:45.885766029 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:45.885867119 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:46.035339117 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:46.104366064 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:46.104597092 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:46.251995087 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:46.252119064 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:46.452877045 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:46.467349052 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:46.467526913 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:46.650194883 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:46.681410074 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:46.681505919 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:46.821616888 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:46.865675926 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:46.865777016 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:46.896749973 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:46.896809101 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:47.029002905 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:47.039772987 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:47.039851904 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:47.111154079 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:47.111273050 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:47.246751070 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:47.246825933 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:47.325191975 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:47.325270891 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:47.533864021 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:47.540709019 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:47.729437113 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:47.750341892 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:47.750435114 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:47.902396917 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:47.945760965 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:47.945854902 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:48.120326042 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:48.120470047 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:48.159966946 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:48.160227060 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:48.332303047 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:48.377521038 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:48.377696991 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:48.543554068 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:48.548638105 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:48.713850021 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:48.760477066 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:48.760607004 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:48.912341118 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:48.930466890 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:48.930567026 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:48.973990917 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:48.974133015 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:49.132668972 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:49.132746935 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:49.191237926 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:49.191313982 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:49.329389095 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:49.406567097 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:49.406666040 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:49.546185970 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:49.546380997 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:49.759394884 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:49.772233963 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:49.929934978 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:49.981358051 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:49.981442928 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:50.131871939 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:50.145749092 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:50.145850897 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:50.324028969 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:50.347934961 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:50.348037958 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:50.362040043 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:50.362137079 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:50.505948067 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:50.540169001 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:50.540314913 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:50.577402115 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:50.577545881 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:50.720844984 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:50.721038103 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:50.791583061 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:50.791733980 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:51.012417078 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:51.012506962 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:51.180533886 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:51.324871063 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:51.325577974 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:51.396503925 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:51.396630049 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:51.528168917 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:51.539699078 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:51.541639090 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:51.708859921 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:51.743083000 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:51.743194103 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:51.920027018 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:51.924417019 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:51.957170963 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:51.957238913 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:52.137262106 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:52.137382984 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:52.293092966 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:52.352859020 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:52.352977991 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:52.509620905 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:52.509813070 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:52.680094957 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:52.744303942 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:52.744390965 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:52.894797087 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:52.894882917 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:53.058471918 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:53.110131979 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:53.110227108 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:53.273260117 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:53.273379087 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:53.488643885 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:53.488770008 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:53.631264925 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:53.794351101 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:53.845369101 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:53.845540047 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:53.993477106 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:54.009649992 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:54.009727955 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:54.060580015 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:54.188590050 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:54.210026979 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:54.210211039 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:54.364655018 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:54.408032894 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:54.408116102 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:54.424082041 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:54.424144983 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:54.580629110 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:54.580741882 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:54.637546062 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:54.637653112 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:54.774023056 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:54.852598906 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:54.852683067 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:54.994117975 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:54.994204998 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:55.143517017 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:55.209305048 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:55.209420919 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:55.358545065 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:55.358656883 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:55.574012995 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:55.574141026 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:55.787306070 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:55.888132095 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:55.990478992 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:55.990672112 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:56.003453970 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:56.003608942 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:56.103034019 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:56.103126049 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:56.205645084 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:56.205740929 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:56.318013906 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:56.318108082 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:56.467571974 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:56.533452988 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:56.533611059 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:56.683962107 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:56.684035063 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:56.831281900 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:56.899863005 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:56.900023937 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:57.052449942 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:57.052560091 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:57.187062979 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:57.268588066 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:57.268695116 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:57.402290106 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:57.403244019 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:57.552947044 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:57.618391991 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:57.618567944 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:57.767930031 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:57.768040895 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:57.833432913 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:57.833585024 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:57.991664886 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:58.051821947 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:58.051981926 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:58.208188057 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:58.208266973 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:58.414891005 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:58.423343897 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:58.423480034 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:58.612015963 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:58.630722046 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:58.630888939 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:58.797861099 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:58.828885078 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:58.829078913 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:58.845868111 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:58.845932961 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:59.013545990 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:59.013714075 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:59.060431957 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:59.060600996 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:59.207285881 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:59.275430918 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:59.275522947 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:59.422964096 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:59.423063040 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:59.639494896 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:59.640110016 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:59.783159018 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:59.854031086 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:59.854123116 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:18:59.999690056 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:18:59.999797106 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:00.210148096 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:00.216938972 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:00.426567078 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:00.426680088 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:00.584378004 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:00.637444019 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:00.637703896 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:00.731831074 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:00.802706003 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:00.802807093 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:00.852696896 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:00.852792978 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:00.948272943 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:00.948410034 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:01.017985106 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:01.018086910 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:01.070729017 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:01.070805073 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:01.205480099 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:01.233161926 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:01.233261108 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:01.420346975 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:01.420461893 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:01.447479963 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:01.447616100 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:01.604948044 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:01.662841082 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:01.662940979 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:01.820919037 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:01.821111917 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:01.976555109 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:02.036253929 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:02.036374092 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:02.192683935 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:02.192770004 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:02.349605083 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:02.408189058 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:02.408294916 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:02.559647083 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:02.569233894 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:02.569389105 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:02.738626003 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:02.777307034 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:02.777461052 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:02.795351982 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:02.795510054 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:02.933514118 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:02.954324007 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:02.954405069 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:03.009699106 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:03.009804010 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:03.147975922 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:03.148205042 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:03.230905056 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:03.230983973 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:03.363465071 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:03.363550901 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:03.544390917 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:03.578663111 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:03.578753948 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:03.726512909 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:03.759856939 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:03.759948969 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:03.925082922 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:03.944004059 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:03.944065094 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:03.975238085 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:03.975290060 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:04.135384083 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:04.142570972 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:04.190387964 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:04.190542936 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:04.352726936 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:04.362607956 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:04.362721920 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:04.545660019 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:04.569231987 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:04.569343090 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:04.576911926 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:04.576978922 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:04.728334904 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:04.762216091 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:04.762326002 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:04.792551041 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:04.792623997 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:04.931222916 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:04.943536997 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:04.943679094 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:05.029354095 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:05.029567957 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:05.147891045 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:05.148005962 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:05.246421099 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:05.246535063 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:05.391596079 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:05.461008072 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:05.461129904 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:05.612314939 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:05.612431049 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:05.827347040 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:05.827447891 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:05.997056961 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:06.138071060 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:06.212934017 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:06.213169098 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:06.353615999 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:06.353792906 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:06.430191040 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:06.430372953 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:06.571639061 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:06.571760893 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:06.670162916 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:06.670250893 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:06.836430073 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:06.885524988 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:06.885654926 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:07.026309013 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:07.054771900 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:07.054852009 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:07.199806929 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:07.245300055 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:07.245404005 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:07.268775940 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:07.268848896 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:07.417576075 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:07.424514055 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:07.424592018 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:07.487071991 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:07.487284899 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:07.633230925 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:07.634650946 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:07.702450991 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:07.702521086 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:07.839261055 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:07.864586115 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:07.864712000 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:07.986269951 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:08.130414009 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:08.169511080 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:08.292356014 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:08.292481899 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:08.293159008 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:08.354944944 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:08.355048895 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:08.370903969 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:08.371011019 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:08.434745073 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:08.505228996 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:08.514988899 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:08.520750046 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:08.520823956 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:08.523355007 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:08.571436882 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:08.635967016 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:08.723738909 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:08.738739967 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:08.738877058 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:08.858299017 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:08.858396053 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:08.989183903 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:09.073802948 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:09.073905945 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:09.205144882 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:09.205212116 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:09.423185110 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:09.423331022 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:09.615174055 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:09.682607889 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:09.682718992 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:09.832732916 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:10.114664078 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:10.138046026 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:10.148196936 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:10.148277998 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:10.289658070 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:10.335870981 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:10.335968971 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:10.357367039 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:10.357430935 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:10.491148949 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:10.510250092 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:10.510329962 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:10.571069956 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:10.571155071 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:10.705632925 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:10.705739021 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:10.787132978 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:10.787281990 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:11.002306938 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:11.002540112 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:11.233526945 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:11.419290066 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:11.420798063 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:11.420876026 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:11.451725006 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:11.451864958 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:11.637976885 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:11.638107061 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:11.639229059 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:11.828393936 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:11.828393936 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:11.853214979 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:11.853283882 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:12.012429953 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:12.045439959 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:12.045537949 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:12.214147091 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:12.227751970 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:12.227842093 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:12.260680914 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:12.260745049 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:12.421119928 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:12.430150986 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:12.430238008 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:12.476991892 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:12.477113008 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:12.609915018 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:12.635221958 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:12.635303020 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:12.692153931 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:12.692224979 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:12.814763069 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:12.824615955 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:12.824687004 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:12.850872040 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:12.850940943 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:12.966842890 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:13.030997038 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:13.031064034 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:13.038769007 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:13.038816929 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:13.182370901 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:13.183232069 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:13.247020960 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:13.247195959 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:13.401575089 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:13.401757002 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:13.462516069 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:13.462609053 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:13.642787933 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:13.678369999 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:13.678447008 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:13.858834028 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:13.858938932 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:14.019841909 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:14.074158907 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:14.074260950 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:14.221740007 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:14.237441063 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:14.237576008 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:14.414347887 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:14.436779976 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:14.436863899 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:14.452724934 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:14.452816963 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:14.600373030 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:14.631247997 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:14.631340981 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:14.667850018 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:14.667922020 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:14.815339088 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:14.815455914 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:14.882025957 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:14.882145882 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:15.043003082 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:15.099360943 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:15.099426985 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:15.256880045 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:15.260905027 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:15.425856113 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:15.474021912 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:15.474126101 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:15.641319036 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:15.641473055 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:15.689292908 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:15.689364910 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:15.848520041 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:15.904444933 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:15.904582024 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:16.063986063 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:16.064080000 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:16.245420933 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:16.281234980 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:16.281305075 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:16.425404072 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:16.477271080 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:16.477370024 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:16.612590075 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:16.643496990 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:16.643593073 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:16.694612026 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:16.694689035 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:16.829222918 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:16.829303980 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:16.909676075 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:16.909740925 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:17.071878910 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:17.125747919 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:17.125910997 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:17.288410902 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:17.288499117 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:17.504878044 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:17.504988909 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:17.651798964 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:17.803888083 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:17.809915066 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:17.868231058 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:17.868419886 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:18.021758080 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:18.021980047 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:18.025597095 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:18.083669901 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:18.083771944 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:18.232417107 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:18.298856020 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:18.298958063 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:18.441915035 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:18.452996969 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:18.453069925 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:18.593770027 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:18.659288883 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:18.659358978 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:18.668436050 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:18.668478012 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:18.808864117 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:18.808955908 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:18.886454105 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:18.886548042 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:19.073892117 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:19.101569891 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:19.101669073 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:19.256632090 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:19.290894032 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:19.290966988 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:19.463706017 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:19.475549936 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:19.475630045 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:19.506064892 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:19.506139994 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:19.682782888 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:19.682893038 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:19.720379114 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:19.720515013 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:19.866092920 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:19.935758114 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:19.935868979 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:20.083165884 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:20.083261013 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:20.252528906 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:20.298434973 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:20.298511982 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:20.463381052 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:20.468592882 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:20.661271095 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:20.678914070 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:20.679003000 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:20.841265917 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:20.876159906 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:20.876245022 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:20.893078089 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:20.893141985 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:21.036974907 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:21.057600975 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:21.057785034 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:21.107260942 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:21.107391119 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:21.251914978 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:21.252021074 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:21.321633101 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:21.321741104 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:21.495428085 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:21.540525913 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:21.540632010 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:21.696446896 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:21.714025021 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:21.714102030 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:21.870522976 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:21.913465977 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:21.913542032 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:21.929529905 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:21.929578066 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:22.085635900 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:22.085742950 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:22.144504070 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:22.144577980 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:22.295242071 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:22.358661890 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:22.358731031 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:22.511245012 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:22.511327982 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:22.675992966 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:22.726597071 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:22.726686954 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:22.880136967 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:22.891539097 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:22.891732931 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:23.095222950 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:23.095395088 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:23.105961084 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:23.106041908 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:23.285485029 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:23.320314884 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:23.320408106 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:23.494438887 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:23.500626087 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:23.500703096 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:23.677335978 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:23.708787918 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:23.708885908 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:23.715626955 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:23.715687990 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:23.856638908 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:23.892116070 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:23.892195940 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:23.928894997 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:23.928965092 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:24.085187912 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:24.085551023 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:24.144069910 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:24.144154072 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:24.306746960 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:24.306823015 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:24.495333910 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:24.520873070 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:24.520973921 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:24.712412119 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:24.712519884 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:24.893641949 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:24.928401947 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:24.928489923 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:25.058727980 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:25.109901905 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:25.110006094 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:25.268084049 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:25.274024963 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:25.325939894 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:25.326034069 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:25.481818914 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:25.484231949 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:25.640943050 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:25.696291924 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:25.696470022 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:25.857237101 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:25.857399940 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:25.914237022 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:25.914345026 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:26.079628944 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:26.132848024 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:26.132966042 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:26.282310009 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:26.303204060 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:26.303284883 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:26.467175007 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:26.498502016 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:26.498681068 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:26.518486977 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:26.518551111 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:26.665165901 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:26.681842089 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:26.682001114 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:26.734554052 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:26.734623909 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:26.880239010 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:26.880439997 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:26.953018904 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:26.953205109 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:27.116074085 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:27.168149948 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:27.168279886 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:27.295064926 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:27.332551003 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:27.332674026 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:27.481364965 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:27.511070967 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:27.511236906 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:27.548737049 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:27.548805952 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:27.681628942 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:27.696176052 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:27.696458101 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:27.764208078 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:27.764389038 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:27.898602962 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:27.898684978 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:27.978382111 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:27.978452921 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:28.193500042 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:28.193591118 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:28.472944021 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:28.497404099 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:28.602926016 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:28.603007078 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:28.688384056 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:28.688517094 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:28.712559938 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:28.712734938 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:28.818595886 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:28.818726063 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:28.926726103 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:28.926877022 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:29.055813074 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:29.142055988 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:29.144330978 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:29.278115988 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:29.302305937 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:29.304132938 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:29.406227112 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:29.500516891 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:29.502373934 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:29.613058090 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:29.670078039 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:29.672317982 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:29.679163933 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:29.684314966 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:29.785433054 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:29.828377008 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:29.831588984 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:29.892178059 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:29.894737959 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:30.004798889 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:30.014827013 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:30.015263081 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:30.046463966 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:30.046544075 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:30.181808949 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:30.241866112 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:30.242008924 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:30.242770910 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:30.396512985 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:30.396676064 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:30.457024097 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:30.457132101 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:30.578325987 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:30.671312094 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:30.671515942 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:30.744918108 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:30.744981050 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:30.796525955 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:30.796600103 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:30.950936079 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:30.962275028 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:30.962412119 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:31.145112991 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:31.168510914 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:31.168656111 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:31.179500103 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:31.179615974 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:31.331146955 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:31.365973949 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:31.366070986 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:31.396651030 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:31.396742105 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:31.548511028 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:31.569129944 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:31.569287062 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:31.610717058 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:31.610843897 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:31.766256094 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:31.766340971 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:31.826020002 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:31.826087952 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:31.977061033 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:32.042309999 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:32.042596102 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:32.167392015 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:32.232633114 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:32.232784986 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:32.369249105 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:32.383066893 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:32.383197069 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:32.449027061 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:32.449189901 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:32.585546970 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:32.585755110 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:32.694828987 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:32.695106983 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:32.819595098 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:32.911180019 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:32.911427021 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:33.055536032 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:33.055824995 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:33.194653988 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:33.271748066 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:33.271838903 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:33.410438061 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:33.410520077 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:33.555551052 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:33.625631094 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:33.625727892 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:33.754173994 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:33.770942926 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:33.771137953 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:33.905189037 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:33.969479084 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:33.969738960 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:33.986119032 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:33.986222982 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:34.120594978 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:34.120709896 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:34.200422049 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:34.200661898 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:34.365335941 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:34.418067932 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:34.418304920 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:34.554416895 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:34.581240892 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:34.581468105 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:34.744923115 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:34.787327051 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:34.787427902 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:34.796133041 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:34.796211958 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:34.960568905 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:34.960877895 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:35.009253979 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:35.009319067 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:35.197427034 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:35.229588985 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:35.229758024 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:35.372800112 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:35.414913893 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:35.415146112 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:35.551666975 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:35.588520050 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:35.588763952 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:35.630173922 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:35.630397081 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:35.766704082 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:35.766808033 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:35.844594002 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:35.844815969 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:35.994771957 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:36.059618950 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:36.059725046 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:36.213320017 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:36.213411093 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:36.375808954 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:36.429253101 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:36.429357052 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:36.591825008 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:36.594610929 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:36.779874086 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:36.779977083 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:36.807863951 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:36.807940960 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:36.962337017 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:37.023530960 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:37.023781061 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:37.179430962 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:37.179718018 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:37.335730076 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:37.396786928 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:37.397059917 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:37.551246881 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:37.551336050 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:37.696507931 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:37.766354084 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:37.766463995 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:37.911940098 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:37.912179947 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:38.066745043 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:38.128006935 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:38.128108978 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:38.282394886 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:38.284493923 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:38.469717979 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:38.497545958 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:38.497797966 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:38.683865070 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:38.684011936 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:38.712847948 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:38.712903976 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:38.861901045 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:38.928241968 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:38.928527117 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:39.062244892 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:39.084410906 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:39.088404894 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:39.234313965 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:39.276827097 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:39.280376911 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:39.302658081 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:39.304352999 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:39.449968100 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:39.452338934 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:39.519957066 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:39.520281076 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:39.657038927 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:39.736183882 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:39.740384102 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:39.786920071 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:39.788379908 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:39.872777939 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:39.876441956 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:40.007033110 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:40.008392096 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:40.175661087 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:40.226305008 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:40.226391077 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:40.393764019 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:40.393856049 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:40.610054970 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:40.610186100 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:40.919260979 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:41.036509037 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:41.036649942 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:41.135150909 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:41.135344982 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:41.251523018 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:41.251617908 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:41.351152897 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:41.351270914 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:41.508490086 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:41.566548109 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:41.566682100 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:41.712662935 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:41.722935915 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:41.723145008 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:41.864465952 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:41.930171013 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:41.930418015 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:41.938004971 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:41.938080072 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:42.074402094 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:42.081341028 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:42.081434965 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:42.152122974 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:42.152220964 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:42.289515972 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:42.289618969 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:42.370328903 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:42.370450020 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:42.539612055 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:42.585738897 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:42.585828066 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:42.754982948 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:42.755067110 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:42.802140951 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:42.802215099 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:42.945172071 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:42.970004082 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:42.970326900 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:43.110620022 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:43.161415100 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:43.161545992 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:43.184550047 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:43.184735060 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:43.328999043 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:43.329127073 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:43.399672985 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:43.399785042 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:43.614860058 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:43.614991903 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:43.839500904 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:43.919359922 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:44.027698040 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:44.027915955 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:44.055160046 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:44.055320978 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:44.134043932 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:44.134308100 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:44.275393009 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:44.275466919 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:44.351279020 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:44.351358891 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:44.550226927 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:44.565429926 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:44.565638065 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:44.714706898 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:44.765721083 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:44.765847921 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:44.901228905 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:44.928989887 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:44.929184914 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:44.982316017 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:44.982429981 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:45.124413013 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:45.124583006 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:45.197228909 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:45.197350025 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:45.355194092 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:45.412198067 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:45.412393093 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:45.538885117 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:45.573858976 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:45.573942900 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:45.716185093 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:45.754081964 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:45.754189968 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:45.789808989 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:45.789876938 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:45.809899092 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:45.809988022 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:45.931596994 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:45.931679964 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:46.004203081 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:46.004273891 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:46.146650076 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:46.146787882 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:46.280431032 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:46.362730980 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:46.362824917 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:46.497176886 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:46.497287035 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:46.626220942 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:46.712584972 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:46.712793112 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:46.846920013 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:46.847027063 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:46.981599092 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:47.063122988 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:47.063425064 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:47.196656942 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:47.196892977 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:47.342655897 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:47.414947033 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:47.415186882 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:47.556184053 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:47.560581923 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:47.698328018 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:47.771819115 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:47.771948099 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:47.911844969 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:47.914041042 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:47.986836910 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:47.987026930 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:48.020857096 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:48.020936012 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:48.128268003 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:48.128362894 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:48.165673971 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:48.237816095 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:48.237936020 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:48.383474112 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:48.383598089 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:48.540636063 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:48.540738106 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:48.661612034 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:48.797056913 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:48.872358084 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:48.925523996 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:48.925645113 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:48.933554888 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:48.938400984 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:48.981693029 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:49.020245075 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:49.020343065 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:49.154258966 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:49.302150011 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:49.302227974 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:49.366794109 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:49.445426941 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:49.446367025 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:49.446436882 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:49.447597027 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:49.464070082 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:49.598299026 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:49.762329102 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:49.765439987 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:49.769206047 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:49.864144087 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:49.865935087 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:49.866018057 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:49.889822960 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:49.889914989 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:49.982516050 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:49.982667923 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:50.104002953 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:50.104191065 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:50.228384972 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:50.319344044 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:50.319464922 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:50.444822073 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:50.444922924 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:50.588695049 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:50.659971952 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:50.660063028 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:50.786156893 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:50.803567886 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:50.803651094 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:50.984266043 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:51.002646923 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:51.002734900 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:51.018853903 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:51.018929005 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:51.158062935 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:51.199125051 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:51.199218988 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:51.233095884 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:51.233166933 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:51.373564005 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:51.373747110 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:51.450213909 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:51.450480938 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:51.597210884 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:51.665191889 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:51.665297985 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:51.809421062 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:51.812787056 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:51.829016924 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:51.829109907 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:51.981410980 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:52.024058104 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:52.024158955 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:52.043915987 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:52.043982983 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:52.183734894 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:52.196409941 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:52.196515083 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:52.258306980 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:52.258390903 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:52.398745060 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:52.398973942 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:52.473129988 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:52.473208904 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:52.632707119 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:52.688481092 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:52.688558102 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:52.850081921 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:52.850224972 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:52.988909960 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:53.065208912 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:53.065330029 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:53.195472956 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:53.252471924 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:53.252583981 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:53.381377935 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:53.412190914 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:53.412298918 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:53.468082905 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:53.468266964 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:53.597421885 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:53.597533941 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:53.683176041 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:53.683264017 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:53.807980061 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:53.899429083 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:53.899554968 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:54.028729916 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:54.028816938 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:54.223896980 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:54.252722025 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:54.252806902 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:54.417177916 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:54.442287922 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:54.442382097 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:54.598092079 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:54.631427050 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:54.631669044 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:54.656358957 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:54.656524897 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:54.779256105 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:54.814857006 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:54.814939022 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:54.845818043 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:54.845886946 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:54.875531912 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:54.875607014 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:54.997100115 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:54.997216940 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:55.060890913 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:55.061003923 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:55.199245930 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:55.214365005 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:55.214587927 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:55.367897034 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:55.419606924 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:55.419723988 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:55.428473949 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:55.428613901 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:55.582467079 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:55.583898067 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:55.667802095 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:55.667915106 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:55.813699961 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:55.971811056 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:55.981693029 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:55.993822098 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:55.993926048 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:56.154827118 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:56.155162096 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:56.189821959 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:56.189915895 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:56.196906090 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:56.196962118 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:56.280482054 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:56.281225920 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:56.345958948 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:56.372251987 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:56.372394085 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:56.415963888 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:56.416183949 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:56.561291933 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:56.561455011 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:56.587110996 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:56.587301016 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:56.728681087 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:56.776648998 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:56.776866913 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:56.907244921 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:56.943866014 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:56.943959951 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:56.992662907 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:56.992841005 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:57.122308016 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:57.122607946 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:57.208056927 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:57.208172083 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:57.366692066 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:57.423325062 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:57.423494101 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:57.582657099 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:57.582726002 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:57.801074982 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:57.819943905 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:57.820029020 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:57.993619919 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:58.029007912 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:58.029076099 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:58.202569962 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:58.209381104 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:58.247462034 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:58.247564077 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:58.381469965 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:58.424668074 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:58.424762011 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:58.555778980 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:58.598328114 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:58.598409891 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:58.652781010 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:58.652872086 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:58.772418976 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:58.772546053 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:58.869940996 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:58.870243073 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:59.085020065 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:59.085102081 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:59.377084970 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:59.388041019 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:59.507626057 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:59.507761002 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:59.595244884 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:59.595448971 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:59.609210014 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:59.609321117 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:59.743046999 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:59.743180990 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:59.824418068 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:19:59.824655056 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:19:59.977715969 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:00.039733887 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:00.039956093 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:00.192254066 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:00.192410946 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:00.348330975 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:00.409497976 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:00.409704924 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:00.559685946 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:00.565773010 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:00.705606937 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:00.777062893 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:00.777167082 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:00.920320034 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:00.920413971 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:00.992348909 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:00.992417097 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:01.119621038 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:01.208395958 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:01.208556890 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:01.331779957 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:01.335911036 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:01.517086983 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:01.549217939 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:01.549344063 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:01.665301085 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:01.734455109 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:01.734786034 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:01.763468981 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:01.763518095 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:01.880106926 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:01.880255938 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:01.978724003 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:01.978914022 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:02.118124962 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:02.194154024 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:02.194355965 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:02.324640036 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:02.333178043 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:02.333339930 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:02.472882986 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:02.539587975 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:02.539664984 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:02.548388004 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:02.548438072 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:02.679939985 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:02.691623926 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:02.691792965 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:02.762835026 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:02.762963057 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:02.896342993 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:02.896579027 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:02.980178118 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:02.980310917 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:03.127396107 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:03.204149008 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:03.204318047 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:03.338573933 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:03.342797041 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:03.482028961 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:03.554920912 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:03.555043936 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:03.704860926 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:03.707151890 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:03.770023108 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:03.770140886 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:03.911617041 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:03.921513081 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:03.921611071 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:04.081135988 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:04.127634048 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:04.127720118 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:04.136683941 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:04.136727095 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:04.276963949 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:04.297661066 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:04.297866106 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:04.352781057 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:04.352917910 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:04.493602991 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:04.493685961 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:04.568423986 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:04.568551064 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:04.709645033 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:04.784399986 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:04.784498930 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:04.899521112 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:04.926655054 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:04.926729918 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:05.056848049 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:05.116106987 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:05.116292953 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:05.142138004 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:05.142204046 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:05.266809940 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:05.274411917 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:05.356180906 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:05.356374025 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:05.483850002 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:05.483949900 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:05.657529116 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:05.700967073 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:05.701042891 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:05.844286919 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:05.873373985 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:05.873441935 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:06.006196976 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:06.067811966 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:06.067959070 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:06.088335991 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:06.088402987 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:06.207686901 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:06.221946001 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:06.222170115 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:06.303713083 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:06.303823948 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:06.423135996 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:06.423228979 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:06.519961119 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:06.520104885 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:06.675369978 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:06.735335112 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:06.735449076 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:06.857633114 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:06.913506031 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:06.913625002 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:07.044922113 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:07.072875023 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:07.073105097 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:07.127784967 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:07.127857924 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:07.243438005 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:07.404211998 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:07.434822083 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:07.516232967 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:07.516346931 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:07.520267010 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:07.520345926 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:07.520345926 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:07.527307034 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:07.527400017 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:07.637773991 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:07.637876987 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:07.665767908 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:07.765045881 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:07.885129929 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:07.989394903 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:07.998459101 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:07.998545885 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:08.008261919 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:08.008327007 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:08.017518997 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:08.017715931 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:08.148550034 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:08.174874067 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:08.175069094 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:08.244729996 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:08.244891882 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:08.255486012 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:08.255587101 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:08.366214991 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:08.366298914 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:08.464704990 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:08.464932919 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:08.588386059 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:08.732423067 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:08.749771118 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:08.749841928 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:08.803572893 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:08.803668022 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:08.925517082 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:08.961853981 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:08.962050915 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:08.969083071 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:08.969146013 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:09.085751057 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:09.142141104 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:09.142270088 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:09.178174019 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:09.178248882 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:09.307786942 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:09.307954073 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:09.360456944 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:09.360573053 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:09.494376898 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:09.522747040 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:09.522937059 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:09.671247959 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:09.712209940 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:09.712296009 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:09.737036943 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:09.737123013 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:09.873169899 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:09.886369944 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:09.886457920 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:09.953299046 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:09.953402996 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:10.074071884 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:10.088762999 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:10.088855028 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:10.168350935 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:10.168421984 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:10.289122105 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:10.289215088 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:10.383680105 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:10.383788109 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:10.503120899 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:10.602813005 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:10.603080988 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:10.720618010 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:10.720743895 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:10.847479105 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:10.935942888 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:10.936311960 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:11.064224005 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:11.064326048 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:11.203469038 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:11.287440062 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:11.287544966 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:11.419917107 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:11.424010038 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:11.555032015 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:11.635319948 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:11.635512114 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:11.769838095 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:11.769944906 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:11.851380110 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:11.851459026 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:11.980396986 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:12.066468954 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:12.066572905 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:12.187694073 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:12.196147919 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:12.196239948 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:12.322678089 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:12.410197973 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:12.410299063 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:12.416270971 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:12.416325092 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:12.538180113 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:12.538312912 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:12.634582043 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:12.634702921 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:12.781124115 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:12.849688053 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:12.849837065 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:12.900639057 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:12.900751114 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:12.997524023 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:12.997742891 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:13.116924047 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:13.117036104 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:13.245806932 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:13.331849098 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:13.331938982 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:13.461513996 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:13.461637974 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:13.602308989 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:13.675904036 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:13.676192045 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:13.818698883 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:13.818928957 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:14.024729967 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:14.033324957 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:14.033441067 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:14.240523100 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:14.240665913 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:14.444839001 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:14.444987059 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:14.653989077 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:14.654241085 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:14.858398914 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:14.858589888 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:15.007882118 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:15.067620993 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:15.067702055 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:15.207542896 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:15.224054098 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:15.224237919 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:15.283663988 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:15.283785105 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:15.422641993 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:15.422770023 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:15.499156952 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:15.499300003 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:15.647281885 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:15.713496923 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:15.713593960 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:15.851398945 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:15.861713886 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:15.861799002 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:16.007208109 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:16.067085981 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:16.067188025 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:16.075866938 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:16.075927019 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:16.203851938 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:16.223395109 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:16.223529100 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:16.291162014 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:16.291388035 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:16.418822050 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:16.419023991 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:16.509906054 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:16.510001898 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:16.677419901 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:16.724716902 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:16.724807024 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:16.893963099 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:16.894047976 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:17.044013977 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:17.113526106 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:17.113648891 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:17.260303020 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:17.265436888 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:17.447202921 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:17.474889994 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:17.475109100 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:17.630244970 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:17.664230108 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:17.664428949 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:17.691076994 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:17.691328049 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:17.846877098 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:17.847161055 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:17.906146049 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:17.906362057 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:18.061824083 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:18.121263027 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:18.121361017 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:18.277807951 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:18.277916908 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:18.460644007 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:18.494117022 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:18.494335890 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:18.645054102 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:18.678731918 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:18.678843975 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:18.833365917 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:18.860745907 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:18.860837936 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:18.898565054 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:18.898832083 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:18.926392078 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:18.926470041 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:19.050228119 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:19.050347090 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:19.114037037 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:19.114164114 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:19.267487049 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:19.267651081 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:19.432075977 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:19.486299038 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:19.486394882 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:19.624648094 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:19.646828890 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:19.646956921 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:19.792057991 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:19.840213060 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:19.840356112 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:19.862238884 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:19.862328053 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:20.007668018 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:20.007890940 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:20.076353073 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:20.076446056 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:20.231424093 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:20.292490005 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:20.292736053 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:20.447921991 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:20.448008060 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:20.592984915 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:20.663142920 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:20.663343906 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:20.810537100 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:20.810632944 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:20.957748890 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:21.025980949 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:21.026128054 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:21.181220055 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:21.181312084 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:21.318089008 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:21.397053957 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:21.397186995 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:21.533071041 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:21.533229113 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:21.611468077 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:21.611561060 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:21.765886068 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:21.829827070 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:21.830101967 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:21.941546917 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:21.941762924 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:21.981313944 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:21.981544018 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:22.157768965 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:22.157860041 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:22.362804890 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:22.377077103 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:22.377223015 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:22.578155994 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:22.578291893 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:22.756690979 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:22.786529064 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:22.786653996 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:22.958777905 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:22.971683025 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:22.971930981 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:23.000720024 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:23.000988007 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:23.160610914 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:23.176014900 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:23.176238060 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:23.217767954 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:23.217884064 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:23.376069069 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:23.376329899 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:23.433043003 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:23.433357954 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:23.585181952 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:23.647186995 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:23.647383928 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:23.800643921 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:23.800874949 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:23.976357937 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:24.016901970 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:24.017018080 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:24.199258089 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:24.199371099 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:24.371656895 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:24.414479017 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:24.414589882 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:24.579952002 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:24.587788105 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:24.760457993 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:24.795922995 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:24.796118021 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:24.950536966 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:24.950719118 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:24.978305101 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:24.978517056 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:25.136470079 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:25.164464951 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:25.164555073 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:25.328653097 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:25.352166891 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:25.352238894 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:25.379036903 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:25.379097939 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:25.517501116 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:25.544212103 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:25.544306040 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:25.594021082 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:25.594115973 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:25.730861902 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:25.733386040 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:25.809089899 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:25.809211016 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:25.945552111 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:25.945663929 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:26.120780945 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:26.159918070 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:26.160018921 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:26.315738916 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:26.336370945 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:26.336452007 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:26.498359919 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:26.533710957 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:26.533819914 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:26.551448107 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:26.551536083 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:26.714066029 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:26.714194059 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:26.766808987 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:26.767122030 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:26.932418108 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:26.981828928 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:26.981951952 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:27.122150898 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:27.147496939 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:27.147651911 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:27.300575018 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:27.336590052 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:27.336693048 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:27.363409996 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:27.363468885 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:27.501172066 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:27.517102003 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:27.517189980 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:27.580926895 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:27.581027031 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:27.717461109 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:27.717619896 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:27.795958996 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:27.796030998 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:27.949496984 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:27.961596012 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:27.961720943 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:28.112493038 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:28.163739920 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:28.163909912 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:28.317631006 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:28.327558994 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:28.327641964 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:28.379914999 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:28.379997969 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:28.514395952 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:28.533302069 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:28.533401012 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:28.594966888 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:28.595073938 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:28.729479074 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:28.729604959 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:28.809272051 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:28.809376955 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:28.945085049 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:29.024697065 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:29.024873018 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:29.161201954 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:29.161390066 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:29.378199100 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:29.378308058 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:29.616300106 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:29.684792042 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:29.792901993 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:29.793122053 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:29.833374023 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:29.833586931 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:29.900228977 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:29.900330067 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:30.013829947 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:30.014096022 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:30.135555029 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:30.135646105 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:30.325262070 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:30.351701975 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:30.351921082 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:30.509171963 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:30.544095993 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:30.544370890 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:30.727406979 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:30.727627039 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:30.758049965 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:30.758131027 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:30.885370016 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:30.973186016 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:30.973289013 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:31.100786924 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:31.100894928 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:31.153561115 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:31.198256969 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:31.198334932 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:31.364248037 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:31.377815008 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:31.377881050 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:31.413836956 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:31.413899899 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:31.571984053 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:31.580945015 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:31.629056931 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:31.629148960 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:31.788290024 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:31.788513899 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:31.971438885 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:32.020536900 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:32.020628929 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:32.187932968 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:32.188165903 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:32.410640955 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:32.419014931 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:32.566009998 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:32.628367901 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:32.628488064 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:32.801544905 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:32.801740885 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:32.943615913 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:33.017720938 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:33.017981052 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:33.160445929 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:33.160547018 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:33.342427969 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:33.376668930 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:33.376740932 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:33.527961016 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:33.558712006 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:33.558861017 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:33.725071907 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:33.742397070 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:33.742511034 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:33.773097992 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:33.773297071 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:33.939682007 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:33.939872026 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:33.983479023 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:33.983591080 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:34.132522106 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:34.161580086 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:34.161829948 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:34.301676989 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:34.347840071 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:34.348047018 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:34.376420975 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:34.376496077 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:34.520606995 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:34.520734072 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:34.591073036 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:34.591325998 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:34.750489950 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:34.813391924 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:34.813509941 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:34.963463068 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:34.966939926 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:35.143764019 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:35.177766085 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:35.177851915 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:35.320806980 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:35.359235048 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:35.359299898 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:35.391954899 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:35.392045021 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:35.531140089 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:35.536629915 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:35.607325077 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:35.607511044 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:35.748655081 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:35.748970985 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:35.903398037 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:35.966356039 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:35.966495037 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:36.107803106 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:36.118650913 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:36.118774891 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:36.277002096 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:36.324736118 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:36.324834108 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:36.333667040 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:36.492229939 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:36.492463112 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:36.639051914 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:36.710577011 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:36.710674047 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:36.854732037 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:36.854813099 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:36.994179010 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:36.994266987 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:37.168653011 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:37.209541082 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:37.209649086 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:37.372590065 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:37.387681961 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:37.387898922 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:37.552892923 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:37.588073015 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:37.588196993 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:37.604103088 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:37.604279041 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:37.768315077 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:37.770382881 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:37.819258928 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:37.819423914 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:37.985779047 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:37.985877991 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:38.137245893 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:38.199779034 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:38.199871063 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:38.354892969 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:38.355192900 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:38.557312965 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:38.571528912 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:38.750427961 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:38.773876905 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:38.773962975 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:38.919003963 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:38.965996981 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:38.966094971 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:38.988914013 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:38.988990068 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:39.138257980 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:39.138452053 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:39.202996969 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:39.203099012 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:39.355254889 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:39.420346975 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:39.420547962 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:39.569899082 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:39.570099115 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:39.755526066 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:39.787863970 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:39.787961006 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:39.972346067 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:39.972528934 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:40.007215977 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:40.007296085 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:40.188476086 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:40.188477039 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:40.383543968 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:40.405850887 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:40.406199932 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:40.597994089 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:40.598078012 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:40.641849995 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:40.641912937 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:40.857211113 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:40.857317924 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:40.992636919 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:41.139558077 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:41.169133902 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:41.208734989 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:41.208863974 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:41.355407000 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:41.355525970 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:41.385186911 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:41.423022032 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:41.423106909 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:41.561486959 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:41.636434078 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:41.636554003 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:41.777745962 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:41.777868986 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:41.994786978 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:41.994925022 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:42.165749073 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:42.309765100 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:42.382483006 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:42.382671118 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:42.524974108 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:42.525125027 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:42.598587990 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:42.598644972 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:42.740067959 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:42.740147114 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:42.902656078 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:42.972352982 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:42.972604990 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:43.014029026 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:43.014117956 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:43.121229887 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:43.121344090 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:43.229300022 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:43.229427099 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:43.362292051 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:43.444817066 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:43.444958925 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:43.582658052 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:43.742134094 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:43.743632078 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:43.912496090 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:43.924880028 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:43.925000906 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:43.925831079 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:43.957616091 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:43.957828045 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:44.129096985 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:44.129261971 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:44.172034979 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:44.172131062 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:44.310180902 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:44.387053013 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:44.387171030 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:44.525568008 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:44.525655031 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:44.672950983 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:44.742847919 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:44.742980003 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:44.888541937 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:44.888659000 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:45.083120108 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:45.103468895 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:45.103710890 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:45.298043013 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:45.298183918 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:45.532789946 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:45.561758995 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:45.562002897 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:45.748032093 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:45.748147011 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:45.913096905 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:45.962359905 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:45.962471008 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:46.028168917 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:46.028415918 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:46.128696918 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:46.128803968 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:46.245507956 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:46.245778084 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:46.404261112 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:46.472485065 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:46.472594023 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:46.620031118 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:46.620167017 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:46.758974075 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:46.835129976 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:46.835319042 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:46.974558115 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:46.974689007 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:47.107863903 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:47.189996958 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:47.190115929 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:47.323599100 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:47.323707104 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:47.489787102 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:47.541678905 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:47.541887999 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:47.711997032 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:47.712014914 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:47.880515099 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:47.927122116 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:47.927258968 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:48.095674038 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:48.095777035 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:48.142299891 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:48.142349958 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:48.311983109 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:48.357748032 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:48.357850075 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:48.510693073 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:48.527978897 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:48.528160095 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:48.729661942 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:48.733263969 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:48.759044886 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:48.759115934 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:48.946510077 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:48.946624041 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:49.039329052 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:49.039433002 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:49.206125975 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:49.253348112 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:49.253458977 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:49.422972918 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:49.423194885 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:49.583086014 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:49.638909101 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:49.639022112 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:49.759057045 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:49.797209978 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:49.797410965 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:49.949353933 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:49.974674940 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:49.974761009 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:50.017386913 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:50.017455101 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:50.156601906 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:50.163836002 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:50.163934946 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:50.238656998 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:50.238893986 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:50.371448040 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:50.371541977 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:50.452996969 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:50.453087091 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:50.586827040 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:50.668315887 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:50.668421030 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:50.802864075 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:50.802968979 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:50.944298983 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:51.019917965 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:51.020019054 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:51.159380913 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:51.159504890 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:51.339170933 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:51.374361038 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:51.374651909 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:51.526777029 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:51.555063963 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:51.555273056 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:51.742258072 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:51.742492914 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:51.769854069 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:51.769942999 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:51.929507971 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:51.984066010 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:51.984165907 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:52.049990892 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:52.050225973 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:52.146876097 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:52.147001982 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:52.265398979 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:52.265584946 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:52.407156944 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:52.481409073 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:52.481576920 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:52.611644983 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:52.623970032 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:52.624052048 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:52.759907961 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:52.827384949 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:52.827508926 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:52.839109898 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:52.839174986 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:52.964914083 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:52.974667072 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:52.974745989 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:53.055500031 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:53.055629969 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:53.175812960 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:53.180933952 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:53.271564007 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:53.271656990 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:53.392151117 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:53.392225981 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:53.574148893 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:53.607351065 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:53.607466936 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:53.770184040 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:53.788599014 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:53.788742065 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:53.918612003 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:53.986977100 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:53.987068892 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:54.004003048 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:54.004060984 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:54.135628939 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:54.135742903 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:54.219099998 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:54.219276905 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:54.412517071 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:54.437259912 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:54.437366009 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:54.604312897 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:54.638559103 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:54.638727903 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:54.784276009 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:54.820080996 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:54.820238113 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:54.855835915 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:54.855901957 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:54.997267962 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:55.018548965 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:55.018627882 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:55.059149981 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:55.059263945 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:55.211283922 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:55.212460041 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:55.233531952 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:55.233587027 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:55.368489981 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:55.440356970 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:55.440458059 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:55.447468042 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:55.571860075 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:55.588040113 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:55.588157892 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:55.716012955 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:55.821441889 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:55.821675062 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:55.823230028 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:55.939445019 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:55.950584888 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:55.950665951 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:56.087938070 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:56.187052011 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:56.187133074 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:56.188931942 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:56.188982010 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:56.305449963 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:56.305537939 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:56.407102108 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:56.407161951 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:56.544881105 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:56.624330044 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:56.624434948 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:56.760796070 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:56.760865927 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:56.899971008 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:56.977235079 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:56.977448940 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:57.117541075 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:57.117717981 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:57.268961906 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:57.333581924 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:57.333697081 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:57.525216103 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:57.638025045 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:57.940558910 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:57.940675974 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:57.946136951 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:57.953438044 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:57.953553915 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:57.955550909 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:57.955605030 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:58.072981119 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:58.075108051 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:58.122201920 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:58.160692930 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:58.164611101 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:58.164697886 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:58.164697886 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:58.168545961 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:58.168603897 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:58.171442032 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:58.288451910 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:58.288599968 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:58.384953976 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:58.385044098 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:58.503418922 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:58.503731012 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:58.665007114 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:58.809868097 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:58.870759010 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:58.870928049 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:58.963922977 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:58.964060068 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:59.024524927 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:59.088359118 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:59.088382006 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:59.088509083 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:59.179081917 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:59.179192066 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:59.358046055 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:59.397001028 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:59.397113085 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:59.531820059 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:59.574651957 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:59.574774027 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:59.729979992 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:59.751818895 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:20:59.751930952 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:20:59.872275114 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:00.020936966 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:00.059710026 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:00.100714922 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:00.100775003 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:00.113379002 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:00.113461018 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:00.116394997 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:00.116465092 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:00.240108967 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:00.242314100 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:00.274907112 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:00.278114080 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:00.315727949 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:00.329860926 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:00.334752083 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:00.336697102 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:00.336788893 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:00.425615072 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:00.493176937 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:00.494136095 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:00.551888943 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:00.554064035 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:00.641551971 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:00.642220020 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:00.754183054 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:00.754410982 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:00.881207943 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:00.923960924 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:00.926306009 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:01.072460890 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:01.079322100 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:01.082079887 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:01.096849918 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:01.098278046 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:01.215430021 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:01.289268017 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:01.289344072 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:01.297089100 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:01.436759949 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:01.436877012 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:01.504419088 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:01.504515886 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:01.663570881 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:01.718822002 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:01.718952894 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:01.857352972 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:01.883966923 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:01.884042025 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:02.074520111 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:02.074666023 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:02.100845098 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:02.100919962 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:02.305733919 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:02.316412926 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:02.316560030 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:02.523711920 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:02.523849010 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:02.725868940 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:02.725982904 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:02.922894955 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:02.937464952 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:02.937563896 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:03.137324095 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:03.137567043 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:03.139179945 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:03.297878027 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:03.347773075 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:03.347829103 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:03.516036034 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:03.516143084 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:03.561821938 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:03.561922073 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:03.778155088 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:03.778285980 CET	49741	10000	192.168.2.4	160.176.152.91
Mar 29, 2024 03:21:04.091834068 CET	10000	49741	160.176.152.91	192.168.2.4
Mar 29, 2024 03:21:04.137793064 CET	49741	10000	192.168.2.4	160.176.152.91

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 29, 2024 03:17:20.699584961 CET	51770	53	192.168.2.4	1.1.1.1
Mar 29, 2024 03:17:20.824701071 CET	53	51770	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 29, 2024 03:17:20.699584961 CET	192.168.2.4	1.1.1.1	0xb3a6	Standard query (0)	doddyfire.linkpc.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 29, 2024 03:17:20.824701071 CET	1.1.1.1	192.168.2.4	0xb3a6	No error (0)	doddyfire.linkpc.net		160.176.152.91	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	03:16:56
Start date:	29/03/2024
Path:	C:\Users\user\Desktop\TBYtld7aq2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\TBYtld7aq2.exe"
Imagebase:	0x200000
File size:	115'296 bytes
MD5 hash:	39CA93F7EC603D931BE5B07A4D0AE682
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	03:17:05
Start date:	29/03/2024
Path:	C:\Users\user\AppData\Roaming\confuse\chargeable.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\confuse\chargeable.exe"
Imagebase:	0x9e0000
File size:	115'360 bytes
MD5 hash:	C5489DB83F5E2865111EFCAB5001DA7B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000002.00000002.1750581872.0000000003081000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000002.00000002.1750581872.0000000003081000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: njrat1, Description: Identify njRat, Source: 00000002.00000002.1750581872.0000000003081000.00000004.00000800.00020000.00000000.sdmp, Author: Brian Wallace @botnet_hunter Rule: Njrat, Description: detect njRAT in memory, Source: 00000002.00000002.1750581872.0000000003081000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	03:17:08
Start date:	29/03/2024
Path:	C:\Users\user\AppData\Roaming\confuse\chargeable.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\confuse\chargeable.exe
Imagebase:	0xfe0000
File size:	115'360 bytes
MD5 hash:	C5489DB83F5E2865111EFCAB5001DA7B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000003.00000002.4091677933.00000000035A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	03:17:12
Start date:	29/03/2024
Path:	C:\Users\user\AppData\Roaming\confuse\chargeable.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\confuse\chargeable.exe"
Imagebase:	0xf00000
File size:	115'360 bytes
MD5 hash:	C5489DB83F5E2865111EFCAB5001DA7B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	03:17:16
Start date:	29/03/2024
Path:	C:\Users\user\AppData\Roaming\confuse\chargeable.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\confuse\chargeable.exe
Imagebase:	0x240000
File size:	115'360 bytes
MD5 hash:	C5489DB83F5E2865111EFCAB5001DA7B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	03:17:16
Start date:	29/03/2024
Path:	C:\Users\user\AppData\Roaming\confuse\chargeable.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\confuse\chargeable.exe
Imagebase:	0x250000
File size:	115'360 bytes
MD5 hash:	C5489DB83F5E2865111EFCAB5001DA7B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	03:17:16
Start date:	29/03/2024
Path:	C:\Users\user\AppData\Roaming\confuse\chargeable.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\confuse\chargeable.exe
Imagebase:	0x330000
File size:	115'360 bytes
MD5 hash:	C5489DB83F5E2865111EFCAB5001DA7B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	03:17:16
Start date:	29/03/2024
Path:	C:\Users\user\AppData\Roaming\confuse\chargeable.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\confuse\chargeable.exe
Imagebase:	0x790000
File size:	115'360 bytes
MD5 hash:	C5489DB83F5E2865111EFCAB5001DA7B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000009.00000002.1875658263.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000009.00000002.1875658263.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: njrat1, Description: Identify njRat, Source: 00000009.00000002.1875658263.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Brian Wallace @botnet_hunter Rule: Njrat, Description: detect njRAT in memory, Source: 00000009.00000002.1875658263.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	03:17:16
Start date:	29/03/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 80
Imagebase:	0x5a0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	03:17:16
Start date:	29/03/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 12
Imagebase:	0x5a0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	03:17:16
Start date:	29/03/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 72
Imagebase:	0x5a0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	03:17:17
Start date:	29/03/2024
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\confuse\chargeable.exe" "chargeable.exe" ENABLE
Imagebase:	0x1560000
File size:	82'432 bytes
MD5 hash:	4E89A1A088BE715D6C946E55AB07C7DF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	03:17:17
Start date:	29/03/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	03:17:29
Start date:	29/03/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 20
Imagebase:	0x5a0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	19.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	90
Total number of Limit Nodes:	3

Executed Functions

Function 04DA00D0 Relevance: 9.1, Instructions: 9147
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1717300161.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4da0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 261385402ba36d30636599dc62cfffbd4743745303fe20813c2b53e5a10d642a
Instruction ID: 97a08ba3d4d6bee836b08656e3e36fbcd257ef8ed5e498873987dc620a01fbe3
Opcode Fuzzy Hash: 261385402ba36d30636599dc62cfffbd4743745303fe20813c2b53e5a10d642a
Instruction Fuzzy Hash: F5143734A00704CFD765DB34C894B9AB7B2BF8A304F5148A8D54AAB7A1DF36AE45CF41

Uniqueness

Uniqueness Score: -1.00%

Function 04DA00E0 Relevance: 9.1, Instructions: 9140
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1717300161.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4da0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b3156c5e2ca07775f37c45c9e86de829227fdd8d23341399388690641e7a58a
Instruction ID: 3e8ee81e392e8fffd9898f8ab37d2a940a8c321cbd7acbf8e98923566f0e281a
Opcode Fuzzy Hash: 8b3156c5e2ca07775f37c45c9e86de829227fdd8d23341399388690641e7a58a
Instruction Fuzzy Hash: 7C143734A00704CFD765DB34C894B9AB7B2BF8A304F5148A8D54AAB7A1DF36AE45CF41

Uniqueness

Uniqueness Score: -1.00%

Function 04DA98A0 Relevance: 2.7, Instructions: 2693
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1717300161.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4da0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83d45b5addb7f13a68e445a7bc455467a5372e0a6953a456e8c31ce2759b6909
Instruction ID: 3434ab76f4243883ddb5b5bc21470216436ce79fbc2886f277b7266da9ea9d35
Opcode Fuzzy Hash: 83d45b5addb7f13a68e445a7bc455467a5372e0a6953a456e8c31ce2759b6909
Instruction Fuzzy Hash: 2033B5A630DD369B8519BFB5E59142F7B73AB88658314C345CD020B398CF38AF8297D6

Uniqueness

Uniqueness Score: -1.00%

Function 008FAC22 Relevance: 1.6, APIs: 1, Instructions: 92
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 008FACD1

Memory Dump Source

Source File: 00000000.00000002.1716703487.00000000008FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8fa000_TBYtld7aq2.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 4ddac72a697e0d3dfb937187c9fb560cfb793c752873ad124071609bcef44a63
Instruction ID: 5970f712a39d5281f8498295b9747d2ca1baa7dcef5ebd385a6635a457b01033
Opcode Fuzzy Hash: 4ddac72a697e0d3dfb937187c9fb560cfb793c752873ad124071609bcef44a63
Instruction Fuzzy Hash: F231B6B1404384AFE7228B21DC45FA7BFBCEF15310F08849AE9858B652D265E909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 06180B60 Relevance: 1.6, APIs: 1, Instructions: 92
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 06180C05

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 3ad217c27fd73fe2f447af2fbca2bbdaf0012a3478d55453d97bd852c225e667
Instruction ID: 8a78d804cd746300c2a543c58991a21db9a362808002b0c58142490afe05f266
Opcode Fuzzy Hash: 3ad217c27fd73fe2f447af2fbca2bbdaf0012a3478d55453d97bd852c225e667
Instruction Fuzzy Hash: 8231AF71505344AFE722CF25DC44F66BFE8EF09224F08849EE9858B652D375E809DB71

Uniqueness

Uniqueness Score: -1.00%

Function 008FAD19 Relevance: 1.6, APIs: 1, Instructions: 89
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,1CA46FAE,00000000,00000000,00000000,00000000), ref: 008FADD4

Memory Dump Source

Source File: 00000000.00000002.1716703487.00000000008FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8fa000_TBYtld7aq2.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: d3dece0f7527766e56bb2448e37afb0e1bd3748a781f15b168fa588c18f074ac
Instruction ID: b2ef6c0e4660f1fbd965bd83c9bad9568db0a5df8bcb1fac7808881ab6c73349
Opcode Fuzzy Hash: d3dece0f7527766e56bb2448e37afb0e1bd3748a781f15b168fa588c18f074ac
Instruction Fuzzy Hash: 9731A1B55083845FD722CB21CC44FA2BFB8EF06320F08849AE989CB653D264E908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 06180F83 Relevance: 1.6, APIs: 1, Instructions: 81
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,1CA46FAE,00000000,00000000,00000000,00000000), ref: 06181030

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 4596692c6bd446ea1bc2c827ae595d1eff978a443444c9695fccefbe9cca909a
Instruction ID: 6ccc22b8e1b1f443d0d38344feb06acadf0aed5c3f50f77b198f9b02a502c148
Opcode Fuzzy Hash: 4596692c6bd446ea1bc2c827ae595d1eff978a443444c9695fccefbe9cca909a
Instruction Fuzzy Hash: BB21A2B25087806FE722CB11DC45F93BFB8AF16314F08859AE9859B693D364E909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 008FA2AC Relevance: 1.6, APIs: 1, Instructions: 78
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?,00000E24,?,?), ref: 008FA346

Memory Dump Source

Source File: 00000000.00000002.1716703487.00000000008FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8fa000_TBYtld7aq2.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 04260c08091c09b4e805102b6c6411cab1df33945b39db4e8f2f54edc15cd142
Instruction ID: 31889aefd715c628c148b404a9782adbad72c6c6d7dee9121a97dc88cb25c15a
Opcode Fuzzy Hash: 04260c08091c09b4e805102b6c6411cab1df33945b39db4e8f2f54edc15cd142
Instruction Fuzzy Hash: 6D21A77150D3C06FD3138B259C51B62BFB8EF47620F0941DBE884DB693D265A919C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 06180B86 Relevance: 1.6, APIs: 1, Instructions: 76
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 06180C05

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: e1b360963d676f37738727d5755e278f4f9c2ec3a07918827728a9307208b254
Instruction ID: 8e764cae308fb9c688d26d6d08b038f56dbf44a7edbb39bbfb24b85441d46987
Opcode Fuzzy Hash: e1b360963d676f37738727d5755e278f4f9c2ec3a07918827728a9307208b254
Instruction Fuzzy Hash: 6321B075500204AFEB21DF25CD85F66FBE8EF08224F08886DE9858B756D375E408CB71

Uniqueness

Uniqueness Score: -1.00%

Function 008FAC52 Relevance: 1.6, APIs: 1, Instructions: 74
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 008FACD1

Memory Dump Source

Source File: 00000000.00000002.1716703487.00000000008FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8fa000_TBYtld7aq2.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 29d2d53a744b3e28b83bcf31ef7bd9a4b3a00e5014f0da26d39f8929b7183827
Instruction ID: 575c4603106251148abb2b4cf64077348bd6304103ddf947d3873ec87be60a01
Opcode Fuzzy Hash: 29d2d53a744b3e28b83bcf31ef7bd9a4b3a00e5014f0da26d39f8929b7183827
Instruction Fuzzy Hash: CB2192B2500204AFE7219F65DC44FBBF7ACEF14324F04846AEA45DA655D774E9088AB2

Uniqueness

Uniqueness Score: -1.00%

Function 06180D17 Relevance: 1.6, APIs: 1, Instructions: 73
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,00000E24,1CA46FAE,00000000,00000000,00000000,00000000), ref: 06180D9D

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: ebbb1a55a377bec7ffcbe0d3760449d58e0ef536c29c38fc4be7f4a71d65b7d9
Instruction ID: 356d68e76760b5887b362bde51a8b96f5295d3eaeb9a7ee26a5eff0b9a33b1f2
Opcode Fuzzy Hash: ebbb1a55a377bec7ffcbe0d3760449d58e0ef536c29c38fc4be7f4a71d65b7d9
Instruction Fuzzy Hash: 6021E7B54093846FE7128B51DC44FA2BFB8DF57314F0880DBE9848B693D268A909D771

Uniqueness

Uniqueness Score: -1.00%

Function 06180431 Relevance: 1.6, APIs: 1, Instructions: 71
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DrawTextExW.USER32(?,?,?,?,?,?), ref: 061804B3

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: 3306ea7bb3e6ee3ac1771a4fc171600aeb8058761dd1eb82c64140a8f2911504
Instruction ID: f88fc1d98a42bc2eeded0a70ebd1ce6ed0da2a670f06682a34dd8ac94731d9ce
Opcode Fuzzy Hash: 3306ea7bb3e6ee3ac1771a4fc171600aeb8058761dd1eb82c64140a8f2911504
Instruction Fuzzy Hash: D42181715083849FDB22CF25DC44B62BFF4EF4A310F09889AE9848B662D375E908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 06180EBA Relevance: 1.6, APIs: 1, Instructions: 70
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE(?,00000E24,1CA46FAE,00000000,00000000,00000000,00000000), ref: 06180F39

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 242f95883ea8cf662ebadea497a525371f3d2daff5e23cc53f6acbcd845cbd89
Instruction ID: 38204ee26563dff44ebaafd477dab936b3cf2b11f68090d6b7e9acf442a4356b
Opcode Fuzzy Hash: 242f95883ea8cf662ebadea497a525371f3d2daff5e23cc53f6acbcd845cbd89
Instruction Fuzzy Hash: 7921A171409384AFDB22CF51DC44F97BFB8EF59310F08849AE9849B656C375A508CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 008FAD5A Relevance: 1.6, APIs: 1, Instructions: 69
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,1CA46FAE,00000000,00000000,00000000,00000000), ref: 008FADD4

Memory Dump Source

Source File: 00000000.00000002.1716703487.00000000008FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8fa000_TBYtld7aq2.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 6031f6f9368a39bf5535a96eb8568ff9dc7b03d840c601486a4ff2262ae9a5f6
Instruction ID: b819a44858fbdacbcc45fa642abd5f58ae1d32906c6ec75dcff0bc1ed32e02a9
Opcode Fuzzy Hash: 6031f6f9368a39bf5535a96eb8568ff9dc7b03d840c601486a4ff2262ae9a5f6
Instruction Fuzzy Hash: A521A4B55002089FE721DF25CC84FA6B7ECEF14720F048455E949DB655D774E808CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 008FBAB4 Relevance: 1.6, APIs: 1, Instructions: 68
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNELBASE(?), ref: 008FBB2C

Memory Dump Source

Source File: 00000000.00000002.1716703487.00000000008FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8fa000_TBYtld7aq2.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 02163af09aad5127764115d6553e976d601b0fa3d707cb82f45aef573972eee7
Instruction ID: 14936d70829d2c29312e70e73bd2b03a5c854c99fa7795cb64f64a06fde9cdd4
Opcode Fuzzy Hash: 02163af09aad5127764115d6553e976d601b0fa3d707cb82f45aef573972eee7
Instruction Fuzzy Hash: 182149715093C45FDB128B25DC94B92BFB8EF06324F0984DAE9848F667D264A908CB72

Uniqueness

Uniqueness Score: -1.00%

Function 008FB42D Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 008FB4A9

Memory Dump Source

Source File: 00000000.00000002.1716703487.00000000008FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8fa000_TBYtld7aq2.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 68a05e332f514262521d3bee09704e08c876366f50d11ff03c05d56732b686b9
Instruction ID: 3a82cbe7cd378ce82774934b75793dec4219d4e3b25bd421032cb5f77da71406
Opcode Fuzzy Hash: 68a05e332f514262521d3bee09704e08c876366f50d11ff03c05d56732b686b9
Instruction Fuzzy Hash: 4E218EB15093849FDB228E25DD45B62BFF8EF16714F09848AE984CB293D365E808CB71

Uniqueness

Uniqueness Score: -1.00%

Function 06180FBE Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E24,1CA46FAE,00000000,00000000,00000000,00000000), ref: 06181030

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: f8cfed07929628f0857f9037c067bea2c0b0c963e52509451668345ff06885af
Instruction ID: 9505bb8caf0fd76d034a681fa8329b8cfc77a18660ef5092eea4a47e31aa2aa1
Opcode Fuzzy Hash: f8cfed07929628f0857f9037c067bea2c0b0c963e52509451668345ff06885af
Instruction Fuzzy Hash: A411EBB2A00200AFEB319E11DC41FA7BBE8EF04210F08886AE945DA742D374E419CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 06181078 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(?,?), ref: 061810E3

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 8e98c59b4a99719f9a8509b1e527d40b696d2019e89cf40ad1d1941a7d951a58
Instruction ID: 22f9943d43aa4d4e88548c8cd024f0f4d0df08b5a981e3b7c9fe3cb00490fee6
Opcode Fuzzy Hash: 8e98c59b4a99719f9a8509b1e527d40b696d2019e89cf40ad1d1941a7d951a58
Instruction Fuzzy Hash: 9B2193715082C09FDB11CB25DC55B92BFB8EF46210F0D84DAE985CB262D275A815CB61

Uniqueness

Uniqueness Score: -1.00%

Function 008FBC4B Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 008FBCBF

Memory Dump Source

Source File: 00000000.00000002.1716703487.00000000008FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8fa000_TBYtld7aq2.jbxd

Similarity

API ID: FileInfoSizeVersion
String ID:
API String ID: 1661704012-0
Opcode ID: 7960b93d4a6ad4a34b8c69a83371b8f43c94c76f839aadcba829979d41bd688a
Instruction ID: 3fa407513317ada7e190b17fcc6b21756f3d58e5d6166bc223554d0032f5ec74
Opcode Fuzzy Hash: 7960b93d4a6ad4a34b8c69a83371b8f43c94c76f839aadcba829979d41bd688a
Instruction Fuzzy Hash: 24218EB15093849FEB12CB25DC45B52BFB8EF06310F0984DAE9848F263D274A909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 06180007 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

VerLanguageNameW.KERNELBASE(?,00000E24,?,?), ref: 06180082

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: LanguageName
String ID:
API String ID: 2060303382-0
Opcode ID: 03206e66ae38178bae22a382ba1f8addc9206456bf1b62ccf02cdbb669058d65
Instruction ID: 54a2dd444e376c90e7c689c89db6cfbcd30496981eb294d969e0c40becabbfa5
Opcode Fuzzy Hash: 03206e66ae38178bae22a382ba1f8addc9206456bf1b62ccf02cdbb669058d65
Instruction Fuzzy Hash: 4411B271545340AFD3118B15CC41F73BFF8EF86620F05819AEC489BA52D278B925CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 06180AA4 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 06180B0B

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 527c261dc23f44c8dcabd691b70703b83865a6bbd66677754de867445ed3a215
Instruction ID: 450718e0153b6a026153606056c32093ada8d206f37364104bab3ee3c2b52518
Opcode Fuzzy Hash: 527c261dc23f44c8dcabd691b70703b83865a6bbd66677754de867445ed3a215
Instruction Fuzzy Hash: D91181716043849FDB21CF25DC85B56BFE8EF4A220F0984AAE949CB252D374E908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 06181325 Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 06181399

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: cdf0b5580786de5cd7411154451eec54760800dbe5608c57db6057f99041d704
Instruction ID: dca5f7ec6eaf65cb1e70f4249229861d2bb8279dbbe28332216ba574c2c3a7e3
Opcode Fuzzy Hash: cdf0b5580786de5cd7411154451eec54760800dbe5608c57db6057f99041d704
Instruction Fuzzy Hash: CF21907150D3C0AFDB238F25CC45A52BFB4EF17220F0984DAE9848F663D265A818DB62

Uniqueness

Uniqueness Score: -1.00%

Function 008FA5FB Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 008FA666

Memory Dump Source

Source File: 00000000.00000002.1716703487.00000000008FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8fa000_TBYtld7aq2.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 44296101269459ada552780013c04e40e44f1310248b8b256b09775e63e1c1db
Instruction ID: 7557537a9b8630e7fd21bc0fe41800d24b287a89fc5ccd934b939cecb2d25721
Opcode Fuzzy Hash: 44296101269459ada552780013c04e40e44f1310248b8b256b09775e63e1c1db
Instruction Fuzzy Hash: 8D11B471409380AFDB228F50DC44A62FFF4EF4A320F0888DAED858B562D275A818DB71

Uniqueness

Uniqueness Score: -1.00%

Function 06180EDA Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E24,1CA46FAE,00000000,00000000,00000000,00000000), ref: 06180F39

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 95cfacda6eaeabc48d9b0037a45bb82f6d385e6ca1d5e39468be27248e46cb48
Instruction ID: c60e17334ecd3a789209cce93a721cc4321207defa4411c0e2566e2af5be495a
Opcode Fuzzy Hash: 95cfacda6eaeabc48d9b0037a45bb82f6d385e6ca1d5e39468be27248e46cb48
Instruction Fuzzy Hash: A1110172500204AFEB21DF50DC44FA6FBE8EF18720F04C86AE9849B655C375E408CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 061811E4 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(?), ref: 06181240

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: ExecuteShell
String ID:
API String ID: 587946157-0
Opcode ID: cafc1070c7b75e6048c3a6b70777dc51d5f16058d29386717416e87ffea35387
Instruction ID: 23618bb34dfbb7e6faaa6811c8fe3d77bd0656070d5f4fd7d76964df4db78758
Opcode Fuzzy Hash: cafc1070c7b75e6048c3a6b70777dc51d5f16058d29386717416e87ffea35387
Instruction Fuzzy Hash: 061163715093809FDB12CB25DC55B52BFB8DF46220F0884EAED45CB652D274A908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 008FBD10 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

GetFileVersionInfoW.KERNELBASE(?,?,?,?), ref: 008FBD75

Memory Dump Source

Source File: 00000000.00000002.1716703487.00000000008FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8fa000_TBYtld7aq2.jbxd

Similarity

API ID: FileInfoVersion
String ID:
API String ID: 2427832333-0
Opcode ID: 606c4a2403d819f6b7b05a9c7beb1da2d5f50dbc04c6b98b448196c3db09ac10
Instruction ID: 6361b32e8ea8750e4aefacc525441433389658d08341405ebe5c79bfab0f4137
Opcode Fuzzy Hash: 606c4a2403d819f6b7b05a9c7beb1da2d5f50dbc04c6b98b448196c3db09ac10
Instruction Fuzzy Hash: AD119371504344AFDB228B15DC45B62FFB8EF55710F09809EED858B652D261A818CB71

Uniqueness

Uniqueness Score: -1.00%

Function 061816B7 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 06181721

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: cc8ceec699f530db62c6d31e76a50eb117f26eb09b7bb3b161d6912320b12534
Instruction ID: ead703f5e7921d1c28361f63b9ea5061ebac47baed270fc7b031863dfc5a0487
Opcode Fuzzy Hash: cc8ceec699f530db62c6d31e76a50eb117f26eb09b7bb3b161d6912320b12534
Instruction Fuzzy Hash: 9211DD72408380AFDB228F15DC45B52FFB4EF06320F08849EED858B6A3C275A818DB61

Uniqueness

Uniqueness Score: -1.00%

Function 06180D4A Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,1CA46FAE,00000000,00000000,00000000,00000000), ref: 06180D9D

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: f424008c49f395b3c3a9e758c088d489db16a84137d6fee1b89c12a85bffd095
Instruction ID: 781e450b6f4f8b2677511b03d7948aacb806961296389990a77bc0993cc4d6d8
Opcode Fuzzy Hash: f424008c49f395b3c3a9e758c088d489db16a84137d6fee1b89c12a85bffd095
Instruction Fuzzy Hash: 6201C075514204AEEB20DB05DC84FA6BBA8DF58725F08C4A6ED449B745D778F40CCAB1

Uniqueness

Uniqueness Score: -1.00%

Function 06180AC6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 06180B0B

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: b46f2621233dbdfba1d5ff001bcd0ac68dab4362dbddccfdeeca603e98334d05
Instruction ID: 3e020a9f6d678114181211105785efd6bc024fff14d3ea260e1171993fca5dc8
Opcode Fuzzy Hash: b46f2621233dbdfba1d5ff001bcd0ac68dab4362dbddccfdeeca603e98334d05
Instruction Fuzzy Hash: FB118E75A002448FEB60DF19D884B66FBE8EF08225F08C4AAED49CB651D374E908CE61

Uniqueness

Uniqueness Score: -1.00%

Function 06180462 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

DrawTextExW.USER32(?,?,?,?,?,?), ref: 061804B3

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: ce38970a6c414ac529bc00c6b3e602728878bee32ed8c5c6bc477d957d124de2
Instruction ID: d2f6219acb3672c52448899674cdcd82a275dd18e0e92a62fd65d2f0b515efe1
Opcode Fuzzy Hash: ce38970a6c414ac529bc00c6b3e602728878bee32ed8c5c6bc477d957d124de2
Instruction Fuzzy Hash: 34115E719042089FEB60DF15D944B66FBE8EF58221F08886AED458B652D375E408CFB1

Uniqueness

Uniqueness Score: -1.00%

Function 008FA42A Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 008FA480

Memory Dump Source

Source File: 00000000.00000002.1716703487.00000000008FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8fa000_TBYtld7aq2.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 9bfb721834153b537de4ebea373c7fe342eacac2754ded7f092f4921bf9af679
Instruction ID: 211286eedf4dd26a4c29d3ba0e272a1fa487d3e58e086fd5328ba768b4463fe3
Opcode Fuzzy Hash: 9bfb721834153b537de4ebea373c7fe342eacac2754ded7f092f4921bf9af679
Instruction Fuzzy Hash: F601D6B1408384AFDB12CF15DC44B62FFB8EF46320F0880DAED848B252D275A808DB72

Uniqueness

Uniqueness Score: -1.00%

Function 061810A6 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(?,?), ref: 061810E3

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 6d519367548c64b5e3eff1c6d8583af8a93080ac46f17b7487aba462010a03af
Instruction ID: c6b7173e9750ca9aebedf8cd91e7fdfa88157437d9726f706aa29e01b34dac07
Opcode Fuzzy Hash: 6d519367548c64b5e3eff1c6d8583af8a93080ac46f17b7487aba462010a03af
Instruction Fuzzy Hash: 15019272A042459FEB50DF29DD86766FBE4EF04220F0884AADC49DB756D378E418CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 06181206 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(?), ref: 06181240

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: ExecuteShell
String ID:
API String ID: 587946157-0
Opcode ID: 353861553a4debdb4a41458e490f8f38e0c5025ef7f3fcd79279f2e4ca77cd47
Instruction ID: a62aee6efbc822d9e24eb33f2aaa508364ac7ade46d040d3da27f5b0f73bd3a4
Opcode Fuzzy Hash: 353861553a4debdb4a41458e490f8f38e0c5025ef7f3fcd79279f2e4ca77cd47
Instruction Fuzzy Hash: 99018072A002019FEB50DF29D9857A6FBE8EF45220F18C4AAED49CF655D378E408CE61

Uniqueness

Uniqueness Score: -1.00%

Function 008FBD32 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

GetFileVersionInfoW.KERNELBASE(?,?,?,?), ref: 008FBD75

Memory Dump Source

Source File: 00000000.00000002.1716703487.00000000008FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8fa000_TBYtld7aq2.jbxd

Similarity

API ID: FileInfoVersion
String ID:
API String ID: 2427832333-0
Opcode ID: 3131782748a008510ed571360faed324edacab206a17dfb707152a8ad0405586
Instruction ID: a5ede05f07281a3a77dd3a6668fba4ec776143b07f6e004a9fc4d29c7f7c0fcc
Opcode Fuzzy Hash: 3131782748a008510ed571360faed324edacab206a17dfb707152a8ad0405586
Instruction Fuzzy Hash: 7A0180715046089FDB219F25D944B66FBE4EF04720F08806AEE45CB762D375E818DE62

Uniqueness

Uniqueness Score: -1.00%

Function 008FB45E Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 008FB4A9

Memory Dump Source

Source File: 00000000.00000002.1716703487.00000000008FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8fa000_TBYtld7aq2.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 8c13a4b5cc3a38a265cac46c2e9637465112f415a00816a8c05ebb48644c0202
Instruction ID: 246be904d3a032821ffa525ea5b73c3652ee45975eb5db2386d04e8ec2db3620
Opcode Fuzzy Hash: 8c13a4b5cc3a38a265cac46c2e9637465112f415a00816a8c05ebb48644c0202
Instruction Fuzzy Hash: 210180715002089FDB20CF29DA45B62FBE8FF24724F0884A9EE49DB752D374E808CA75

Uniqueness

Uniqueness Score: -1.00%

Function 008FA622 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 008FA666

Memory Dump Source

Source File: 00000000.00000002.1716703487.00000000008FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8fa000_TBYtld7aq2.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: e227ede97899865178bf7335d19934ceb4b05344b7438398bc0bb8b57aba3845
Instruction ID: 05049cf117136093a83c060745ea3f15b84ac3fab41d71cafe6cb9de3444c6e7
Opcode Fuzzy Hash: e227ede97899865178bf7335d19934ceb4b05344b7438398bc0bb8b57aba3845
Instruction Fuzzy Hash: F901A1715006049FDB21CF55D944B62FBE4FF08320F08C86ADE499A611D375E418DF62

Uniqueness

Uniqueness Score: -1.00%

Function 008FBC82 Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 008FBCBF

Memory Dump Source

Source File: 00000000.00000002.1716703487.00000000008FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8fa000_TBYtld7aq2.jbxd

Similarity

API ID: FileInfoSizeVersion
String ID:
API String ID: 1661704012-0
Opcode ID: bed635252c88c13fc0d0d6ae5b9485c2f737ee21b69e8a95a8e22f1570023504
Instruction ID: 4a9443b69adc01296243cd30cfeac77153a8e4b28ceb2173dbab35b2370f8e15
Opcode Fuzzy Hash: bed635252c88c13fc0d0d6ae5b9485c2f737ee21b69e8a95a8e22f1570023504
Instruction Fuzzy Hash: AB019E715042489FEB20DF25D984766FBE8FF04320F0884AADD48DB752D775E404CA71

Uniqueness

Uniqueness Score: -1.00%

Function 008FA2F6 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E24,?,?), ref: 008FA346

Memory Dump Source

Source File: 00000000.00000002.1716703487.00000000008FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8fa000_TBYtld7aq2.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 5e1b7b5acb7d0847e9e0b915038af12d905300a44786cb21627a62e930453b31
Instruction ID: e353d3230c4589f304dead8719a18b7ca253698aef1bb44cad776bfeed257401
Opcode Fuzzy Hash: 5e1b7b5acb7d0847e9e0b915038af12d905300a44786cb21627a62e930453b31
Instruction Fuzzy Hash: 8E01D171600600ABD310DF16CC86B66FBE8FB88B20F14815AEC489BB41D775F925CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 008FBAF2 Relevance: 1.5, APIs: 1, Instructions: 43libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNELBASE(?), ref: 008FBB2C

Memory Dump Source

Source File: 00000000.00000002.1716703487.00000000008FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8fa000_TBYtld7aq2.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 01bd3073aea954f9aa8d263bee2df2b966d04fe705a0c0e508e62494641521ae
Instruction ID: 1721730af6cfa4c7cf8f4d5068758fe962b5d3f72a93711aeeb36571fa866b88
Opcode Fuzzy Hash: 01bd3073aea954f9aa8d263bee2df2b966d04fe705a0c0e508e62494641521ae
Instruction Fuzzy Hash: C0015E719042449FDB20CF29D984762FBE4EF44324F0884AADD49CF75AD374E804CA61

Uniqueness

Uniqueness Score: -1.00%

Function 06180032 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

VerLanguageNameW.KERNELBASE(?,00000E24,?,?), ref: 06180082

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: LanguageName
String ID:
API String ID: 2060303382-0
Opcode ID: 27ba0818e13b27aa96e498e356cdd4a24a57e9505651988eb12036bf6eb320b5
Instruction ID: 8f36837e1b0565ada8bedd1d85b1a50949b85e919cbccc07f888ac5e0e37f5af
Opcode Fuzzy Hash: 27ba0818e13b27aa96e498e356cdd4a24a57e9505651988eb12036bf6eb320b5
Instruction Fuzzy Hash: E501D171600600ABD310DF16CC86B66FBE8FB88B20F14811AED489BB41D775F925CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 061816E6 Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 06181721

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 09d87f519c9c60274694e280196e7837ba44d90dea31ad3ab85544bf4ad20d09
Instruction ID: 55eb6e1d4a9e6bede4222d5bd87016322c390efbbc20218db151b413a3978807
Opcode Fuzzy Hash: 09d87f519c9c60274694e280196e7837ba44d90dea31ad3ab85544bf4ad20d09
Instruction Fuzzy Hash: 0701B1365046009FEB219F15D885B66FBE4EF04220F08C4AEED454B761C375E418CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0618135E Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 06181399

Memory Dump Source

Source File: 00000000.00000002.1717610756.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6180000_TBYtld7aq2.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 2fbd8a6f446f4a95ba819ad49f047a7e4d9e509a732dac9210411357df6861fa
Instruction ID: eee9175a5d02de1e7894bd8dafb522ea72463c70b580f015b342cdbe33d1baf8
Opcode Fuzzy Hash: 2fbd8a6f446f4a95ba819ad49f047a7e4d9e509a732dac9210411357df6861fa
Instruction Fuzzy Hash: 88018F36904704EFEB21DF15D945B65FBE0EF04320F08C4AADD454AB62D375A859CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 008FA44E Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 008FA480

Memory Dump Source

Source File: 00000000.00000002.1716703487.00000000008FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8fa000_TBYtld7aq2.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 04b12ee58290a5d08374528325235ec8ff3a0be624470a6ef12237c7621c33f6
Instruction ID: f9397a0efde8614a5cee794528c1250f1ee63450a88da63fc637d3759809fecd
Opcode Fuzzy Hash: 04b12ee58290a5d08374528325235ec8ff3a0be624470a6ef12237c7621c33f6
Instruction Fuzzy Hash: CFF081755142489FDB20CF15D988761FBA4EF14334F18C0AADE498B752D2B9A408CAB6

Uniqueness

Uniqueness Score: -1.00%

Function 04DAC7F0 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717300161.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4da0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ca22394eb9e373da0d2a9e4cbb10682e2178daeb3983096238349c247e72f52
Instruction ID: b6689d9b32057af00dbf0a2f923ff1dba5659cbe50e97e5d3debd59e0b3ed51d
Opcode Fuzzy Hash: 8ca22394eb9e373da0d2a9e4cbb10682e2178daeb3983096238349c247e72f52
Instruction Fuzzy Hash: 3091C471B082158FCB15EBB4D4615AEB7B2BF85319B10443DD505AB394DF38DD05CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 04DAC630 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717300161.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4da0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03b96efde581a5fa16438561067921f062302208e570df03a841cbb761b8b438
Instruction ID: fa6dad409f6c21ece31ec2e713d79e95ac60941c831de159312b658943fe7863
Opcode Fuzzy Hash: 03b96efde581a5fa16438561067921f062302208e570df03a841cbb761b8b438
Instruction Fuzzy Hash: 524104327041145FCB15DBA8C881BBEFBA2EB86724F188969D204DF7D6D634EC5187D1

Uniqueness

Uniqueness Score: -1.00%

Function 04DAC7E1 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717300161.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4da0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a32cf5135a55846a478e64e8dde21b453cfee87f33d4db06cd9e143920bafeb
Instruction ID: 81a646c5c1ab62a6504c897856be12c583fc79fb41dfb3981ed0cf38b51e0a65
Opcode Fuzzy Hash: 7a32cf5135a55846a478e64e8dde21b453cfee87f33d4db06cd9e143920bafeb
Instruction Fuzzy Hash: E54104B4A1C2468FCB10DBB8D9549AEBBF1BF84725B10456AD8419B355DB30E850CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00CB076C Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716953814.0000000000CB0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 135e05a3d6b9cf9c6262e57182b4cb7522a4201f8c1fffd3d7f0526ad06f280a
Instruction ID: 29427c0708af06700c076d286d8284a8dcb00e83206b5fd8647f241e15f6f9bf
Opcode Fuzzy Hash: 135e05a3d6b9cf9c6262e57182b4cb7522a4201f8c1fffd3d7f0526ad06f280a
Instruction Fuzzy Hash: 2911B730244280DFD715CB14D980B66F7D5EB89708F34C9ACE5492BB92CB77E903CA91

Uniqueness

Uniqueness Score: -1.00%

Function 04DAC77F Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717300161.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4da0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcbe9d9f3523f47afe159536537d6b3a2f948a4e74ae4486c1e8694ce982ff26
Instruction ID: f8ffbe917157c86603529afd711080b010811aab17ceab871c54e010a2c54dde
Opcode Fuzzy Hash: fcbe9d9f3523f47afe159536537d6b3a2f948a4e74ae4486c1e8694ce982ff26
Instruction Fuzzy Hash: 6601047120D2805FC325D77998A1AE9BFE2AFD6314F1640BFD2449F7A6DA6008058752

Uniqueness

Uniqueness Score: -1.00%

Function 04DA001C Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717300161.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4da0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3432ea2a95ac25d2fd204a8961e95408bed9b20f8b52511b117be25b5bc18acc
Instruction ID: a1fb851aaf5703ba511e8f4410bd87ec08085d9614b5034f416d6ddf246375e6
Opcode Fuzzy Hash: 3432ea2a95ac25d2fd204a8961e95408bed9b20f8b52511b117be25b5bc18acc
Instruction Fuzzy Hash: 3A01DD9554E7D04FEB53133818B10997F719D6712831A48EBC0C1CF0A7DA0A6D0BD762

Uniqueness

Uniqueness Score: -1.00%

Function 00CB074B Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716953814.0000000000CB0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32116021f41a6cfa8d4dcf26a869621117f7c2dd98c7dbfd42ed66f14b7eecf9
Instruction ID: 9cfc28b4dc6d3d319165c9af28a7f232b094458d722324871f9c5df9cd4d06b0
Opcode Fuzzy Hash: 32116021f41a6cfa8d4dcf26a869621117f7c2dd98c7dbfd42ed66f14b7eecf9
Instruction Fuzzy Hash: DE115B311493C09FC712CB20C990B55BFB1AF4A304F2986DED4899B6A3C63A9806CB52

Uniqueness

Uniqueness Score: -1.00%

Function 04DA9819 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717300161.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4da0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b438f9b7346c5ab5bde50efe77e8fb4265f63cd0dc9cc964bcda85aa99121f63
Instruction ID: 2620ab01e24011ecf94d47f130b0451296b049b2b2fa3969f3f440e23e1ca6bd
Opcode Fuzzy Hash: b438f9b7346c5ab5bde50efe77e8fb4265f63cd0dc9cc964bcda85aa99121f63
Instruction Fuzzy Hash: 7BF0287270D2109FCB221774AC25B6D76A59FCA740F25456AE141EF3E1CEB19C068B86

Uniqueness

Uniqueness Score: -1.00%

Function 00CB0711 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716953814.0000000000CB0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9933693623221d5ce68db223f1296d0d37c243f8efaedf557963ae894dc94903
Instruction ID: dc39542b79b9ead1e187e6866499b8afc5f62582ff311b8ecdb0b19800273f77
Opcode Fuzzy Hash: 9933693623221d5ce68db223f1296d0d37c243f8efaedf557963ae894dc94903
Instruction Fuzzy Hash: 9711523510C3C08FC313CB10C990B52BFA1EB5A704F2986DAD4855B6A3C73A9916CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00CB05E0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716953814.0000000000CB0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b0105d28cddda445ae8205079c6dbead5014a46b2336750242eb80acb138183
Instruction ID: 389eb0127e0349ea15cbb3a5822c31110664f189f924474a9872045d71584be0
Opcode Fuzzy Hash: 7b0105d28cddda445ae8205079c6dbead5014a46b2336750242eb80acb138183
Instruction Fuzzy Hash: CB01D6B550D7806FD7128B059C50862FFB8EF8662070984EFE8898B752D225A818CB72

Uniqueness

Uniqueness Score: -1.00%

Function 04DA9828 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717300161.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4da0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe3b2001cfd9192928eca6edbf4b33a61d3b40a33e742caeaf9940ccb355236e
Instruction ID: 078fbb7ffe41e4cac44747d09715c8786cff87695f4cd478bef88afc7c2b9660
Opcode Fuzzy Hash: fe3b2001cfd9192928eca6edbf4b33a61d3b40a33e742caeaf9940ccb355236e
Instruction Fuzzy Hash: FCF02B72B042205BDA206739AC11B6D71EA9BC9B90F25453AF601EF3D4DFB1AC0647D6

Uniqueness

Uniqueness Score: -1.00%

Function 00CB0828 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716953814.0000000000CB0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e3ffe0ab8b8bec43b0eca7ca5da45ad1ed39b609236ae5c53b800e7332b5d85
Instruction ID: 51e1d443826da6ff1e65a13950f8874e26ab45346f75023778f4d81d455bef5f
Opcode Fuzzy Hash: 0e3ffe0ab8b8bec43b0eca7ca5da45ad1ed39b609236ae5c53b800e7332b5d85
Instruction Fuzzy Hash: E3F01D35148644DFC705CB40D980B56FBA2FB89718F24CAADE94917752C737E913DE81

Uniqueness

Uniqueness Score: -1.00%

Function 00CB0606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716953814.0000000000CB0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97fe62fbfbe301191749486f6b532029000537d9df7fa73576214b72efb69b70
Instruction ID: 0a8e359a82cac3c3eb5ec0b7918dafeda0e7bf6ec9ecd0217895b46825f331c9
Opcode Fuzzy Hash: 97fe62fbfbe301191749486f6b532029000537d9df7fa73576214b72efb69b70
Instruction Fuzzy Hash: 6EE092B66046048F9650CF0AED41452F7D8EB84630718C47FDC0D8B701D275B518CAB6

Uniqueness

Uniqueness Score: -1.00%

Function 04DAC7C0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717300161.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4da0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1a7230d1c5659afe520dc62e7fa18739be2b66fa6b5574d6838310a0b5e80e2
Instruction ID: 59d6ecf9203940ced7e28456246695f04f711210a5e6716cbb13f2a69fc421f7
Opcode Fuzzy Hash: f1a7230d1c5659afe520dc62e7fa18739be2b66fa6b5574d6838310a0b5e80e2
Instruction Fuzzy Hash: 2DD02EF7308104EFC70186A8BCA0BDABBA4EB91321F420073E300CF292C224481AC7B1

Uniqueness

Uniqueness Score: -1.00%

Function 04DA00A0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717300161.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4da0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e244e87d0e0edd027f373bceb1b91ed6b2903378a4358aa7e15990ac0c3cb80
Instruction ID: 45f1569b26439b3b8ff2a9d2a70a8fcb6065a5e387192ba5cd412be320fbe03e
Opcode Fuzzy Hash: 0e244e87d0e0edd027f373bceb1b91ed6b2903378a4358aa7e15990ac0c3cb80
Instruction Fuzzy Hash: E7D0A752648160CADA0722A828219FE67954BC396071502ABE006966D3CE88090382D9

Uniqueness

Uniqueness Score: -1.00%

Function 04DA0070 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717300161.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4da0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f4653bca713a8b3ac60745973b3265303b1db25b6a32968cff96f4e9e6575fc
Instruction ID: 512a13d9b4d1cdf052d118fe42c8be1ab6405b93bc94be6ebf46a4e17fe20897
Opcode Fuzzy Hash: 1f4653bca713a8b3ac60745973b3265303b1db25b6a32968cff96f4e9e6575fc
Instruction Fuzzy Hash: 36C012113406344B4D193379102606F626D4E955A83120579D25ACE682CF4BDD1242DA

Uniqueness

Uniqueness Score: -1.00%

Function 008F23F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716692173.00000000008F2000.00000040.00000800.00020000.00000000.sdmp, Offset: 008F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f2000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 500286af98b8092bf1980869d1742d29911bde89947f8dadd88b86fdbfaaa211
Instruction ID: 1e1a9a884bfcab78d3130f031f03d4f6d0ca40755cfa2bd707bb707aa677b9c5
Opcode Fuzzy Hash: 500286af98b8092bf1980869d1742d29911bde89947f8dadd88b86fdbfaaa211
Instruction Fuzzy Hash: 33D02E392006D04FD323CA2CC2A8BA537D4BB61704F0A08FAA800CB763CBA8D880D600

Uniqueness

Uniqueness Score: -1.00%

Function 008F23BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1716692173.00000000008F2000.00000040.00000800.00020000.00000000.sdmp, Offset: 008F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f2000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77f86faafdfec2c4a270cc4fa16ae5d00354d3b4682d0b10087d8e76b675ad64
Instruction ID: 97644040c4ef63907ad33fce51ace0213ab328f4f6568cc3f7623925db9cfb7c
Opcode Fuzzy Hash: 77f86faafdfec2c4a270cc4fa16ae5d00354d3b4682d0b10087d8e76b675ad64
Instruction Fuzzy Hash: D6D05E742006854BC725DA1CC6D4F6937D4BB45714F0648E8AC10CB772C7A8D8C4DA00

Uniqueness

Uniqueness Score: -1.00%

Function 04DA00B0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1717300161.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4da0000_TBYtld7aq2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d02ac7ad8c69dc8a28e65a183a781d8546b2db0370802c4a8e967386c45d7a60
Instruction ID: b0f44ef66d6e2e40d263816428b8bf6aa2cbe05d4808737501269828fba5dfea
Opcode Fuzzy Hash: d02ac7ad8c69dc8a28e65a183a781d8546b2db0370802c4a8e967386c45d7a60
Instruction Fuzzy Hash: 38C02B11304434C30C0D339C30110ED734D4AC7D20340061AF109473C2CE850D0143DE

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: chargeable.exePID: 7800, Parent PID: 7524COMMON

Execution Graph

Execution Coverage:	19%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	54
Total number of Limit Nodes:	3

Executed Functions

Function 05610DFA Relevance: 1.6, APIs: 1, Instructions: 69
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtResumeThread.NTDLL(?,?), ref: 05610E73

Memory Dump Source

Source File: 00000002.00000002.1751136147.0000000005610000.00000040.00000800.00020000.00000000.sdmp, Offset: 05610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5610000_chargeable.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 8e86d5c878f58cdcfe0cac0e778aeb02a083759de8080f0cf1797c509db02b1c
Instruction ID: 5195ed3052c16cdd25f51429e9a82d606a3c1eb93a36c0b28e61cac95ff4ae81
Opcode Fuzzy Hash: 8e86d5c878f58cdcfe0cac0e778aeb02a083759de8080f0cf1797c509db02b1c
Instruction Fuzzy Hash: 9521AEB14093C09FDB12CF21D854BA1BFA0AF06224F1D84DEECC48F253D266A54ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 05610EB9 Relevance: 1.6, APIs: 1, Instructions: 62nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL ref: 05610F24

Memory Dump Source

Source File: 00000002.00000002.1751136147.0000000005610000.00000040.00000800.00020000.00000000.sdmp, Offset: 05610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5610000_chargeable.jbxd

Similarity

API ID: MemoryVirtualWrite
String ID:
API String ID: 3527976591-0
Opcode ID: 67ac6baafd50e71fabbc99ec8d102701be3e58abfc1aba572a827371c564d011
Instruction ID: 9c969cc9251c4a63057e05947718b1a0921fee56f183c92fa33fa2f3404a3735
Opcode Fuzzy Hash: 67ac6baafd50e71fabbc99ec8d102701be3e58abfc1aba572a827371c564d011
Instruction Fuzzy Hash: 36117271409380AFDB228F55DC44B62FFB4EF46320F0888DAED848F663D275A559DB61

Uniqueness

Uniqueness Score: -1.00%

Function 05610EE6 Relevance: 1.5, APIs: 1, Instructions: 43nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL ref: 05610F24

Memory Dump Source

Source File: 00000002.00000002.1751136147.0000000005610000.00000040.00000800.00020000.00000000.sdmp, Offset: 05610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5610000_chargeable.jbxd

Similarity

API ID: MemoryVirtualWrite
String ID:
API String ID: 3527976591-0
Opcode ID: 4b752bf675c050d7d8df644359334b5cc8331534020728d0de786d603b848ec0
Instruction ID: c69425ce6b11141329d03e0f42217ee772a391f6123610b104668ebdcf7a78d7
Opcode Fuzzy Hash: 4b752bf675c050d7d8df644359334b5cc8331534020728d0de786d603b848ec0
Instruction Fuzzy Hash: D30180715002009FDB20CF55D945B66FBE1EF08320F08C8AAED498B755D375A558CB62

Uniqueness

Uniqueness Score: -1.00%

Function 05610E3E Relevance: 1.5, APIs: 1, Instructions: 40nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 05610E73

Memory Dump Source

Source File: 00000002.00000002.1751136147.0000000005610000.00000040.00000800.00020000.00000000.sdmp, Offset: 05610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5610000_chargeable.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: f67e1cd6abde8bda309f008a9af7c6f38da53396e668420e748faecf569a4dd3
Instruction ID: 924c6a56e1915243a9248d8fdf720dd14af2a81c3c51624eae46c52ea9b795a4
Opcode Fuzzy Hash: f67e1cd6abde8bda309f008a9af7c6f38da53396e668420e748faecf569a4dd3
Instruction Fuzzy Hash: C5018F719042409FEB20CF16D988B75FBE4EF48320F1CC8AADD488F756D379A548CAA5

Uniqueness

Uniqueness Score: -1.00%

Function 015700D0 Relevance: 9.1, Instructions: 9145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000002.00000002.1750423600.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1570000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4b7626549293f2701e726a5e530ee792c9abd5e755d973c0e5fb9e0d2af0fd2
Instruction ID: 1ae754b5213aa9ce315fbd1a56f1bec24e8532824ca179abf012d576ee4eb397
Opcode Fuzzy Hash: d4b7626549293f2701e726a5e530ee792c9abd5e755d973c0e5fb9e0d2af0fd2
Instruction Fuzzy Hash: D1144734A00708CFD765DB34C854A9AB7B2FF8A304F5148A8D54AAB7A1DF36AE45CF41

Uniqueness

Uniqueness Score: -1.00%

Function 015700E0 Relevance: 9.1, Instructions: 9140
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000002.00000002.1750423600.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1570000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e23567edba61bafae52614f74843e273da661a594a7ab6fc81e0e4d454218444
Instruction ID: 30272c050d55f9072c3ed0c756fb30682df218b7561395c1363f9a7d441eb077
Opcode Fuzzy Hash: e23567edba61bafae52614f74843e273da661a594a7ab6fc81e0e4d454218444
Instruction Fuzzy Hash: 45144734A00708CFD765DB34C854A9AB7B2FF8A304F5148A8D54AAB7A1DF36AE45CF41

Uniqueness

Uniqueness Score: -1.00%

Function 015798A0 Relevance: 2.7, Instructions: 2697
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000002.00000002.1750423600.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1570000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50add7b8d0ddfbd847f5308b60c4fa0af1d0a2e9653fd16e92ada21bfe6434f2
Instruction ID: 289a5fbda270d128cc1223cc54cd243ccdc4d7e12ea3716840da7fb3db4e931d
Opcode Fuzzy Hash: 50add7b8d0ddfbd847f5308b60c4fa0af1d0a2e9653fd16e92ada21bfe6434f2
Instruction Fuzzy Hash: 4433A5263049368F8625BF75956181FBB76EF85698314C345CE01073ACDF38AB9B8BC9

Uniqueness

Uniqueness Score: -1.00%

Function 05610CA1 Relevance: 1.6, APIs: 1, Instructions: 121
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,00000E24), ref: 05610DA4

Memory Dump Source

Source File: 00000002.00000002.1751136147.0000000005610000.00000040.00000800.00020000.00000000.sdmp, Offset: 05610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5610000_chargeable.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 613c36c66216b46e37b84a5fa72ec5e0a304e482fc560af6f80ddb909c9c6f0f
Instruction ID: fc81ae3d696fa3c56c0b51c38c801808ff82c1362c25f53162c9833e01f46fb0
Opcode Fuzzy Hash: 613c36c66216b46e37b84a5fa72ec5e0a304e482fc560af6f80ddb909c9c6f0f
Instruction Fuzzy Hash: 2441A271104340AFEB22CB65CC45FA6BBFCEF06710F08499AF9859B692D275F949CB60

Uniqueness

Uniqueness Score: -1.00%

Function 05610CDA Relevance: 1.6, APIs: 1, Instructions: 97
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,00000E24), ref: 05610DA4

Memory Dump Source

Source File: 00000002.00000002.1751136147.0000000005610000.00000040.00000800.00020000.00000000.sdmp, Offset: 05610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5610000_chargeable.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: a020c1d514e8f11771f2cdbbe44fc702c61070cee4a0702770f97b8cd5824a04
Instruction ID: ec8d901d423a9005b35d442a475d2922de15bb0440ef845165ff7cb8b2675c45
Opcode Fuzzy Hash: a020c1d514e8f11771f2cdbbe44fc702c61070cee4a0702770f97b8cd5824a04
Instruction Fuzzy Hash: 20317C76600200AFEB31CF65CC85FA6F7ECEB08710F04895AFA499A690D675F549CB60

Uniqueness

Uniqueness Score: -1.00%

Function 011DAC22 Relevance: 1.6, APIs: 1, Instructions: 92
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 011DACD1

Memory Dump Source

Source File: 00000002.00000002.1749923697.00000000011DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11da000_chargeable.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: fea0cf4900f17a54300152aad5e2fab545ad7c943216608bd217fe0b524734f3
Instruction ID: 9b5c75915703459c3091acae53fd495091a9972f8840d3fce6a366eceb27c192
Opcode Fuzzy Hash: fea0cf4900f17a54300152aad5e2fab545ad7c943216608bd217fe0b524734f3
Instruction Fuzzy Hash: 7431C2B2404380AFE722CF15DC45FA7BFBCEF15210F08849AE9858B652D324E909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 011DAD19 Relevance: 1.6, APIs: 1, Instructions: 89
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,E90F9800,00000000,00000000,00000000,00000000), ref: 011DADD4

Memory Dump Source

Source File: 00000002.00000002.1749923697.00000000011DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11da000_chargeable.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: d075cdb4e79fd64a8f043e27dfcf293b36236f500576b5c915ce515ba85d0b87
Instruction ID: 40e3f6f4b15356db00bb6b4e31ce5e0f7e5d03653391e8faf699dbe322fb24e2
Opcode Fuzzy Hash: d075cdb4e79fd64a8f043e27dfcf293b36236f500576b5c915ce515ba85d0b87
Instruction Fuzzy Hash: 6B31B3755087805FE722CF25DC44FA6BFF8EF06210F08849AE985CB257D364E508CB61

Uniqueness

Uniqueness Score: -1.00%

Function 011DA2AC Relevance: 1.6, APIs: 1, Instructions: 78
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?,00000E24,?,?), ref: 011DA346

Memory Dump Source

Source File: 00000002.00000002.1749923697.00000000011DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11da000_chargeable.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 10eb3b5167bf86e47d84fe560c398d6a8b62d9e17a0bb639d676b2f057b052eb
Instruction ID: 20d35f5b315b5520076c717a2efa351349f6e86672e12e6bfa760556da1e1fb5
Opcode Fuzzy Hash: 10eb3b5167bf86e47d84fe560c398d6a8b62d9e17a0bb639d676b2f057b052eb
Instruction Fuzzy Hash: 9F21957150D3C06FD3138B259C51B62BFB8EF47610F0945DBE884DB693D225A919C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 011DAC52 Relevance: 1.6, APIs: 1, Instructions: 74
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 011DACD1

Memory Dump Source

Source File: 00000002.00000002.1749923697.00000000011DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11da000_chargeable.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 86b77df5338bcd6e133ba3a60ad6f9124d84b4880cab5dd08fcfe181a9888754
Instruction ID: 970fd0fb32545914740e86eae5e2510d48d424b06f2fd74bb351c8b5502efea1
Opcode Fuzzy Hash: 86b77df5338bcd6e133ba3a60ad6f9124d84b4880cab5dd08fcfe181a9888754
Instruction Fuzzy Hash: 84219FB2500604AFE721DF55DC44FABFBECEF14224F04846AE9459B656D734E50C8AB2

Uniqueness

Uniqueness Score: -1.00%

Function 05610431 Relevance: 1.6, APIs: 1, Instructions: 71
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DrawTextExW.USER32(?,?,?,?,?,?), ref: 056104B3

Memory Dump Source

Source File: 00000002.00000002.1751136147.0000000005610000.00000040.00000800.00020000.00000000.sdmp, Offset: 05610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5610000_chargeable.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: ca5e67313b57a44c6338b3effef3683987f2efbf291aff92df9f78f41ac318a1
Instruction ID: 003251ecff7b789fd27535c8da8376f3e2fc12f3490750789d1341e20949843e
Opcode Fuzzy Hash: ca5e67313b57a44c6338b3effef3683987f2efbf291aff92df9f78f41ac318a1
Instruction Fuzzy Hash: A72195715083809FDB22CF25DC44B62BFF4EF06310F09889AE9858F663D275E908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 011DAD5A Relevance: 1.6, APIs: 1, Instructions: 69
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,E90F9800,00000000,00000000,00000000,00000000), ref: 011DADD4

Memory Dump Source

Source File: 00000002.00000002.1749923697.00000000011DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11da000_chargeable.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 488fe40e5f1a6d196604153fc0f4082b3f5132ceaf7d8f9ac0b3ed9eef9bbb7e
Instruction ID: abe7c9d6118bcd6a4e238ff34475d46623ccfaacbf0fa5bb83ccb8372f097523
Opcode Fuzzy Hash: 488fe40e5f1a6d196604153fc0f4082b3f5132ceaf7d8f9ac0b3ed9eef9bbb7e
Instruction Fuzzy Hash: 5E219076600604AFE721CF15DC84FA7B7ECEF14610F08846AE945CB755D774E508CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 011DBAB4 Relevance: 1.6, APIs: 1, Instructions: 68
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNELBASE(?), ref: 011DBB2C

Memory Dump Source

Source File: 00000002.00000002.1749923697.00000000011DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11da000_chargeable.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 20d054936188c2ed83836a9db5c72b52db3d0bbd1358c0a468a86becf2192724
Instruction ID: 8848ac42b2bb262eece6988e21c4056e75d352b6109beb735d99ed128f34492a
Opcode Fuzzy Hash: 20d054936188c2ed83836a9db5c72b52db3d0bbd1358c0a468a86becf2192724
Instruction Fuzzy Hash: E2215B7150D3C05FDB12CB29DC94B92BFB8DF07214F0984DAE9848F667D264A908CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 011DB42D Relevance: 1.6, APIs: 1, Instructions: 65
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 011DB4A9

Memory Dump Source

Source File: 00000002.00000002.1749923697.00000000011DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11da000_chargeable.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 6c49cb1a71cf6abef4115f16e45f0a095abbe968a2e4604cc81c8a1513f291d7
Instruction ID: ba4042fa304b5912c695c19b6693f9eeed8fc1ebbe64a4ff80b06451515b1ee2
Opcode Fuzzy Hash: 6c49cb1a71cf6abef4115f16e45f0a095abbe968a2e4604cc81c8a1513f291d7
Instruction Fuzzy Hash: DA2190B55093805FDB22CE19DC45B62BFF8EF06614F09848AE9858B293D365A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 011DBC4B Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 011DBCBF

Memory Dump Source

Source File: 00000002.00000002.1749923697.00000000011DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11da000_chargeable.jbxd

Similarity

API ID: FileInfoSizeVersion
String ID:
API String ID: 1661704012-0
Opcode ID: fc4dec0bbf0967b81620be80a7f82bed3a2a0a3256a2e5a55c72bd57eac68a09
Instruction ID: be28ae693533ae381b07c935f6318da8a33fabdfd2bdd3d9aefe661a950fe4fb
Opcode Fuzzy Hash: fc4dec0bbf0967b81620be80a7f82bed3a2a0a3256a2e5a55c72bd57eac68a09
Instruction Fuzzy Hash: BD2193B15093809FE712CF25DC45B52BFB4EF06210F0A84DAE9858F263D274A909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05610006 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

VerLanguageNameW.KERNELBASE(?,00000E24,?,?), ref: 05610082

Memory Dump Source

Source File: 00000002.00000002.1751136147.0000000005610000.00000040.00000800.00020000.00000000.sdmp, Offset: 05610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5610000_chargeable.jbxd

Similarity

API ID: LanguageName
String ID:
API String ID: 2060303382-0
Opcode ID: 38c06a7c8604e9fb9f0a3f5ff884a4e90802402ad72efd5f416203edfe9c7fd0
Instruction ID: b7c26b524549fe3a024a259cdc7ed6124e1ae03d6c845122df2a04517269007a
Opcode Fuzzy Hash: 38c06a7c8604e9fb9f0a3f5ff884a4e90802402ad72efd5f416203edfe9c7fd0
Instruction Fuzzy Hash: DB11C4B25043406FD3118F15DC42F73BBF8EF8A620F05819AFC4897A42D274B915CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05611009 Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 0561107D

Memory Dump Source

Source File: 00000002.00000002.1751136147.0000000005610000.00000040.00000800.00020000.00000000.sdmp, Offset: 05610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5610000_chargeable.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: f93239d217bbb1fecd1047c5516347b7bc5d51abde1fb99637ab67af0c61a273
Instruction ID: b5718b78500f18b99dd82c8d9a5a0883a917ba3b739cd4828bf7cc1693393c6d
Opcode Fuzzy Hash: f93239d217bbb1fecd1047c5516347b7bc5d51abde1fb99637ab67af0c61a273
Instruction Fuzzy Hash: 0C216D715093C09FDB238F25DC44A62BFB4EF17210F0D84DAE9848F663D275A919DB62

Uniqueness

Uniqueness Score: -1.00%

Function 011DA5FB Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 011DA666

Memory Dump Source

Source File: 00000002.00000002.1749923697.00000000011DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11da000_chargeable.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: d78d2bf50dae38ad80cc7c8b7e77f2dedf7ba29775517fddf64d62b283e2450f
Instruction ID: 25207fa98434c57df0d1301d79bd49de12219f24d1b61ada0cfa02793d806c58
Opcode Fuzzy Hash: d78d2bf50dae38ad80cc7c8b7e77f2dedf7ba29775517fddf64d62b283e2450f
Instruction Fuzzy Hash: 6C11AF72409380AFDB228F54DC44A62FFF4EF4A310F08889AE9858B662D235A518DB61

Uniqueness

Uniqueness Score: -1.00%

Function 011DBD10 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

GetFileVersionInfoW.KERNELBASE(?,?,?,?), ref: 011DBD75

Memory Dump Source

Source File: 00000002.00000002.1749923697.00000000011DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11da000_chargeable.jbxd

Similarity

API ID: FileInfoVersion
String ID:
API String ID: 2427832333-0
Opcode ID: 56438328a1589c639fa2c05451cd5f0c3ae222e7a14e7890d9b488dce5c53de7
Instruction ID: 81ec942a1c25dfa6a93b17234fb9c8e748e524611e5e4e4475fc133aa538d83b
Opcode Fuzzy Hash: 56438328a1589c639fa2c05451cd5f0c3ae222e7a14e7890d9b488dce5c53de7
Instruction Fuzzy Hash: F011D371508740AFDB228F15DC44B66FFB8EF46614F09809EED458B662D221A808CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0561139B Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 05611405

Memory Dump Source

Source File: 00000002.00000002.1751136147.0000000005610000.00000040.00000800.00020000.00000000.sdmp, Offset: 05610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5610000_chargeable.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 221dd6fd6433181f1f65e1685568b9cb87c2a534bc6b832670b50e06b69e8cc6
Instruction ID: ade68923e378e3608467f2b14dd47316f1ba7e0a2c3e9615776ef74f673317c8
Opcode Fuzzy Hash: 221dd6fd6433181f1f65e1685568b9cb87c2a534bc6b832670b50e06b69e8cc6
Instruction Fuzzy Hash: 0011DD72508380AFDB22CF11DC45B62FFB4EF06324F08849EED858B663C275A819CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05610462 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

DrawTextExW.USER32(?,?,?,?,?,?), ref: 056104B3

Memory Dump Source

Source File: 00000002.00000002.1751136147.0000000005610000.00000040.00000800.00020000.00000000.sdmp, Offset: 05610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5610000_chargeable.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: 80a0bd1fefa5b9f09948729ab2dae640ad02cf3f4b9cf4813d7afdd6463e7d04
Instruction ID: 73ffabb1ffe66375789211d70bfbade221ffd30e623f76639be228f65d1c6451
Opcode Fuzzy Hash: 80a0bd1fefa5b9f09948729ab2dae640ad02cf3f4b9cf4813d7afdd6463e7d04
Instruction Fuzzy Hash: 59115E71504204DFEB20CF55D988B66FBE8FF08220F08896ADD458BB52D375E448CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 011DA42A Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 011DA480

Memory Dump Source

Source File: 00000002.00000002.1749923697.00000000011DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11da000_chargeable.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: e97fa6a029c77f2e2110c6d23b884142d49ca2504bcf519c5936a2676617bc35
Instruction ID: 703ef55245fc3ca1ba664d5579d05efad393f30e3be2dd2791438db82ff9ab16
Opcode Fuzzy Hash: e97fa6a029c77f2e2110c6d23b884142d49ca2504bcf519c5936a2676617bc35
Instruction Fuzzy Hash: 8701A171408380AFD712CF05DC44B62BFB8DF46224F08849AED844B252D375A808CB71

Uniqueness

Uniqueness Score: -1.00%

Function 011DBD32 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

GetFileVersionInfoW.KERNELBASE(?,?,?,?), ref: 011DBD75

Memory Dump Source

Source File: 00000002.00000002.1749923697.00000000011DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11da000_chargeable.jbxd

Similarity

API ID: FileInfoVersion
String ID:
API String ID: 2427832333-0
Opcode ID: 65f991c32a8b422aefd976b63d209e42821fd85ee60c99963752a1a73b70d99a
Instruction ID: 0141a3e582fcfd09dd8ad9d5d35c3980ba1fad9fdcbf157fccef0c4a1f4e7604
Opcode Fuzzy Hash: 65f991c32a8b422aefd976b63d209e42821fd85ee60c99963752a1a73b70d99a
Instruction Fuzzy Hash: 2E01B5766046049FDB25CF19DC84B5AFBE4EF05624F08C46ADD468B762D375E408CF62

Uniqueness

Uniqueness Score: -1.00%

Function 011DB45E Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 011DB4A9

Memory Dump Source

Source File: 00000002.00000002.1749923697.00000000011DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11da000_chargeable.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: d08ace1f1095d1e098439d1d417835d579e3a9373882771324b540cd4e3039b9
Instruction ID: 84cd19fc7ca3cd8efe5cdebc8094e89d77f19f3335913576fa45cadc5121deee
Opcode Fuzzy Hash: d08ace1f1095d1e098439d1d417835d579e3a9373882771324b540cd4e3039b9
Instruction Fuzzy Hash: C701B5755042009FEB20CF19DC85B62FBE4EF05620F08C4A9ED4A8B752D374E408CB76

Uniqueness

Uniqueness Score: -1.00%

Function 011DA622 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 011DA666

Memory Dump Source

Source File: 00000002.00000002.1749923697.00000000011DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11da000_chargeable.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 28ad3b7a538429bbfe5e02aa6e93ea361dbfbe19762463aeb1d6201404a2f295
Instruction ID: b89bdd184389f2aeec7e22d976cf84264373670594876677c39f11719d1af454
Opcode Fuzzy Hash: 28ad3b7a538429bbfe5e02aa6e93ea361dbfbe19762463aeb1d6201404a2f295
Instruction Fuzzy Hash: 50016D32500600DFDB22CF55D944B56FBE4EF48320F08C8AAED498B666D375E518DF62

Uniqueness

Uniqueness Score: -1.00%

Function 011DBC82 Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 011DBCBF

Memory Dump Source

Source File: 00000002.00000002.1749923697.00000000011DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11da000_chargeable.jbxd

Similarity

API ID: FileInfoSizeVersion
String ID:
API String ID: 1661704012-0
Opcode ID: 3936a42bd32ba6f972ed6b3157d036b7796b4101641cf21b9bcc924bc157b433
Instruction ID: c2b7b1da5ed3db6dd9bad775c6cd9ce84f7f55bab1ecb9cf5fe2d9b2bb4c3eab
Opcode Fuzzy Hash: 3936a42bd32ba6f972ed6b3157d036b7796b4101641cf21b9bcc924bc157b433
Instruction Fuzzy Hash: 9801B1719042009FEB20CF19D884766FBE4FF05220F0888AADD499F756D775E408CA66

Uniqueness

Uniqueness Score: -1.00%

Function 011DA2F6 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E24,?,?), ref: 011DA346

Memory Dump Source

Source File: 00000002.00000002.1749923697.00000000011DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11da000_chargeable.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: a6a34a44057670b959fecdad12f4a5ecb6df9839f4bbd3d5a5778d6148c11d07
Instruction ID: 62317f4397d4bfa2f63714665663c152f58df36c42fccb789fe11e8c3b30e30d
Opcode Fuzzy Hash: a6a34a44057670b959fecdad12f4a5ecb6df9839f4bbd3d5a5778d6148c11d07
Instruction Fuzzy Hash: 4D01D671600200ABD310DF16CC86B66FBE8FB88B20F148159EC089BB41D735F915CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 011DBAF2 Relevance: 1.5, APIs: 1, Instructions: 43libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNELBASE(?), ref: 011DBB2C

Memory Dump Source

Source File: 00000002.00000002.1749923697.00000000011DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11da000_chargeable.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: f95619d93b12678fbf572197d579681220aeea5b2457c0c7fdbe5ceb17aa36c9
Instruction ID: c3869856ec601ad66e2f5bf8d5287d7432553285a22c9f29cf92ee99e9c82a2b
Opcode Fuzzy Hash: f95619d93b12678fbf572197d579681220aeea5b2457c0c7fdbe5ceb17aa36c9
Instruction Fuzzy Hash: 91018471A042409FEB20CF19D984766FBE4EF05220F08C4AADD49CF75AD378E508CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 05610032 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

VerLanguageNameW.KERNELBASE(?,00000E24,?,?), ref: 05610082

Memory Dump Source

Source File: 00000002.00000002.1751136147.0000000005610000.00000040.00000800.00020000.00000000.sdmp, Offset: 05610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5610000_chargeable.jbxd

Similarity

API ID: LanguageName
String ID:
API String ID: 2060303382-0
Opcode ID: 2c205f074137b401f21790d4cc5a0f0095f219c3ed35aa9d97464eaedc29d703
Instruction ID: 8b59100e0b9f45ad8b5351ed408bc480d4aee849c593330c5600793d411ee1d8
Opcode Fuzzy Hash: 2c205f074137b401f21790d4cc5a0f0095f219c3ed35aa9d97464eaedc29d703
Instruction Fuzzy Hash: FA01D671600200ABD310DF16CC86B66FBE8FB88B20F14811AED089BB41D735F925CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 056113CA Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 05611405

Memory Dump Source

Source File: 00000002.00000002.1751136147.0000000005610000.00000040.00000800.00020000.00000000.sdmp, Offset: 05610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5610000_chargeable.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: aa67e4202854356a26ff4cdbf8bd9f2319e621e4a1f0eac311a5c3366fbf6ceb
Instruction ID: cb1e5b8371f111358f38926d5b0e7bda37862acb6d3d2adfcbf4beeb6b5c501b
Opcode Fuzzy Hash: aa67e4202854356a26ff4cdbf8bd9f2319e621e4a1f0eac311a5c3366fbf6ceb
Instruction Fuzzy Hash: 6201B1329042009FDB21CF15D884B65FBE5EF05620F0CC4AADE458AB62D375E459CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 05611042 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 0561107D

Memory Dump Source

Source File: 00000002.00000002.1751136147.0000000005610000.00000040.00000800.00020000.00000000.sdmp, Offset: 05610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5610000_chargeable.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: ad7290b23ee6c5d4d5cc92e32e0e471319242f2d04a531b949e07916318226b9
Instruction ID: ecd37a33a4aa18ac7313b90d12baeefcc20f08dda69cdfdc986c80f995246194
Opcode Fuzzy Hash: ad7290b23ee6c5d4d5cc92e32e0e471319242f2d04a531b949e07916318226b9
Instruction Fuzzy Hash: 45018B36904640DFDB20CF15D984B61FBE1EF09321F08C4AADE894BB62D775A418CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 011DA44E Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 011DA480

Memory Dump Source

Source File: 00000002.00000002.1749923697.00000000011DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11da000_chargeable.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: f0bcbf320e001aa5c3031b17796e5896eee206fd1e6d42b17b44b73a642f56bd
Instruction ID: ca41ed8bf8251c7cdcdcdc9c837be38970bd2a7420888e2f532e732b5d42b181
Opcode Fuzzy Hash: f0bcbf320e001aa5c3031b17796e5896eee206fd1e6d42b17b44b73a642f56bd
Instruction Fuzzy Hash: 75F0AF759042409FDB20CF09E988762FBE4EF04324F0CC4AADD494F756D379A408CEA2

Uniqueness

Uniqueness Score: -1.00%

Function 0157CE20 Relevance: 1.3, Instructions: 1282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1750423600.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1570000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c057f13a4dd7baf82c0722f23cec5f20a9964212cf5abb37caed5133a44ecbdc
Instruction ID: 858c72a9ad8887ab70d4153694e7d3237e37d7f7d592ab897dbcc170f516e361
Opcode Fuzzy Hash: c057f13a4dd7baf82c0722f23cec5f20a9964212cf5abb37caed5133a44ecbdc
Instruction Fuzzy Hash: 0FB14C75E002099FDB15DBA8D881BAEFBF2FF88314F148169E915AB391DB359C42CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0157C7F0 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1750423600.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1570000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ad7170fe7715595a49d21f07807f728499ad86e6b82a6577d0082ffa02e7a5d
Instruction ID: 78f9be6c27f14cfb8550a7f3be5885f20ea102414015c6cfb1bce50a7830b376
Opcode Fuzzy Hash: 4ad7170fe7715595a49d21f07807f728499ad86e6b82a6577d0082ffa02e7a5d
Instruction Fuzzy Hash: 4C91E131B042168FCB15EBB8E4615AEB7A6FF85358B10443DC906AB395DF389D09CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0157C630 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1750423600.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1570000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a131f0f01aafae991249cfd1a79e5ef1be1050f8033258e2f66fd8abb19532c
Instruction ID: c8406b564e2007eb3f13e927a67dabde7d2cbc549bea7611abc11fd603ed67b3
Opcode Fuzzy Hash: 9a131f0f01aafae991249cfd1a79e5ef1be1050f8033258e2f66fd8abb19532c
Instruction Fuzzy Hash: 29411332B001165BCB15DBA8D882BBEFBA2ABC5714F14C52AD515DF382DB34EC4187E1

Uniqueness

Uniqueness Score: -1.00%

Function 0157CB00 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1750423600.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1570000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4683a8ed5198376fa3aea612409ac7b88b328db8a7f5a3c85de58e21b9b402b
Instruction ID: 2007e3f8cb77503fc2f95d7337229eba94fb67fe1961aaf5e2c5df411841c756
Opcode Fuzzy Hash: d4683a8ed5198376fa3aea612409ac7b88b328db8a7f5a3c85de58e21b9b402b
Instruction Fuzzy Hash: AA319571F002078BDB699E78E4667BE7AF6BB88350F14842AE806EF350CF754C459B91

Uniqueness

Uniqueness Score: -1.00%

Function 0157C7E1 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1750423600.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1570000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 786ae0761bca74804cd35ad184e7669b40525da0695fd0d0fed70edfa64d1ce3
Instruction ID: f45eff07877402ba608a2406fc228aaa0e1cb3e09b86b71ef3250a625d1a38ee
Opcode Fuzzy Hash: 786ae0761bca74804cd35ad184e7669b40525da0695fd0d0fed70edfa64d1ce3
Instruction Fuzzy Hash: E631C034A042578FCB21EB68E9568BEBBF5FF84364B10416AD801DB359DB34ED44CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0157C7C0 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1750423600.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1570000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2fb1a13b5dd9d4edf7c620613b06e3dc774e53431ac3dd30e90f938ed5f1f4a
Instruction ID: af3539f0af2fc8bac518e251bdb6de2c491c37418b42da8a6981eab55e76f465
Opcode Fuzzy Hash: f2fb1a13b5dd9d4edf7c620613b06e3dc774e53431ac3dd30e90f938ed5f1f4a
Instruction Fuzzy Hash: 9831E135B082138FCB21DB68E8924BEB7B1FF84324714416AC946DB349DB34DD45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01570006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1750423600.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1570000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07c230c9654796c04e05fec05d7ba2fe7fc3278fb3eb91449fd40df6f41e3678
Instruction ID: a3c174b5014dcb44f5614eff8ee4c1cc1aedfa8b4c61d8c036311ab2bd4f5e40
Opcode Fuzzy Hash: 07c230c9654796c04e05fec05d7ba2fe7fc3278fb3eb91449fd40df6f41e3678
Instruction Fuzzy Hash: D811F06158E7D25FC74397701830499BF716E5322431B41EBC0C4CA8A3DA4E9C5AC3A3

Uniqueness

Uniqueness Score: -1.00%

Function 0135076C Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1750212032.0000000001350000.00000040.00000020.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46daa96cbe2ac666246fd1df4b24e53eb4fd0e98e43e9d90daf25a60c4132aa2
Instruction ID: 0eec30369e9daa24837ad8dee5074957cabe73d72ad25e8c33855e93e7f4a18b
Opcode Fuzzy Hash: 46daa96cbe2ac666246fd1df4b24e53eb4fd0e98e43e9d90daf25a60c4132aa2
Instruction Fuzzy Hash: 2111B731244684DFD759CB14D980F25BB95EB89B0CF24C9ACF9491BB52C777D803CA91

Uniqueness

Uniqueness Score: -1.00%

Function 0135073C Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1750212032.0000000001350000.00000040.00000020.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99e8a2865749b86d7d6e9ab2c8551ef5ec31ea55263050cb2f27f162f74228c7
Instruction ID: 02c82918bba75e9388661386a24cd891ebcf10fdf3e71cb17752578f4cf18a47
Opcode Fuzzy Hash: 99e8a2865749b86d7d6e9ab2c8551ef5ec31ea55263050cb2f27f162f74228c7
Instruction Fuzzy Hash: 2A216A3510D3C18FD707CB20C990B01BFB1AF46708F1986DEE9848B6A3C73A9806CB52

Uniqueness

Uniqueness Score: -1.00%

Function 01579819 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1750423600.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1570000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53c2090a65cf126a3d02d556a196c70570e0b7a2635844cd7342d5ddc627a401
Instruction ID: 0f2a59dacdd0796dbce0d1b9286cf10cc5322cc010cbdec1b11de60ee2b0d630
Opcode Fuzzy Hash: 53c2090a65cf126a3d02d556a196c70570e0b7a2635844cd7342d5ddc627a401
Instruction Fuzzy Hash: CEF0F432784311AFC7225664B811B6D76A59BC9B34F25007FE600EF3A4CAB94C078395

Uniqueness

Uniqueness Score: -1.00%

Function 01579828 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1750423600.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1570000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07e6497ad6278c54e61b1b15e328472c516a930184bc417386d115044a74bbd9
Instruction ID: 08de14345c64920500a64324fb6d1e9f2abac88a681dd4c55f2af982ca13ca84
Opcode Fuzzy Hash: 07e6497ad6278c54e61b1b15e328472c516a930184bc417386d115044a74bbd9
Instruction Fuzzy Hash: 8EF0F632B00210ABC6216669AC11F2D71EADBC9BA4F25003EE601EF3D4DEB19C0643D9

Uniqueness

Uniqueness Score: -1.00%

Function 013505E0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1750212032.0000000001350000.00000040.00000020.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c35831e7836d8721ba55bb72d89e45b698d7355974d53fd8760a25eebd55c206
Instruction ID: 7d4dc4d8032ae429ff1bbceec338087c7620c393d8f123244d55cb4e429ddc80
Opcode Fuzzy Hash: c35831e7836d8721ba55bb72d89e45b698d7355974d53fd8760a25eebd55c206
Instruction Fuzzy Hash: C901D6B51493805FC7118F15EC80853BFF8EF4623071984BFEC498B612D275B909CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0135071C Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1750212032.0000000001350000.00000040.00000020.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f054415a8cd68aa35506320fda9b60c3bcf805273797a0ee78bfe135d12222c
Instruction ID: 5d7de27c09450bb93db6cae943efd818fc3a8366484f5c98bf217a82eb0c4f2c
Opcode Fuzzy Hash: 8f054415a8cd68aa35506320fda9b60c3bcf805273797a0ee78bfe135d12222c
Instruction Fuzzy Hash: 6F0140351087C09FC347CB10C580B55BFA1EB8A718F14C6DAE8854B663C33B9816DF92

Uniqueness

Uniqueness Score: -1.00%

Function 01350828 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1750212032.0000000001350000.00000040.00000020.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e3ffe0ab8b8bec43b0eca7ca5da45ad1ed39b609236ae5c53b800e7332b5d85
Instruction ID: b2725fc1c26b88641e99b78c4f6bc4d3916c3bb61a8914d1f1b6e847783ddc90
Opcode Fuzzy Hash: 0e3ffe0ab8b8bec43b0eca7ca5da45ad1ed39b609236ae5c53b800e7332b5d85
Instruction Fuzzy Hash: F5F0FB35148644DFC306CB44D980F15FBA2EB89718F24CAA9E94917A52C737D812DA81

Uniqueness

Uniqueness Score: -1.00%

Function 01350606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1750212032.0000000001350000.00000040.00000020.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4049164fcbe4099aca02af6c81762bc8b5eeeb65528735cc1cb898f0368fa2d1
Instruction ID: 398d7ef5319adf0ecde9286606b30c9ba476cf20831edd3c1ba4999d4970c142
Opcode Fuzzy Hash: 4049164fcbe4099aca02af6c81762bc8b5eeeb65528735cc1cb898f0368fa2d1
Instruction Fuzzy Hash: B2E092B66006004B9650CF0AEC81452F7D8EB88630758C47FDC0D8B711E235B509CEA6

Uniqueness

Uniqueness Score: -1.00%

Function 015700A0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1750423600.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1570000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad19a9c09daa55ea8c00659b4c804abc5b21d545a61f85a95354cf39e882e632
Instruction ID: f63da69eabf1e4ed8216c5567c0925288bc9d9b9b2d5133167e4a3743ae8465f
Opcode Fuzzy Hash: ad19a9c09daa55ea8c00659b4c804abc5b21d545a61f85a95354cf39e882e632
Instruction Fuzzy Hash: 5CD0A732654535D78B0922A828108FDB3994BD3620B01047FE1059A291CE890D1342A5

Uniqueness

Uniqueness Score: -1.00%

Function 01570070 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1750423600.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1570000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fef6ce7d762b051d74edb20e434af3173ee6c451005ac9dff6316526a0e40b3
Instruction ID: d91668d8be7e788cb3636d7b542f0f80fe6f9d57a28b03887bc5873890c9ca45
Opcode Fuzzy Hash: 4fef6ce7d762b051d74edb20e434af3173ee6c451005ac9dff6316526a0e40b3
Instruction Fuzzy Hash: D9C01215300534170D193279102546EA2698E564A8712047DD35A8A741CF4BDD1202DA

Uniqueness

Uniqueness Score: -1.00%

Function 011D23F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1749911481.00000000011D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11d2000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab077b3d6d397836ed3f3952aa0148ad8aeac8483ef35a13ceb1e4ff39c58232
Instruction ID: bad5329f5832e3aeefe44dc9651c73945fc04eec8c5e0b66876851816873fa38
Opcode Fuzzy Hash: ab077b3d6d397836ed3f3952aa0148ad8aeac8483ef35a13ceb1e4ff39c58232
Instruction Fuzzy Hash: 94D05E793056D14FE32B9A1CC6A8B953BE4AB55714F5A48F9AC00CB763CB78D581D600

Uniqueness

Uniqueness Score: -1.00%

Function 011D23BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1749911481.00000000011D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_11d2000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b30be0e69a91ee6ffb5a21b1e7d43e0cba2f20258b03a629769b91ccb6524220
Instruction ID: 5b2238c1c57d676c8596dc29ad9230e67b4c4a52736f52c1201af3a4c336fe24
Opcode Fuzzy Hash: b30be0e69a91ee6ffb5a21b1e7d43e0cba2f20258b03a629769b91ccb6524220
Instruction Fuzzy Hash: 4DD05E342042814BD729DA0CC6D4F593BD4AB89714F0648E8AC208B762CBB4D8C0DA00

Uniqueness

Uniqueness Score: -1.00%

Function 015700B0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1750423600.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1570000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52c6154cce0e22c4bf03e99e8cf528e68fcd907e3f829c8905ee072cafb3c9d9
Instruction ID: 9dd09fb70ebf98dc912d011c94d9e0817865e8e37ac74898ba14553019009aa6
Opcode Fuzzy Hash: 52c6154cce0e22c4bf03e99e8cf528e68fcd907e3f829c8905ee072cafb3c9d9
Instruction Fuzzy Hash: 94C04C1131453D630919319D24108BDB24D4997C65A41047ED60957651CE851D1202DE

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 013509EA Relevance: 2.7, Strings: 2, Instructions: 170COMMON

Download Yara Rule

Strings

k, xrefs: 01350A49
k, xrefs: 013509F1

Memory Dump Source

Source File: 00000002.00000002.1750212032.0000000001350000.00000040.00000020.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_chargeable.jbxd

Similarity

API ID:
String ID: k$k
API String ID: 0-2420876453
Opcode ID: 4ed0eaa60ba8236a668762f732781f332a2ff64e56cc4dcdecd879f764111794
Instruction ID: 25f37abb1a9152b53fa6f1ddfd280f3b41730a002e453e865dc6f75cb63627a1
Opcode Fuzzy Hash: 4ed0eaa60ba8236a668762f732781f332a2ff64e56cc4dcdecd879f764111794
Instruction Fuzzy Hash: 5A41D2A581E7C05FD7438B7499606823FB1AF23228B4B05D7C480DF4B3E25A990AC772

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: chargeable.exePID: 7848, Parent PID: 7800COMMON

Execution Graph

Execution Coverage:	15.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	2.3%
Total number of Nodes:	133
Total number of Limit Nodes:	5

Executed Functions

Function 058B262B Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 058B26AB

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 0b91df8469c1607527d073011bb5ea4fbce506a9946f4dd9eedd5ecbf283dabf
Instruction ID: efb9d4d2878429ae6c5a940db871974c80daa3215ea5eaa7b5dc22bc289b98e4
Opcode Fuzzy Hash: 0b91df8469c1607527d073011bb5ea4fbce506a9946f4dd9eedd5ecbf283dabf
Instruction Fuzzy Hash: B121B1755097809FEB128F25DC44B92BFB8AF06310F08849AED85CB663D270A908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 058B2662 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 058B26AB

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 9c4b9511279691db56d1d5ba606c89c2cc58bec177c7b653007915e1fa53c1a9
Instruction ID: 682b5c090b1f839b7bd770b0838e1b2db090eb3ff1a3004a2c0bf8ddc1d64da4
Opcode Fuzzy Hash: 9c4b9511279691db56d1d5ba606c89c2cc58bec177c7b653007915e1fa53c1a9
Instruction Fuzzy Hash: 5B118C355042049FEB20CF15D984BA2BBE8EF09220F0884AAED46CB761D275E818CB61

Uniqueness

Uniqueness Score: -1.00%

Function 057A0B68 Relevance: 1.6, APIs: 1, Instructions: 110
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 057A0B8F

Memory Dump Source

Source File: 00000003.00000002.4093798984.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_57a0000_chargeable.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: f507bc4c3691ed424cae67560d3c75e02cd75f9bae4092ac21580e40486e20a5
Instruction ID: 18cfc7ce728b67352c328dea28d3f4d1d688aea0c7d0d9386b3cf85fbce95323
Opcode Fuzzy Hash: f507bc4c3691ed424cae67560d3c75e02cd75f9bae4092ac21580e40486e20a5
Instruction Fuzzy Hash: B4414F31A002048FCB14DF78C5889ADB7F2BFC8214B158569D809EB35AEB34DD45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 018FB8CA Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 018FB989

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 37a3fb695e2b93f586b7d06a05a4d5e6f7cdc7bfde63ffcdac8dd90c0f4a1315
Instruction ID: 7abbd5bfc728da9c388d5396167032319d44b217aa952cea00b5d8847946d4e1
Opcode Fuzzy Hash: 37a3fb695e2b93f586b7d06a05a4d5e6f7cdc7bfde63ffcdac8dd90c0f4a1315
Instruction Fuzzy Hash: 6E318071505380AFE722CB65DC44BA2BFE8EF06310F08849EE985CB653E275E909DB71

Uniqueness

Uniqueness Score: -1.00%

Function 057A0B58 Relevance: 1.6, APIs: 1, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 057A0B8F

Memory Dump Source

Source File: 00000003.00000002.4093798984.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_57a0000_chargeable.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 317a234dd5895962bc18e7222c9c88eab1565d227f24a5da110870969c44fa7e
Instruction ID: efab4d27804f10a9282d2df7cc62743e4bb79e581bf7f21d49da7fca5840d519
Opcode Fuzzy Hash: 317a234dd5895962bc18e7222c9c88eab1565d227f24a5da110870969c44fa7e
Instruction Fuzzy Hash: 21415131A102048FCB14DF78C988A9DB7F2BFC8214B148569D809EB35ADB34DD45CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 058B2136 Relevance: 1.6, APIs: 1, Instructions: 99
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 058B21FD

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 09e7367be659e2798be769f6962bbcca1faffd352b34364a6c8b3045708477c3
Instruction ID: b1dce30f6ab235707d57d5c16e277c0bcee34108c857f39b210ff1aa2361a392
Opcode Fuzzy Hash: 09e7367be659e2798be769f6962bbcca1faffd352b34364a6c8b3045708477c3
Instruction Fuzzy Hash: 47319276504344AFE722CB65CC44FA7BBFCEF15210F08459AE985DB652D364E908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 018FBE37 Relevance: 1.6, APIs: 1, Instructions: 98
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 018FBEFE

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 3d1b960c418b92cd850e266273b71368ccba1faa1802e46f319f5dc713a5b3b3
Instruction ID: 5d57e8aad9d249a85caa9d411c7ce7115118bfca046f198582403e9314741e65
Opcode Fuzzy Hash: 3d1b960c418b92cd850e266273b71368ccba1faa1802e46f319f5dc713a5b3b3
Instruction Fuzzy Hash: 40318B6510E3C06FD3138B258C61A61BFB4EF47610B0E45CBD9C48B6A3D229A919C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 018FA7C7 Relevance: 1.6, APIs: 1, Instructions: 95
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 018FA879

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: cfb8f3a32d116fef1dd1aeaaa6644aa575f5fd3b04f63f2dabec431298b154f7
Instruction ID: 9b7f509c39f306513f51e1d23bb602b9e7edb07f68b983704666e4b94c85c619
Opcode Fuzzy Hash: cfb8f3a32d116fef1dd1aeaaa6644aa575f5fd3b04f63f2dabec431298b154f7
Instruction Fuzzy Hash: 6031B6B24083846FE7228B65DC44FA7BFBCEF16314F08859AE985CB653D264E909C771

Uniqueness

Uniqueness Score: -1.00%

Function 058B0D54 Relevance: 1.6, APIs: 1, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 058B0E1B

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 2c35216f24394208c1077cec637b9679e7de01e218176d9fcc0492467bc13a4a
Instruction ID: 9a334fce1f4e38956623b8e25053fd2009f7708fd70a27d0bde2c85e59469b66
Opcode Fuzzy Hash: 2c35216f24394208c1077cec637b9679e7de01e218176d9fcc0492467bc13a4a
Instruction Fuzzy Hash: D731A1B1504340AFE721CB50DC44FA7BBACEB14314F04489AFA499B681D275E908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 018FA612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 018FA6B9

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 75061ab15c695e16bd0a814ed2f60a8c4521392ae35a6cdff61a7719a651ad10
Instruction ID: 054096923f0b5a2328a82885aaa9c89a496885594a3b58cd57db3d6fdfd625d1
Opcode Fuzzy Hash: 75061ab15c695e16bd0a814ed2f60a8c4521392ae35a6cdff61a7719a651ad10
Instruction Fuzzy Hash: 9B3161755093806FE712CB25DC85B96BFF8EF06314F08849AE984CB292D375E909C771

Uniqueness

Uniqueness Score: -1.00%

Function 058B0548 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 058B05DF

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: a9c93c92d3b4894815fe9f175a3550a6b31fa70588e9313d83104e4091eaf25a
Instruction ID: 1ddc1160fd6a1be45c944c17b314b2125776dee8a1422af264a82412e269a147
Opcode Fuzzy Hash: a9c93c92d3b4894815fe9f175a3550a6b31fa70588e9313d83104e4091eaf25a
Instruction Fuzzy Hash: 0331BF71504340AFEB22CB25DC44FA7BBACEF45210F0884AAE985DB652D264E908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 058B0C4C Relevance: 1.6, APIs: 1, Instructions: 88
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessTimes.KERNELBASE(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 058B0CE9

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 5298095ba0666ea056829338fb2ae224e9d3449434e90a26583445c2943e9dcd
Instruction ID: af1a7bb0b462bd58633b7441c5b36b29b7e5a3a4393f53b56d7349da8d292f66
Opcode Fuzzy Hash: 5298095ba0666ea056829338fb2ae224e9d3449434e90a26583445c2943e9dcd
Instruction Fuzzy Hash: 952109725093806FE7228F20DC44FA7BFB8EF16310F08849AE985DB196C275A908C771

Uniqueness

Uniqueness Score: -1.00%

Function 018FA8C1 Relevance: 1.6, APIs: 1, Instructions: 86
windowtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageTimeoutA.USER32(?,00000E24), ref: 018FA97D

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: MessageSendTimeout
String ID:
API String ID: 1599653421-0
Opcode ID: bffe9c49d07cd3fc321277cc8811d7cba868b05cec11dc10f43a3b246e83ec30
Instruction ID: 41ab4e728bfe5fef32bf5bebb16e2c8722b5a64a5d90f15546d62acde6e5de43
Opcode Fuzzy Hash: bffe9c49d07cd3fc321277cc8811d7cba868b05cec11dc10f43a3b246e83ec30
Instruction Fuzzy Hash: 9731F6710043806FEB228F60DC44FA2BFB8EF06320F08849EE9848B553D274A508CB61

Uniqueness

Uniqueness Score: -1.00%

Function 058B2162 Relevance: 1.6, APIs: 1, Instructions: 86
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 058B21FD

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 54597c0a95aaec6d0bc35d43c847139fda0e7bd478a000adc2cc05683209def9
Instruction ID: 51833ba8e0533368feae1dcac183c61f0110ed8237cf418de8b7a83b488e23f9
Opcode Fuzzy Hash: 54597c0a95aaec6d0bc35d43c847139fda0e7bd478a000adc2cc05683209def9
Instruction Fuzzy Hash: F821AD76500204AFEB31DE25CC44FABFBECEF18214F08856AED46DA751D774E9088A71

Uniqueness

Uniqueness Score: -1.00%

Function 018FA361 Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 018FA40C

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: b7e959846e2960cdffa0f7df7379937cadafa5f495157c2c54a6820477e35fbb
Instruction ID: 553d21cb1887da415c3ac12a6ceb0581eda59ce258131c1622cda318d62ca72e
Opcode Fuzzy Hash: b7e959846e2960cdffa0f7df7379937cadafa5f495157c2c54a6820477e35fbb
Instruction Fuzzy Hash: 11315075509744AFE722CF15CC84F92BBF8EF15720F08849AE985CB692D364E909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 058B0D76 Relevance: 1.6, APIs: 1, Instructions: 84
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 058B0E1B

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 6211f2d06c9b0d202ae7a6f93d189ca10173de201af4b1096622cc1c9ef3e38d
Instruction ID: ba7c225ecca42245385e813f23c1bc886b663f6757ec625993e3e546a3ec6ec0
Opcode Fuzzy Hash: 6211f2d06c9b0d202ae7a6f93d189ca10173de201af4b1096622cc1c9ef3e38d
Instruction Fuzzy Hash: E6218071500204AEFB21DB60DC84FA7F7ACEB14714F04885AEA89DA685D6B5E9088B71

Uniqueness

Uniqueness Score: -1.00%

Function 058B10C8 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNELBASE(?,00000E24,?,?), ref: 058B116E

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 33bcbb27c9eb88975d4a2d773b87efd3f9a8ad268d0e845c141bf3fc503cfe1e
Instruction ID: c0244dad2225b49cf9ca1adf9725c28d95e73d7194616f108333a3c7740a1a06
Opcode Fuzzy Hash: 33bcbb27c9eb88975d4a2d773b87efd3f9a8ad268d0e845c141bf3fc503cfe1e
Instruction Fuzzy Hash: D231717150D3C06FD3128B258C55B62BFB8EF87610F0981DBE884DF693D225A959C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 058B23D5 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 058B2464

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: fe1a8601b3414a8e9006d43e58bfc0c34273612fd41b963e2d04ec4b400b6679
Instruction ID: d8d4423a8559d756dd665f8fdadbb11e3e56d91901c5bcd59094b66648b4b375
Opcode Fuzzy Hash: fe1a8601b3414a8e9006d43e58bfc0c34273612fd41b963e2d04ec4b400b6679
Instruction Fuzzy Hash: 90215E755083849FEB12CF25DC44A92BFF8EF06214F09849AED85CB662D264A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 058B0006 Relevance: 1.6, APIs: 1, Instructions: 80networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 058B009E

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: b4faf145ac87832c27c3eb7b67c70ef5229fa0ecd48c6faa28fbb8aafc43be51
Instruction ID: 326507ca1a0108ee4fc070fb300e3ed58621fa60c86e7ac816fb99b3df076fcf
Opcode Fuzzy Hash: b4faf145ac87832c27c3eb7b67c70ef5229fa0ecd48c6faa28fbb8aafc43be51
Instruction Fuzzy Hash: 3E319371509380AFE722CF55DC44F56FFF8EF05210F08849AE9859B652D379A808CB71

Uniqueness

Uniqueness Score: -1.00%

Function 018FB9E0 Relevance: 1.6, APIs: 1, Instructions: 79COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 018FBA75

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 940d51cf7911500010e577251564536c2550742a0aee90426c7cdec6b9cc94dd
Instruction ID: a2d5de09396b6a6c2cc1634d6f501bd983ac6c32a067a43aa96650bb53390b12
Opcode Fuzzy Hash: 940d51cf7911500010e577251564536c2550742a0aee90426c7cdec6b9cc94dd
Instruction Fuzzy Hash: 3A21F8B54093806FE712CB15DC45BA2BFBCEF56324F0985D6ED808B2A3D264A909C771

Uniqueness

Uniqueness Score: -1.00%

Function 058B27AD Relevance: 1.6, APIs: 1, Instructions: 79COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNELBASE(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 058B2834

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 6e7511b2eb617e773902a2c7423c3ebfc5e4925efa517dbccfd1f0b52e02e831
Instruction ID: 3eaf1076c43bb34abad850d1fb280b606f44f151cfc62a322fe8edad50c9e455
Opcode Fuzzy Hash: 6e7511b2eb617e773902a2c7423c3ebfc5e4925efa517dbccfd1f0b52e02e831
Instruction Fuzzy Hash: 0021C1715093806FE712CB24DC45FA6BFB8EF42214F0884DAE984DF2A6D268A908C771

Uniqueness

Uniqueness Score: -1.00%

Function 018FA462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 018FA4F8

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 6559587a92df228eed5ea13faf35d2383e86671b4381c5a075d31622b3596307
Instruction ID: 90401fd2342e62ee4f939f468cb4d0326b71b0bf193f191e582d1c7ea7e9cebf
Opcode Fuzzy Hash: 6559587a92df228eed5ea13faf35d2383e86671b4381c5a075d31622b3596307
Instruction Fuzzy Hash: 1E218E765083806FE7228B55DC44FA7BFB8EF56220F08849AE989DB652D264E908C771

Uniqueness

Uniqueness Score: -1.00%

Function 058B06FE Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 058B0792

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 62421bb4f57aab5976e264695d23887bc2ee6d8af2e285b56ef3321a7ec2d763
Instruction ID: ac7b8cc1946333c1378abe16eee8301c879133a775005aacf9c5bb4281b1c87a
Opcode Fuzzy Hash: 62421bb4f57aab5976e264695d23887bc2ee6d8af2e285b56ef3321a7ec2d763
Instruction Fuzzy Hash: 5A21B171405340AFE722CB15CC48F96FBF8EF19224F04849EE9858B652D375E908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 018FB90A Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 018FB989

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 5f97b9be51baca91202ef02646c64d8604cdca74c6c1182efd2b66fb026ee771
Instruction ID: 70341c617a1a4e4dd92a9b90e675f4612918786b472d316d61f2551fe11ea8c4
Opcode Fuzzy Hash: 5f97b9be51baca91202ef02646c64d8604cdca74c6c1182efd2b66fb026ee771
Instruction Fuzzy Hash: 7A219F71604204AFEB21DF65CC84B66FBE8EF08314F04846EEA85CB752E375E508CA71

Uniqueness

Uniqueness Score: -1.00%

Function 058B24A4 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 058B252A

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: b8529a169ccae9a33259e4b5e139f1d6d73eb5c16a2986b390227a9fa4701587
Instruction ID: 6907a1daf17d02fbdfaf997e597fac3bf7d2a17638d36783d65aca827cf3e74a
Opcode Fuzzy Hash: b8529a169ccae9a33259e4b5e139f1d6d73eb5c16a2986b390227a9fa4701587
Instruction Fuzzy Hash: 9721C4B55093805FE713CB25CC54B52BFA8AF46214F0D84DAEC49CB253D265E908CB31

Uniqueness

Uniqueness Score: -1.00%

Function 058B056E Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 058B05DF

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 8875d279680cd6003668421ae6a3554c3dfece02322fd8a5b0f21f841d29bb5d
Instruction ID: c55cf6d574dc7b12ab6ce8ec3bcde3628e870c9b4b8cd0251ef7606e8b506ab9
Opcode Fuzzy Hash: 8875d279680cd6003668421ae6a3554c3dfece02322fd8a5b0f21f841d29bb5d
Instruction Fuzzy Hash: 10219271600204EFFB20DF25DC45FABBBACEF54214F08846AED45DB755D674E9088A71

Uniqueness

Uniqueness Score: -1.00%

Function 058B0462 Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 058B04F4

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: aa158cf3b6c1146b75a4731b7a7814927f59796ae10ce7931573e459a05e5995
Instruction ID: 34f6d4a5b74c0e1550d2f076de83e480b0514871d74fad9608ec2dd14d0fede6
Opcode Fuzzy Hash: aa158cf3b6c1146b75a4731b7a7814927f59796ae10ce7931573e459a05e5995
Instruction Fuzzy Hash: 1C219072508340AFE721CF15DC48FA7BBFCEF05210F08849AE985DB652D264E908CB72

Uniqueness

Uniqueness Score: -1.00%

Function 018FA7FA Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 018FA879

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 11bdbccdc5fd1e0c9d61d57498be86c797ab02fc18779fa83c01d83f043b4d37
Instruction ID: 8b1f7263ba287c6e2b6ba0fb175289f4eeb3add8827d86dd4a29d7328d8ae3e6
Opcode Fuzzy Hash: 11bdbccdc5fd1e0c9d61d57498be86c797ab02fc18779fa83c01d83f043b4d37
Instruction Fuzzy Hash: E021CDB2510204AEE7219A55DC84FABFBACEF14324F04846AEA49CB652D774E5098AB1

Uniqueness

Uniqueness Score: -1.00%

Function 058B2897 Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetProcessWorkingSetSize.KERNEL32(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 058B2913

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 5ff163e4b6fbd52fc5c62d143d4dfd13ed10236f8b8725811aeffc64f2ee11b2
Instruction ID: 6e14179329f0a9cb71aa5f2ecd7daaf500032bd5159f96ae612387eef0bd4b20
Opcode Fuzzy Hash: 5ff163e4b6fbd52fc5c62d143d4dfd13ed10236f8b8725811aeffc64f2ee11b2
Instruction Fuzzy Hash: AE21D7715093806FE711CB15DC44FA6BFB8EF45210F08849AED85DB256D274E908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 058B297B Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

SetProcessWorkingSetSize.KERNEL32(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 058B29F7

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 5ff163e4b6fbd52fc5c62d143d4dfd13ed10236f8b8725811aeffc64f2ee11b2
Instruction ID: 52ad006616f8696379b8515a6c231039aafcf3c56b2c75738f50f2d60f4136b3
Opcode Fuzzy Hash: 5ff163e4b6fbd52fc5c62d143d4dfd13ed10236f8b8725811aeffc64f2ee11b2
Instruction Fuzzy Hash: D221A4715093806FE722CB25DC44FA6BFB8EF45210F08849AED85DB656D274E908CB75

Uniqueness

Uniqueness Score: -1.00%

Function 018FA646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 018FA6B9

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: b660159ec24ce2d7484ae3231a6de2cd20e18c7bc55e8555266f6134238a8c31
Instruction ID: f5a5879120349fd99644caa7c2c9685fed954977967d962a20860c8264a193eb
Opcode Fuzzy Hash: b660159ec24ce2d7484ae3231a6de2cd20e18c7bc55e8555266f6134238a8c31
Instruction Fuzzy Hash: 5121B0756042009FE720DB29CD85BA6FBE8EF04324F04846DEE89CB745D779E908CA71

Uniqueness

Uniqueness Score: -1.00%

Function 018FBCC2 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 018FBD41

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: b34734aebf75ead4c81cfd2fabfcbf5cd8387f0027fc962fefb30c63f4f8576b
Instruction ID: 2619fab5c0bf5a1810291724fe89ea8268a50476277ed2b0918b49650f6a3c74
Opcode Fuzzy Hash: b34734aebf75ead4c81cfd2fabfcbf5cd8387f0027fc962fefb30c63f4f8576b
Instruction Fuzzy Hash: 4B21A171509380AFDB22CF55DC44F97BFB8EF45310F08849AE9859B656C235E508CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 018FA392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 018FA40C

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: a6a268692ffed0ccc671f60eeecc8beaa164a530c907a7aabc57bfe23f38cad3
Instruction ID: d1f743581119d30b00fd17106369218de163c7ed8944eb613c37bc4d87701678
Opcode Fuzzy Hash: a6a268692ffed0ccc671f60eeecc8beaa164a530c907a7aabc57bfe23f38cad3
Instruction Fuzzy Hash: 19218E75600204AFE721CE19CC84FA6B7ECEF14724F08846AEE49CB655D774E909CA71

Uniqueness

Uniqueness Score: -1.00%

Function 018FA140 Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,?), ref: 018FA1C1

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: fc5dddce38cbc0d8e884651885487fb8d6ed0b75a42536430e1582eca27bef57
Instruction ID: 348512745ee85303aaac9db1fe117b37282a18e11bdd029e82b8c254dd6758b4
Opcode Fuzzy Hash: fc5dddce38cbc0d8e884651885487fb8d6ed0b75a42536430e1582eca27bef57
Instruction Fuzzy Hash: C321897140D7C09FD7238B658C54A52BFB4EF07220F0A88DBD9858F5A3C269A949CB62

Uniqueness

Uniqueness Score: -1.00%

Function 058B230F Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 058B238B

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: ddf4dc4267c40c9053466f94ae2600e9dbcb89d63fffa578c9602f1f170816e6
Instruction ID: 4a40009edaf15b7bbacb5c9a954c303ac1f10fedda8eddd3e1c9edebf43e4d81
Opcode Fuzzy Hash: ddf4dc4267c40c9053466f94ae2600e9dbcb89d63fffa578c9602f1f170816e6
Instruction Fuzzy Hash: C921A1714093846FE722CB11DC44FA6BFB8EF45214F08849AED859B656C278A908C771

Uniqueness

Uniqueness Score: -1.00%

Function 058B071E Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 058B0792

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 9ad30e56f377762e60d9251c53bdf455dc5db82566f294b2fa8718e53a53043f
Instruction ID: 011b2c7b7a02dd95899a0b3326180e6c1e5538049a78cc58efc794c7d3d94896
Opcode Fuzzy Hash: 9ad30e56f377762e60d9251c53bdf455dc5db82566f294b2fa8718e53a53043f
Instruction Fuzzy Hash: 4C21F071400204AFE721CF15CC88FA6FBE8EF18224F048469ED858B755D776E808CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 058B0F26 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 058B0FA2

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: d7f3c90eac04102ddeefc05ac9c0f081c9a35da8ed38db0300ccdfcf41fd9995
Instruction ID: a3ed78b7fc0d4ab5f69df844223946a21259513215078903e12192362dca153e
Opcode Fuzzy Hash: d7f3c90eac04102ddeefc05ac9c0f081c9a35da8ed38db0300ccdfcf41fd9995
Instruction Fuzzy Hash: 9E218071508384AFDB228F55DC44BA2FFF8EF06210F08859AED858B662D375A918DB61

Uniqueness

Uniqueness Score: -1.00%

Function 058B0032 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 058B009E

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 18dea5aa35272909e8216ab57d3db8b050effec1c0438e6e3fea730b80b1a3cb
Instruction ID: e82495fa87cccb11914e545b828c9403a248065c10b225d8c033ea22785a300b
Opcode Fuzzy Hash: 18dea5aa35272909e8216ab57d3db8b050effec1c0438e6e3fea730b80b1a3cb
Instruction Fuzzy Hash: ED21D171504244AFEB21CF55DD44FA6FBE8EF08324F04886AED868A755D3B5E409CB71

Uniqueness

Uniqueness Score: -1.00%

Function 018FA902 Relevance: 1.6, APIs: 1, Instructions: 66windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutA.USER32(?,00000E24), ref: 018FA97D

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: MessageSendTimeout
String ID:
API String ID: 1599653421-0
Opcode ID: bc15d32918f47e4b51ab8e7b8712b0a9cd1dfa0bc02248f3b061ba3942228671
Instruction ID: 50c059654a7045312989860a4f6e26605bed3372d286e4fabe8ecc14cce6ab27
Opcode Fuzzy Hash: bc15d32918f47e4b51ab8e7b8712b0a9cd1dfa0bc02248f3b061ba3942228671
Instruction Fuzzy Hash: B621E175500200AFEB318F55DC40FA6FBA8EF08324F04886EEE899A695D375F508CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 058B138A Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E24), ref: 058B1413

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: a10950ff0563d131a67f090bf914f6b38229f2438a936faa19412bcd9aeef3c1
Instruction ID: 16feb4516678e00060ea4f0fd3bce10760311bc4a0d7a1a7885c5de07cac3d84
Opcode Fuzzy Hash: a10950ff0563d131a67f090bf914f6b38229f2438a936faa19412bcd9aeef3c1
Instruction Fuzzy Hash: 2911B4715043406FE721CB11DC85FA6FBB8DF45720F04849AFD449B692D2B8A948CB62

Uniqueness

Uniqueness Score: -1.00%

Function 018FA486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 018FA4F8

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 50a0e2b76556e0c2c9e9d59ddc99effa57f77a3d579c1cf2c9779228ece4f9e4
Instruction ID: ac0aa08de338e0c47decb80be2516edc1039e71e3cdbb6c57fc1a1e6b28cc2b8
Opcode Fuzzy Hash: 50a0e2b76556e0c2c9e9d59ddc99effa57f77a3d579c1cf2c9779228ece4f9e4
Instruction Fuzzy Hash: F611B176500204AFEB21CE15DC84FA6BBECEF14724F04845AEE49DB755D774E508CA71

Uniqueness

Uniqueness Score: -1.00%

Function 058B0482 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 058B04F4

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 255f25fd14d9e4cb1f4c28c5ee2d0b4e6f39b1cdea86fdab31d21fab004aa7c7
Instruction ID: 0892274e3090983e64ea2fc8e45a1ca22f637f311d02361bebb1e63cf8cecf02
Opcode Fuzzy Hash: 255f25fd14d9e4cb1f4c28c5ee2d0b4e6f39b1cdea86fdab31d21fab004aa7c7
Instruction Fuzzy Hash: 1F119072500204EFEB21CE15DC48FA7B7ECEF14614F04845AED45DAB55D774E908CA72

Uniqueness

Uniqueness Score: -1.00%

Function 058B31C1 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 058B323D

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: b01d772ba35b463cf3137bfd3559351ff820a23a6fc84a7d0817f0714288616f
Instruction ID: b4dd2c4f2d9c1281f17b99d398ed46b7b2f3f2a9bde59c0b2c61845d465a9c6e
Opcode Fuzzy Hash: b01d772ba35b463cf3137bfd3559351ff820a23a6fc84a7d0817f0714288616f
Instruction Fuzzy Hash: D82193715093806FEB22CA15DC45B62BFF8EF46611F09848AED85DB253D275E908C771

Uniqueness

Uniqueness Score: -1.00%

Function 018FA710 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 018FA780

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 3b3366abb4510124bf174ce926060d125d428fd3d07225eff4dd18a280b7d006
Instruction ID: 8fb8fdcd0e4f1c629bafa129892796c756bf12c184071952fdc0ea2f7fec3cb3
Opcode Fuzzy Hash: 3b3366abb4510124bf174ce926060d125d428fd3d07225eff4dd18a280b7d006
Instruction Fuzzy Hash: 1221D2B55083809FDB12CB55DC86B52BFA8EF02324F09849BED858B653D334A909CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 058B0C8A Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 058B0CE9

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 8ae9b451ebb26fc117d8130d12588f5bf3a6e173e7e215b2621e52164f825109
Instruction ID: 3fa0d78f89f3bd7bc9ec59ac44b581bf7447439ad9361bc6c7229d28eec177a3
Opcode Fuzzy Hash: 8ae9b451ebb26fc117d8130d12588f5bf3a6e173e7e215b2621e52164f825109
Instruction Fuzzy Hash: B111B176500204AFEB21CF55DC48FABB7A8EF14214F08846AED45CA759D775E908CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 058B299E Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

SetProcessWorkingSetSize.KERNEL32(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 058B29F7

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 4dcce54ce883fec207dac5d77c5b9da89fa1cae2113b4c59702485120af13b46
Instruction ID: 4134d0a8c7757a39b979ae30e33230f1a3f748873b31536b6e6ee203b0b2322a
Opcode Fuzzy Hash: 4dcce54ce883fec207dac5d77c5b9da89fa1cae2113b4c59702485120af13b46
Instruction Fuzzy Hash: F311C1B5600204AFEB21CF15DC44FAAB7ACEF44224F08846AED45DB755D774E9088AB1

Uniqueness

Uniqueness Score: -1.00%

Function 058B28BA Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

GetProcessWorkingSetSize.KERNEL32(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 058B2913

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 4dcce54ce883fec207dac5d77c5b9da89fa1cae2113b4c59702485120af13b46
Instruction ID: 312e44ec8fb65d3b008a8f4fd23caf6d294810443078531bf8f2d0aeebea154d
Opcode Fuzzy Hash: 4dcce54ce883fec207dac5d77c5b9da89fa1cae2113b4c59702485120af13b46
Instruction Fuzzy Hash: C211B275600204AFEB21CB15DC44FAAB7ACEF44324F04846AED49DB759D674E9088BB1

Uniqueness

Uniqueness Score: -1.00%

Function 018FAF93 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 018FAFFE

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 1d1025e1f7a0d397fe9bb458225ca39797268c8f5c40353b83d180751cdf9f12
Instruction ID: 0502670d0aa9b6b61574df76cd3d5985eb09ec5f37a7b220a9d727f8309948b0
Opcode Fuzzy Hash: 1d1025e1f7a0d397fe9bb458225ca39797268c8f5c40353b83d180751cdf9f12
Instruction Fuzzy Hash: DC117F71409380AFDB228F55DC44B62FFF4EF4A310F08889EEE858B662D275A518DB71

Uniqueness

Uniqueness Score: -1.00%

Function 058B27DE Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNELBASE(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 058B2834

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 716644c478b41c458e955402191e68c8319f63008f4cf06ed5ff6c69a3d2f2ad
Instruction ID: 111f79ab620c32bc384e9615651a3826c6d13bb8e393795323ba26be41cd3866
Opcode Fuzzy Hash: 716644c478b41c458e955402191e68c8319f63008f4cf06ed5ff6c69a3d2f2ad
Instruction Fuzzy Hash: F611E375900204AFFB21CB15DC45FAABBACEF44224F04846AED45DB755D678E908CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 018FBCE2 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 018FBD41

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 10edceb03faf5551311770c3642099c42374daf85969e920e71a466f65f35983
Instruction ID: 3dd8ecf89a70954061f87f8fcce8566f0ab2c37383a6c41e30c87418a6c93710
Opcode Fuzzy Hash: 10edceb03faf5551311770c3642099c42374daf85969e920e71a466f65f35983
Instruction Fuzzy Hash: 1711E271500200AFEB21DF55DC44FA6FBA8EF04314F04886AEE45DB655C334E5088BB2

Uniqueness

Uniqueness Score: -1.00%

Function 058B03BE Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

GetComputerNameW.KERNEL32(?,00000E24,?,?), ref: 058B043A

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: c18f3bdf866cecb81fc5a6c35af887c5625d071fd411f57ea99b6c773e24b229
Instruction ID: 8d137ca838f12fb96c7d10f66924437d4f3ea7a4c146fc1d75c91f86e2540b67
Opcode Fuzzy Hash: c18f3bdf866cecb81fc5a6c35af887c5625d071fd411f57ea99b6c773e24b229
Instruction Fuzzy Hash: 2211C8715093806FD311DB15CC45F26FFB4EF86620F19818FEC449B693D625B915C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 058B2332 Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 058B238B

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 7ce5de7f23e9d9540cd47d0b05fc173f2ed384d1e8070b62e9664926162a3854
Instruction ID: 4ba51c6d70e3c9bf66025d9dbf089d7346a259a556f6af931bdd7b90d967472d
Opcode Fuzzy Hash: 7ce5de7f23e9d9540cd47d0b05fc173f2ed384d1e8070b62e9664926162a3854
Instruction Fuzzy Hash: 5711C175500204AEEB21CF55DC44FAAFBACEF48324F04846AED45DF755D278E908CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 018FABC1 Relevance: 1.6, APIs: 1, Instructions: 57comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 018FAC20

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 9b47c89759c4ab041fbe494c6951e88f404532b253deb78a1138d2e1ece47750
Instruction ID: d3be13fa03aafd836fd66812dff6f1e3814b671b12490e2d9537abcc8b2c379a
Opcode Fuzzy Hash: 9b47c89759c4ab041fbe494c6951e88f404532b253deb78a1138d2e1ece47750
Instruction Fuzzy Hash: 491160715093C05FDB128B25DC45792BFB4DF46220F0984DAED888F253C275A948CB61

Uniqueness

Uniqueness Score: -1.00%

Function 018FA2D2 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 018FA330

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 764f31083123031cb77ae77bee525d5bff800fdbd0fa678fb0dea57f8b524f55
Instruction ID: 7beb3d1db9531293d213a1b27265451a017d0adba1a4f4b8b683d66a780e1145
Opcode Fuzzy Hash: 764f31083123031cb77ae77bee525d5bff800fdbd0fa678fb0dea57f8b524f55
Instruction Fuzzy Hash: 18118F714093C06FDB138B25DC54662BFB4DF47220F0D80CBED858B263C2656908D772

Uniqueness

Uniqueness Score: -1.00%

Function 058B13AA Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E24), ref: 058B1413

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: f134e989745419de5d2b034d4605aa1c29cc39a4ac54d63aba540af6d84f5812
Instruction ID: 0dd75087bb18772ccc329752e1f40be51b190701ec39da0dc4bfe503ad84b111
Opcode Fuzzy Hash: f134e989745419de5d2b034d4605aa1c29cc39a4ac54d63aba540af6d84f5812
Instruction Fuzzy Hash: 9B11CE71500204AEF720DB15DC89FF6FBA9DF04724F1484AAED449E785D6B8E948CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 058B240E Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 058B2464

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: 8fe2155b6e1893d396c5ba996a40bd6642c9bb778ff93201228f5a9863d7223d
Instruction ID: 3e1d867af5d01629efd3b516ef0e7528ceb6b210e3dbf4dbae2f5e640ec0cd1c
Opcode Fuzzy Hash: 8fe2155b6e1893d396c5ba996a40bd6642c9bb778ff93201228f5a9863d7223d
Instruction Fuzzy Hash: CA1160756042049FEB20CF19D984BA2F7E8FF08214F08846ADD4ACBB51D374E908CB72

Uniqueness

Uniqueness Score: -1.00%

Function 058B24E2 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 058B252A

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 0874a681e162386e5d4864f894b764259460069e4911f80c2a6dbcdb44e4e8a8
Instruction ID: 0228ad01b386865668316a033fb5a98acafd690a55554daedc3544ee9f6322ab
Opcode Fuzzy Hash: 0874a681e162386e5d4864f894b764259460069e4911f80c2a6dbcdb44e4e8a8
Instruction Fuzzy Hash: BD11A5756042008FEB60CF29DC84BA6FBE9EF04620F08846ADC46DB755D674E904CA71

Uniqueness

Uniqueness Score: -1.00%

Function 018FBA22 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,FB9095BF,00000000,00000000,00000000,00000000), ref: 018FBA75

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 1a2cf9aa5cb52c2bec492bac973a9eaa21832bf23c22ffd62bfabfee98ba19ca
Instruction ID: 3edeac66a5e005ed0e18b84bfe1bf82620b283ff71b1d49ed1321a2e4c011399
Opcode Fuzzy Hash: 1a2cf9aa5cb52c2bec492bac973a9eaa21832bf23c22ffd62bfabfee98ba19ca
Instruction Fuzzy Hash: E6012271500204AEE720CB15DC84FA6F7ACDF44324F08C0AAEE44CB745D778EA0C8AB1

Uniqueness

Uniqueness Score: -1.00%

Function 058B0F56 Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 058B0FA2

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: f9cc868b99a40b0dbd815be86631d609fa3141077f19e43f763c813621933d37
Instruction ID: cf1b916c2d31205dd94681dbe0985b75b8a9ceccbc016988bfe90335c7cf3bc9
Opcode Fuzzy Hash: f9cc868b99a40b0dbd815be86631d609fa3141077f19e43f763c813621933d37
Instruction Fuzzy Hash: 39117031604644DFEB20CF55D848BA2FBE9FF08210F08896AED468B762D375E958DF61

Uniqueness

Uniqueness Score: -1.00%

Function 058B111E Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNELBASE(?,00000E24,?,?), ref: 058B116E

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: b93a63319e251aa5c56d8515c0a410450b2c5dedab48d4cca910872cd329f7c1
Instruction ID: bf6fca4fec605f1d10a32cc6d562cdb5f8a86a46bbde4a12d10aa38d997a0c82
Opcode Fuzzy Hash: b93a63319e251aa5c56d8515c0a410450b2c5dedab48d4cca910872cd329f7c1
Instruction Fuzzy Hash: 7C01B171600200ABD310DF16CC85B66FBE8EB88A20F14811AEC489BB45D735F915CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 058B31F2 Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 058B323D

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: df30c80801819eda8f5974f4069e8368ce98583b16f92ab81deedc6369081cbb
Instruction ID: d86185bcd96c1fd736e30535ffa6131b365792744df9ad98b11bfefc33bd6036
Opcode Fuzzy Hash: df30c80801819eda8f5974f4069e8368ce98583b16f92ab81deedc6369081cbb
Instruction Fuzzy Hash: B10180715042009FEB20CE19DC45B62FBE8FF04621F088869DD45DB751D6B4E808CA71

Uniqueness

Uniqueness Score: -1.00%

Function 018FAFBA Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 018FAFFE

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 8551d1af5ac7fb64aa271a8572ee64ce45cd507b154d3051fb7615887bdfe897
Instruction ID: 95686b8d65cd5a0bd701ec96fc39468c4fce142347c57a6b5b8a15bf9129531e
Opcode Fuzzy Hash: 8551d1af5ac7fb64aa271a8572ee64ce45cd507b154d3051fb7615887bdfe897
Instruction Fuzzy Hash: B201AD324002009FDB21CF59D944B52FBE0EF48320F0888AEEE498B652C336E118DF62

Uniqueness

Uniqueness Score: -1.00%

Function 018FBEAE Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 018FBEFE

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1148f5c89d62065483267432f9406d562a256a25f7ea32970973c5462ef72074
Instruction ID: a5fe377400ad5febf031d55b940d95a04696a2250a48230bab580d11e4c74d42
Opcode Fuzzy Hash: 1148f5c89d62065483267432f9406d562a256a25f7ea32970973c5462ef72074
Instruction Fuzzy Hash: 7901D671500200ABD310DF16CC86B66FBE8FB88B20F14811AEC489BB41D775F925CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 018FA74E Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 018FA780

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: a2f25e245f4d746c06b82f83c6177d0a5e80068b23191af5645b6ad8aeabc389
Instruction ID: 8b596baa184ae55378a5626e4b734a5df7d1504467d8012c62d41f87887cdf39
Opcode Fuzzy Hash: a2f25e245f4d746c06b82f83c6177d0a5e80068b23191af5645b6ad8aeabc389
Instruction Fuzzy Hash: 4501DF756042008FEB10CF29D984B66FBE4DF04320F08C4ABDD8ACF756D278E508CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 058B03EA Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GetComputerNameW.KERNEL32(?,00000E24,?,?), ref: 058B043A

Memory Dump Source

Source File: 00000003.00000002.4093922522.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_58b0000_chargeable.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: 75421d58c8831f009239316f592ea04e639e4607399e07aab06acda065367d83
Instruction ID: e6ba2a3742174ee09b2c33675f7e14b7fcccd168075f1a748aaf85d8eb113a97
Opcode Fuzzy Hash: 75421d58c8831f009239316f592ea04e639e4607399e07aab06acda065367d83
Instruction Fuzzy Hash: 3601D671500200ABD310DF16CC86B66FBE8FB88A20F148159EC089BB41D735F915CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 018FA186 Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,?), ref: 018FA1C1

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: acdc55196ba5a997c6b08715869831e222175d72f4801a8baaec285d70889f89
Instruction ID: b920be514c8f2b48844ef4d8895898c7071e7d4c5139345745bdd25491fc317c
Opcode Fuzzy Hash: acdc55196ba5a997c6b08715869831e222175d72f4801a8baaec285d70889f89
Instruction Fuzzy Hash: BA019E315046449FDB21CF59D944B62FBE4EF44360F0888AADE4A8F616C275A548CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 018FABEE Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 018FAC20

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 09ea8db837c5dceb20e3ebecef72ebf6904aef41b9e1946d8f619d53b6f579a6
Instruction ID: a5f39871a53e2d99c3116a61772131d857c0570a4283195736b5f623ac823a73
Opcode Fuzzy Hash: 09ea8db837c5dceb20e3ebecef72ebf6904aef41b9e1946d8f619d53b6f579a6
Instruction Fuzzy Hash: FA01D6715042449FDB10CF19D984765FBE4DF44334F08C4AADE49CF756D279A548CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 018FA2FE Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 018FA330

Memory Dump Source

Source File: 00000003.00000002.4091202843.00000000018FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18fa000_chargeable.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: a06a06acd69a4c9efde2f2a52326d5244dc2c9af153002ea7147232b1ef13dde
Instruction ID: e0706149f42e876bce9aa62baf5bf6912931538a2fd54af1524040907ef58585
Opcode Fuzzy Hash: a06a06acd69a4c9efde2f2a52326d5244dc2c9af153002ea7147232b1ef13dde
Instruction Fuzzy Hash: D9F0AF35904244DFDB20CF09D988761FBE0EF04334F08C0AADE498F752D2B9A508CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 05DA1E30 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4094116935.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5da0000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebf2a919c0a015b01f67707af81c2fec4b906859facc3861cd0421aa849fa511
Instruction ID: 0c1f93b833b91efe1db221d6796f4bc2386d5b2f435f29075850f9dfba764cb2
Opcode Fuzzy Hash: ebf2a919c0a015b01f67707af81c2fec4b906859facc3861cd0421aa849fa511
Instruction Fuzzy Hash: 7C11BAB5908341AFD350CF19D840A5BFBE4FB88664F04896EF998D7311D231E9048FA2

Uniqueness

Uniqueness Score: -1.00%

Function 019B0814 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4091586521.00000000019B0000.00000040.00000020.00020000.00000000.sdmp, Offset: 019B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_19b0000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a39899a1c545f387bdf68e3606e56ce9060fb7e2c756d53f35e8055694c1206
Instruction ID: b241c80461cea5a34d21d57cfa8d03e44f3e78de016814e5414c6dc1e6a3ef80
Opcode Fuzzy Hash: 0a39899a1c545f387bdf68e3606e56ce9060fb7e2c756d53f35e8055694c1206
Instruction Fuzzy Hash: 0911E4302042809FD711CB14D680F96BBB5AB88708F28C9ACF54D1BB53C73BD902CA92

Uniqueness

Uniqueness Score: -1.00%

Function 0190AFBC Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4091277633.000000000190A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0190A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190a000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 515d1e043e7a5105c72ac4de588b8ff7da1d80e39708e0ebb79c040b7bdaf5a6
Instruction ID: 3eb4d4fd235a791b187ac496c4516e972c687b893304819bcc4ed58f3b72b47f
Opcode Fuzzy Hash: 515d1e043e7a5105c72ac4de588b8ff7da1d80e39708e0ebb79c040b7bdaf5a6
Instruction Fuzzy Hash: 3411FAB5908301AFD350CF09DC44E57FBE8EB88660F04892EFD5997311D231E9088FA2

Uniqueness

Uniqueness Score: -1.00%

Function 05DA1CD4 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4094116935.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5da0000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d09b9f9e9457bf33f7db85eb5a301351f4cd0f50d67bf508e734674d725352d
Instruction ID: f465b9721ee52b8356358e703bb1d0b702089d4e1799839e5bb4206226a2579a
Opcode Fuzzy Hash: 4d09b9f9e9457bf33f7db85eb5a301351f4cd0f50d67bf508e734674d725352d
Instruction Fuzzy Hash: E011FAB5908301AFD750CF09DC84E57FBE9EB88660F04892EFD5997311D231E9088FA2

Uniqueness

Uniqueness Score: -1.00%

Function 019B0802 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4091586521.00000000019B0000.00000040.00000020.00020000.00000000.sdmp, Offset: 019B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_19b0000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 150d47674b62cbc84ed0b40c7b5882434aeacdf9981805512e2f54bf15c70e1b
Instruction ID: 7bb5f8c65ded6fadfabe8955fb27e3e3020da22d615bda3addd157e78f59ffd3
Opcode Fuzzy Hash: 150d47674b62cbc84ed0b40c7b5882434aeacdf9981805512e2f54bf15c70e1b
Instruction Fuzzy Hash: ED115134108380CFC712CB10C590B55BFB1EB86304F28C5EEE4894B653C33B9906CB52

Uniqueness

Uniqueness Score: -1.00%

Function 019B05E0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4091586521.00000000019B0000.00000040.00000020.00020000.00000000.sdmp, Offset: 019B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_19b0000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf4d049f26bb40861b818c6c5c4c1a1c8b8777bb1b4590b8ffc124ed5a8bd18b
Instruction ID: a66b0c5459c6a27bb09d8ab2357f4066931a13471f787b69b9ca9df99e1c665f
Opcode Fuzzy Hash: bf4d049f26bb40861b818c6c5c4c1a1c8b8777bb1b4590b8ffc124ed5a8bd18b
Instruction Fuzzy Hash: 8001D6B550D7806FC7128B169C40862FFB8DF8612070984EFEC498B653D229B808CB72

Uniqueness

Uniqueness Score: -1.00%

Function 019B07C4 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4091586521.00000000019B0000.00000040.00000020.00020000.00000000.sdmp, Offset: 019B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_19b0000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddf984f5f2fb0c8acdcdd23d4e24727117b8fd752375a776bb4f20a1bf3b80d0
Instruction ID: 8686bb38a219d88d7ec6f05a1ce0c9d902e3551a1abba2ffc65983df847a311b
Opcode Fuzzy Hash: ddf984f5f2fb0c8acdcdd23d4e24727117b8fd752375a776bb4f20a1bf3b80d0
Instruction Fuzzy Hash: 9201443510D280CFC312CB10C590B55BFB1FF8A608F1986EAE4884B663C7379916CB92

Uniqueness

Uniqueness Score: -1.00%

Function 019B08D0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4091586521.00000000019B0000.00000040.00000020.00020000.00000000.sdmp, Offset: 019B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_19b0000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e3ffe0ab8b8bec43b0eca7ca5da45ad1ed39b609236ae5c53b800e7332b5d85
Instruction ID: 0aca2123a87bbabd079c319685c41e2c98f868307e08b4ee7f942cd839f6ff78
Opcode Fuzzy Hash: 0e3ffe0ab8b8bec43b0eca7ca5da45ad1ed39b609236ae5c53b800e7332b5d85
Instruction Fuzzy Hash: B5F06D35108644DFC702CF00C680B16FBA2FB88718F28CAADE84807B52C337D913DA82

Uniqueness

Uniqueness Score: -1.00%

Function 019B0606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4091586521.00000000019B0000.00000040.00000020.00020000.00000000.sdmp, Offset: 019B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_19b0000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6835cd28318cf8183789bac515f75eb6b271f3053b14e169443c2a1b7014124a
Instruction ID: e3d1f5c2b2fe4b91d554f346061ff54dbaff891e2740b13680d1a83f6d4cdeea
Opcode Fuzzy Hash: 6835cd28318cf8183789bac515f75eb6b271f3053b14e169443c2a1b7014124a
Instruction Fuzzy Hash: 94E092B66046004B9650DF0BEC41452F7D8EB84630718C47FDC0D8B701D635B508CAA6

Uniqueness

Uniqueness Score: -1.00%

Function 0190B00B Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4091277633.000000000190A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0190A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_190a000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d78b5c5e9545dfa139af5afbbffc9aa63f55d7a4739170acd4227e91eb34f0c4
Instruction ID: bca38740e2f8cba39d5b6a40dbdc6f98454a804c4c147183748f4d4837dc94b6
Opcode Fuzzy Hash: d78b5c5e9545dfa139af5afbbffc9aa63f55d7a4739170acd4227e91eb34f0c4
Instruction Fuzzy Hash: 78E0DFB294020467D2209F0AEC4AF62FB98DB80A31F08C56BEE091B712E172B5048AF1

Uniqueness

Uniqueness Score: -1.00%

Function 05DA1E9B Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4094116935.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5da0000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86541323568e7731387c2a93f4a32b9b252eac3485885a9ef496799e9bf074ef
Instruction ID: 4e2983cd08c1cbe46a8a054d6603b3a59cf0b50a79bfca1e0bbac6d093196071
Opcode Fuzzy Hash: 86541323568e7731387c2a93f4a32b9b252eac3485885a9ef496799e9bf074ef
Instruction Fuzzy Hash: 10E0DFB294030067D6209F0AAC4AF62FBDCDB84A31F08C46BED081B742E172B5188AF1

Uniqueness

Uniqueness Score: -1.00%

Function 05DA1747 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4094116935.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5da0000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16fc1189e6243fbe08cb341bb1e59c7a912ff3b850c1815b2983458900e35668
Instruction ID: efc85185b4a8a1e09c23a9c5fdb2bf51e7610959d99d7788bd569da4a6c61e71
Opcode Fuzzy Hash: 16fc1189e6243fbe08cb341bb1e59c7a912ff3b850c1815b2983458900e35668
Instruction Fuzzy Hash: B4E0D8B250020067D610DF0A9C46F53FB98DB90930F08C467ED095B711D172B514CAF1

Uniqueness

Uniqueness Score: -1.00%

Function 05DA1D23 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4094116935.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5da0000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6398749a10c668ee6569b51e8349f047305c337cfb6e7db7a0d5459a0b263b7
Instruction ID: e0a570fc4425d34ca64448f6f84fec70a5fdfbd14099f6fb440159d63678df30
Opcode Fuzzy Hash: c6398749a10c668ee6569b51e8349f047305c337cfb6e7db7a0d5459a0b263b7
Instruction Fuzzy Hash: 2BE0D8B250030467D6509F0A9C45F53FB98DB40931F08C567ED091B712D172B5048AF1

Uniqueness

Uniqueness Score: -1.00%

Function 018F23F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4091184303.00000000018F2000.00000040.00000800.00020000.00000000.sdmp, Offset: 018F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18f2000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d24ade8feb55b4831be50ec71e287a5fea3d032853f3284deeea1a95a4c2da8f
Instruction ID: 8e502214b65a7be582300b4ee229660258a5ff895d7c6648ff5d224eba4f44cb
Opcode Fuzzy Hash: d24ade8feb55b4831be50ec71e287a5fea3d032853f3284deeea1a95a4c2da8f
Instruction Fuzzy Hash: 59D02E392006D04FE323CA0CC2A8B853BE4BB61704F0A08FEA800CB763CBA8D680D600

Uniqueness

Uniqueness Score: -1.00%

Function 018F23BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4091184303.00000000018F2000.00000040.00000800.00020000.00000000.sdmp, Offset: 018F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_18f2000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba490dc18e35c9654c29599ff2242cc61d84f0c69ca472e958df36d1c8e787a2
Instruction ID: 52581422a6f44e582739ae8efaab14af44ef33353b61ea2f90aa267d7e911594
Opcode Fuzzy Hash: ba490dc18e35c9654c29599ff2242cc61d84f0c69ca472e958df36d1c8e787a2
Instruction Fuzzy Hash: 1DD05E742006814BD725DA0CC6D4F593BD5AB45714F0648ECAD10CB772C7A4D9C4DA00

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: chargeable.exePID: 7944, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	18.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	114
Total number of Limit Nodes:	11

Executed Functions

Function 058500D0 Relevance: 9.1, Instructions: 9145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000004.00000002.1829619182.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5850000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbf36b8fc20425db6e25f582d622e17b511af0bf60f417ff8a3b3e2a5a5da822
Instruction ID: d31e52fca111d272e72612b32bdb5d589446227f9631dc1711d84b8d65f0de14
Opcode Fuzzy Hash: dbf36b8fc20425db6e25f582d622e17b511af0bf60f417ff8a3b3e2a5a5da822
Instruction Fuzzy Hash: 43142734A00704CFD765DB34C854A9AB7B2FF8A304F5148A8D54AAB7A2DF36AE45CF41

Uniqueness

Uniqueness Score: -1.00%

Function 058598A0 Relevance: 2.7, Instructions: 2696
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000004.00000002.1829619182.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5850000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cffbfb4f72386666f5e903d54e64208c0a4e3da3eb279b01612b9626b973e73a
Instruction ID: 8729f504bf86998403bb6287357b5fc63aafe2b9615912084110e65715a85b6d
Opcode Fuzzy Hash: cffbfb4f72386666f5e903d54e64208c0a4e3da3eb279b01612b9626b973e73a
Instruction Fuzzy Hash: C53394293059328BA516BFB2E55142F7B72EB985A8714C349CE010B796CF3C6F838BD5

Uniqueness

Uniqueness Score: -1.00%

Function 0585CE20 Relevance: 1.3, Instructions: 1282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1829619182.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5850000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abf5b50a2e1d3321246fb93f289b6c9b572204e4aea862ec9394d5a6127f4365
Instruction ID: 53f7481c4d72737f5a8b2bd9ea35ea8694b7764a65945ced050184542bb5de78
Opcode Fuzzy Hash: abf5b50a2e1d3321246fb93f289b6c9b572204e4aea862ec9394d5a6127f4365
Instruction Fuzzy Hash: CBB13B75E012099FDB04CBA8D884BAEBBF2FF88324F158169E915EB391D7359D42CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0585C630 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1829619182.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5850000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b48f984055bb512a994c6c6002f9e7d800e55fe602b5d21b7d4e8a201ba8da2
Instruction ID: 5e3cfe0a35ec7e2f58e2fa3b9e134ad1af63f446234c237265fafe1971bed2c3
Opcode Fuzzy Hash: 2b48f984055bb512a994c6c6002f9e7d800e55fe602b5d21b7d4e8a201ba8da2
Instruction Fuzzy Hash: 00412232B042159BDB15CBB8C881BBFBBA3EB85324F148529DA04DF786D734AC458BD1

Uniqueness

Uniqueness Score: -1.00%

Function 0585CB00 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1829619182.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5850000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfc9de3c1d4d5524e25e80dcf4531a5c685b8983caaec286780d874948ac1cf9
Instruction ID: fbc759721b3a0a55ab7ba3a9956f3fb7289b8148d8b581aefd0e615d9dab9cde
Opcode Fuzzy Hash: cfc9de3c1d4d5524e25e80dcf4531a5c685b8983caaec286780d874948ac1cf9
Instruction Fuzzy Hash: A2319F31B0431A8BEB259A79885467E7AF3AB88264F18403EDC02EB345DF758C45CFD2

Uniqueness

Uniqueness Score: -1.00%

Function 05850007 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1829619182.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5850000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6901ba4081742b494899cc97b889737944a61f64b646a9c49e55a63b452033fd
Instruction ID: 5d33ec903c3efcf4c688db3e15c52c1d6bfb4473374b25cb90c2e30430b80d3e
Opcode Fuzzy Hash: 6901ba4081742b494899cc97b889737944a61f64b646a9c49e55a63b452033fd
Instruction Fuzzy Hash: 0301165114E7D15FC32367709C2629A7FB49F03120B0A01EBE4C4CA1A3DA8E8959C363

Uniqueness

Uniqueness Score: -1.00%

Function 05859819 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1829619182.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5850000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0fb22e7ca4178d7616f0686cdd5fb92e9864d14b811f69628da0f5db0de6950
Instruction ID: df831084dbb65849f16466bec47bb36633a05f71cd8b7eff620844829a800a8c
Opcode Fuzzy Hash: c0fb22e7ca4178d7616f0686cdd5fb92e9864d14b811f69628da0f5db0de6950
Instruction Fuzzy Hash: F7F04C3270531057DB225339AC01B2E76D69BC9B50F65013AE901DF3D1CE619C05C3C9

Uniqueness

Uniqueness Score: -1.00%

Function 05859828 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1829619182.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5850000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c792cb9fe2eb7f33446a15ea9d06e4a34c72c09b3ec82a21ede3af65febf3ffc
Instruction ID: dd0cc129c48fe4e6a08d564d740570e5133871022a6f4191eb81d8ba9562045a
Opcode Fuzzy Hash: c792cb9fe2eb7f33446a15ea9d06e4a34c72c09b3ec82a21ede3af65febf3ffc
Instruction Fuzzy Hash: C8F02B32B0421097D6605239AC02B2D72DBDBC9BA4F25013AE901EF3D4DEB69C0683D9

Uniqueness

Uniqueness Score: -1.00%

Function 058500A0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1829619182.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5850000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f471ff6fb353ffe8dc563e3294b9646bd71a59a5393ac3fff5f91b33dec09372
Instruction ID: 140dd64f1d9bcd74461a5c48df982cec623651376d2e12b0fc1bd2eb5cd72f22
Opcode Fuzzy Hash: f471ff6fb353ffe8dc563e3294b9646bd71a59a5393ac3fff5f91b33dec09372
Instruction Fuzzy Hash: D4D0A72264552087C74A32A82C144FE6BDE4BD3924701015FD805A66D2CE890D02A39E

Uniqueness

Uniqueness Score: -1.00%

Function 058500B0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1829619182.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5850000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c9d14747ed703000895475bfadd8326282b2be3a677bf2c7c73f0b0caf1917a
Instruction ID: 5359e17b6f9eec88c34839d9e4337b7e4b1eb623727716deaff76ede0de7323d
Opcode Fuzzy Hash: 9c9d14747ed703000895475bfadd8326282b2be3a677bf2c7c73f0b0caf1917a
Instruction Fuzzy Hash: D9C02B1130583443080D319C38140ED77CF49C7C20340051ED10947780CE870D0143DE

Uniqueness

Uniqueness Score: -1.00%

Function 0585C7C0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1829619182.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5850000_chargeable.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4518e4aa417148ba4cba9e0be3ff18dcf0b78091a5036742d0ef5087bd7fa547
Instruction ID: 0ae6fc1ffd8fbebf4cf45f1aeb9f0878d7cc0903106bf5bea39b75a046fe730c
Opcode Fuzzy Hash: 4518e4aa417148ba4cba9e0be3ff18dcf0b78091a5036742d0ef5087bd7fa547
Instruction Fuzzy Hash: 16B092AA80A2C05FCF6242306C486463FA096922013859AC6E491CA00BC6184A2DC3E1

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report TBYtld7aq2.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Njrat

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_dcd3242e9fa4189184df4216daa4e4c7cdf1959_85207d7d_cfe88533-e54f-4c79-b308-dc554a6df94f\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_f5b4a6202a53ee73c263cc4c99e711b13cd935ac_85207d7d_6c377d9c-479c-4e30-ab2a-7ef078d7e84d\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDC84.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDCA4.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF3C.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF9B.tmp.xml

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\TBYtld7aq2.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\chargeable.exe.log

C:\Users\user\AppData\Local\Temp\WERCCB4.tmp.WERDataCollectionStatus.txt

C:\Users\user\AppData\Local\Temp\WERFF1E.tmp.WERDataCollectionStatus.txt

C:\Users\user\AppData\Roaming\confuse\chargeable.exe

\Device\ConDrv

Windows Analysis Report
TBYtld7aq2.exe